last executing test programs: 6m11.585782669s ago: executing program 32 (id=1042): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x8031, 0xffffffffffffffff, 0x0) lsm_list_modules(0x0, &(0x7f0000003a40), 0x0) 3m47.069124269s ago: executing program 33 (id=3058): r0 = socket(0x11, 0x3, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, 0x0) 3m2.43099458s ago: executing program 34 (id=3613): r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000500)="1400000016000b63d25a80648c2594011d24fc60", 0x14}], 0x1}, 0x0) 2m48.596809487s ago: executing program 5 (id=3790): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=@bridge_newvlan={0x18, 0x76, 0x1, 0x0, 0x0, {0x7, 0x2}}, 0x18}, 0x1, 0x5502000000000000}, 0x0) 2m47.518595444s ago: executing program 5 (id=3803): r0 = socket(0x28, 0x5, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000040)) 2m47.457921109s ago: executing program 5 (id=3805): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=@newsa={0x148, 0x10, 0x713, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@local}, {@in=@rand_addr=0x6, 0x0, 0x33}, @in=@dev={0xac, 0x14, 0x14, 0x8}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'digest_null\x00'}}}, @replay_val={0x10, 0xa, {0x70bd26, 0x70bd29, 0xb}}]}, 0x148}}, 0x0) 2m47.273987371s ago: executing program 5 (id=3809): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x48080}, 0x4000) 2m32.603676191s ago: executing program 35 (id=3782): set_mempolicy(0x1, 0x0, 0x4) syz_clone(0x41000000, 0x0, 0x0, 0x0, 0x0, 0x0) 2m30.92310893s ago: executing program 36 (id=3809): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x48080}, 0x4000) 2m1.456057989s ago: executing program 0 (id=4381): r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/cgroup\x00') ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) 2m1.190187376s ago: executing program 0 (id=4386): r0 = socket$phonet(0x23, 0x2, 0x1) getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f0000000340)=""/230, &(0x7f0000000180)=0xe6) 2m0.929260802s ago: executing program 0 (id=4389): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x4d, 0xffffffffffffffff, &(0x7f00000003c0)=0x16) 2m0.63089785s ago: executing program 0 (id=4391): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f00000007c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x10000, &(0x7f0000000940)=ANY=[@ANYBLOB="6e6c733d6370313235302c6e6f626172726965722c63726561746f723dbd3c66f52c7569643d", @ANYRESHEX=0x0, @ANYBLOB=',force,umask=000000005,\x00'/38], 0x3, 0x6a4, &(0x7f0000000100)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=") mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1000, 0x0) 2m0.243040585s ago: executing program 0 (id=4395): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@ipv4_newroute={0x2c, 0x1a, 0x1, 0x0, 0x0, {0x2, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b00}, [@RTA_IP_PROTO={0x5, 0x1b, 0x1}, @RTA_UID={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x0) 1m59.219043511s ago: executing program 0 (id=4409): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8) 1m58.611422537s ago: executing program 37 (id=4409): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8) 1m31.037052508s ago: executing program 8 (id=4727): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x1000806, &(0x7f00000016c0)={[{@zero_size_dir}, {@umask={'umask', 0x3d, 0x2}}, {@gid={'gid', 0x3d, 0xee01}}, {@umask={'umask', 0x3d, 0x10000}}, {@iocharset={'iocharset', 0x3d, 'iso8859-14'}}, {}, {@errors_continue}, {}, {@sys_tz}, {@keep_last_dots}, {@uid={'uid', 0x3d, 0xee01}}, {@gid}], [{@appraise}]}, 0x9, 0x1505, &(0x7f0000000180)="$eJzs3Au4jdX2MPAx5pwvm9BKcp9jjpeVXCZJEknIJUmSJMktIUmSJCS33JKQhNyT3ENyC8n9fss9SY4kSUJCwvweHefzndPp9P2/0/mc59nj9zzz2XPstcZY411jr9u7n72/azewUp3K5WsxM/xb8K9fugJACgD0AYBrASACgOKZi2e+dHk6jV3/vRsRf66Hp1ztDsTVJPNP3WT+qZvMP3WT+aduMv/UTeafusn8UzeZvxCp2ZapOa6TlXqXnP9PzeT1P3WT+aduMv/UTeafusn8UzOW+adyMv/UTeafusn8hUjN/pTzyGkvF/svOJ/9H1h/u6uudh9/sKL/p7yr95MnhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECI1ORuuMADwt/3V7ksIIYQQQgghhBB/npD2ancghBBCCCGEEEKI/zwEMBoMRJAG0kIKpIP0cA1kgIyQCa6FBFwHmeF6yAI3QFbIBtkhB+SEXJAbLBA4YIghD+SFJNwI+eAmyA8FoCAUAg+FoQjcDEXhFigGt0JxuA1KwO1QEkrBHVAa7oQycBeUhXJQHu6GClARKkFluAeqwL1QFe6DanA/VIcHoAY8CDXhIagFD0NteATqwKNQFx6DelAfGkBDaPTP8/W/zn8JOsHL0Bm66Ev3QHd4BXpAT+gFvaEPvAp94TXoB69DfxgAA+ENGARvwmB4C4bAUBgGb8NwGAEjYRSMhjEwFt6BcfAujIf3YAJMhEkwGabAVJgG78N0mAEz4QOYBR/CbJgDc2EezIePYAEshEXwMSyGT2AJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQt8ClthG2yHHbATdsFu+Az2wOewF76AffDl/zD/zD/kt0dAQIUKDRpMg2kwBVMwPabHDJgBM2EmTGACM2NmzIJZMCtmxeyYHXNiTsyNuZGQkJExD+bBJCYxH+bD/JgfC2JB9OixCBbBongLFsNiWByLYwksgSWxFJbC0lgay2AZLItlsfztcwCwAlbCSngP3oP3YlWsitWwGlbH6lgDa2BNrIm1sBbWxtpYB+tgXayL9bAeNsAG2AgbYWNsjE2wCTbDZtgcm2MLbIEtsSW2wlbYGltjG2yDbbEttsN22B47YAd8CV/Cl/Fl7IIVVDfsjt2xB/bAXtgbe+Or2Bdfw9fwdeyPA3AgvoFv4Js4GE/jEByKw3AYllEjcCSOQlZjcCyOxXE4DsfjeJyAE3EiTsYpOBWn4TScjjNwBn6As/BD/BDn4Bych/NxPi7AhbgIF+FiPINLcCkuw+W4AlfiClyNa3A1rlN/e2huxs34KX6K23Ab7sAduAt34Wf4GX6On2N/3If7cD/uxwN4AA/iQTyEh/AwHsYjeASP4lE8hsfwOJ7Ak3gCT+EpPI1n8CyexXN4Ds/jCzm/qb2rwNr+oC4xyqg0Ko1KUSkqvUqvMqgMKpPKpBIqoTKrzCqLyqKyqqwqu8qucqqcKrfKrUiRYhWrPCqPSqqkyqfyAUBXVVAVVF55VUQVUUVVUVVMFVPF1W2qhLpdlVSlVFNfWpVWZVQzX1aVU+VVeVVBVVSVVGVVWVVRVVRVVVVVU9VUdVVd1VAPqpqqG/bCh9WlydRRA7CuGoj1VH3VQDVUb+LjqrEajE1UU9VMPamG4hBsoRr7luoZ1UqNxNbqOTUKn1dt1Rhsp15U7VUH1VG9pDqpJr6z6qImYDfVXU3GHqqn6qV6q+lYUV2aWCX1uuqvBqiB6g01D99Ug9Vbaogaqoapt9VwNUKNVKPUaDVGjVXvqHHqXTVevacmqIlqkpqspqipapp6X01XM9RM9YGapT5Us9UcNVfNU/PVR2qBWqgWqY/VYvWJWqKWqmVquVqhVqpVarVao9aqdWq92qA2qk1qs9qiPlVb1Ta1Xe1QO9UutVt9pvaoz9Ve9YXap75U+9Vf1AH1lTqovlaH1DfqsPpWHVHfqaPqe3VMdVHH1Ql1Uv2oTqmf1Gl1Rp1VP6tz6hd1Xl1QF1VQoFErrbXRkU6j0+oUnU6n19foDDqjzqSv1Ql9nc6sr9dZ9A06q86ms+scOqfOpXNrq0k7zTrWeXRendQ36nz6Jp1fF9AFdSHtdWFdRN+si+pbdDF9qy6ub9Ml9O26pC6l79Cl9Z26jL5Ll9XldHl9t66gK+pKurK+R1fR9+qq+j5dTd+vq+sHdA39oK6pH9K19MO6tn5E19GP6rr6MV1P19cNdEPdSD+uG+sndBPdVDfTT+rm+indQj+tW+pndCv9rG6tn9Nt9PO6rX5Bt9Mv6va6g+6oL+iLOujOuovuqrvp7voV3UP31L10b91Hv6r76td0P/267q8H6IH6DT1Iv6kH67f0ED1UD9Nv6+F6hB6pR+nReoweq9/R4/S7erx+T0/QE/UkPVlP0VN1r8uVZl7KN/Av89/9J/n9fr31zXqL/lRv1dv0dr1D79S79G69W+/Re/RevVfv0/v0fr1fH9AH9EF9UB/Sh/RhfVgf0Uf0UX1UH9PH9HF9Qv+sf9Sn9E/6tD6jz+if9Tl9Tp+/fB+AQaOMNsZEJo1Ja1JMOpPeXGMymIwmk7nWJMx1JrO53mQxN5isJpvJbnKYnCaXyW2sIeMMm9jkMXlN0txo8pmbTH5TwBQ0hYw3hU0Rc/Pv5UeXn+H+MP93+ls+6XJ+I9PINDaNTRPTxDQzzUxz09y0MC1MS9PStDKtTGvT2rQxbUxb09a0M+1Me9PedDQdTSfTyXRGMF1NV9PdvGJ6mJ6ml+lt+phXTV/T1/Qz/Ux/098MNAPNIDPIDDaDzRAzxAwzw8xwM9yMNCPNaDPajDVjzTgzzow3480EM8FMMpPMFDPFXHphvWSmmWlmmVlmtplt5pq5Zr6ZbxaYBWaRWWQWm8VmiVlqlprlZrlZaVaa1Wa1WWvWmvVmvdloNpolZovZYraarWa72W52mp1mt9lt9pg9Zq/Za/aZfWa/2W8OmAPmoDloDplD5rA5bI6YI+aoOWqOmWPmuDluTpqT5pQ5ZU6b0+asOWvOmXPmvDlvLpqLl972RSpSkYlMlCZKE6VEKVH6KH2UIcoQZYoyRYkoEWWOMkdZohuirFG2KHuUI8oZ5YpyRzaiyEUcxVGeKG+UjG6M8kU3RfmjAlHBqFDko8JRkejmqGh0S1QsujUqHt0WlYhuj0pGpaI7otLRnVGZ6K6obFQuKh/dHVWIKkaVosrRPVGV6N6oanRfVC26P6oePRDViB6MakYPRbWih6Pa0SNRnejRqG70WFQvqh81iBpGjf7U+iGczvaE72y72LTQzXa3r9getqftZXvbPvZV29e+ZvvZ121/O8AOtG/YQfZNO9i+ZYfYoXaYfdsOtyPsSDvKjrZj7Fj7jh1n37Xj7Xt2gp1oJ9nJdoqdaqfZ9+10O8POtB/YWfZDO9vOsXPtPDvffmQX2IV2kf3YLraf2CV2qV1ml9sVdqVdZVfbNXatXWfX2w12o91kN9st9lO71W6z2+0Ou9PusrvtZ3aP/dzutV/YffZLu9/+xR6wX9mD9mt7yH5jD9tv7RH7nT1qv7fH7A/2uD1hT9of7Sn7kz1tz9iz9md7zv5iz9sL9qINl97cX3p5J0OG0lAaSqEUSk/pKQNloEyUiRKUoMyUmbJQFspKWSk7ZaeclJNyU266hIkpD+WhJCUpH+Wj/JSfClJB8uSpCBWholSUilExKk7FqQSVuPxoAbqT7qS76C4qR+XobrqbKlJFqkyVqQpVoapUlapRNapO1akG1aCaVJNqUS2qTbWpDtWhulSX6lE9akANqBE1osbUmJpQE2pGzag5NacW1IJaUktqRa2oNbWmNtSG2lJbakftqD21p47UkTpRJ+pMnakrdaXu1J16UA/qRb2oD/WhvtSX+lE/6k/9aSANpEE0iAbTYBpCQ2kYvU3DaQSNpFE0msbQWBpL42gcjafxNIEm0CSaRFNoCk2jaTSdptNMmkmzaBbNptk0l+bSfJpPC2gBLaJFtJgW0xJaQstoGa2gFbSKVtEaWkPraB1toA20iTbRFtpCW2krbafttJN20m7aTXtoD+2lvbSP9tF+2k8H6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifpJJ2iU3SaTtNZOkvn6Bc6TxfoIgVKcelceneNy+AyukzuWvePcXaXw+V0uVxuZ11Wl+3vYnLO5XcFXEFXyHlX2BVxN/8mLulKuTtcaXenK+PucmV/E1dx97qq7j5Xzd3vKrt7/i6u7h5wNdyjrqZ7zNVy9V1t19DVcY+6uu4xV8/Vdw1cQ9fcPeVauKddS/eMa+We/U28wC10a9xat86td3vc5+6s+9kdcd+5c+4X19l1cX3cq66ve831c6+7/m7Ab+Jh7m033I1wI90oN9qN+U08yU12U9xUN82976a7Gb+J57uP3Cy3yM12c9xcN+/X+FJPi9zHbrH7xC1xS90yt9ytcCvdKrf6f/e63G10m9xmt9t95ra6bW672+F2ul2/xpeOY6/7wu1zX7rD7lt3wH3lDrqj7pD75tf40vEddd+7Y+4Hd9ydcCfdj+6U+8mddmd+Pf5Lx/6ju+AuuuCAkRVrNhxxGk7LKZyO0/M1nIEzcia+lhN8HWfm6zkL38BZORtn5xyck3NxbrZM7Jg55jycl5N8I+fjmzg/F+CCXIg9F+YifDMX5Vu4GN/Kxfk2LsG3c0kuxXdwab6Ty/BdXJbLcXm+mytwRa7ElfkersL3clW+j6vx/VydH+Aa/CDX5Ie4Fj/MtfkRrsOPcl1+jOtxfW7ADbkRP86N+Qluwk25GT/JzfkpbsFPc0t+hlvxs9yan+M2/Dy35Re4Hb/I7bkDd+SXuBO/zJ25C3flbtydX+Ee3JN7cW/uw69yX36N+/Hr3J8H8EB+gwfxmzyY3+IhPJSH8ds8nEfwSB7Fo3kMj+V3eBy/y+P5PZ7AE3kST+YpPJWn8fs8nWfwTP6AZ/GHPJvn8Fyex/P5I17AC3kRf8yL+RNewkt5GS/nFbySV/FqXsNreR2v5w28kTfxZt7Cn/JW3sbIO3gn7+Ld/Bnv4c95L3/B+/hL3s9/4QP8FR/kr/kQf8OH+Vs+wt/xUf6ej/EPfJxP8En+kU/xT3yaz/BZ/pnP8S98ni/wRQ4MMcYq1rGJozhNnDZOidPF6eNr4gxxxjhTfG2ciK+LM8fXx1niG+KscbY4e5wjzhnninPHNqbYxRzHcZ44b5yMb4zzxTfF+eMCccG4UOzjwnGR+Oa4aHxLXCy+NS4e3xaXiG+PS8al4kfvLx3fGZeJ74rLxuXi8vHdcYW4YlwprhzfE1eJ742rxvfF1eL742LxA3GN+MG4ZvxQXCt+OK4dPxLXiR+N68aPxfXi+nGDuGHcKH48bhw/ETeJm8bN4ifj5vFTcYv46bhl/EzcKn72Dy/vGneLu8evxK/EIdyn5ybnJecnP0ouSC5MLkp+nFyc/CS5JLk0uSy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ORlC5bTg0SuvvfGRT+PT+hSfzqf31/gMPqPP5K/1CX+dz+yv91n8DT6rz+az+xw+p8/lc3vryTvPPvZ5fF6f9Df6fP4mn98X8AV9Ie99YV/EN/SNfCPf2D/hm/imvpl/0j/pn/JP+af90/4Z38o/61v753wb/7xv61/wL/gXfXvfwXf0L/lO/mXf2XfxXX1X39139z18D9/L9/J9fB/f1/f1/Xw/399f8AP9QD/ID/KD/WA/xA/xw/wwP9wP9yP9SD/aj/Zj/Vg/zo/z4/14PyFlgp/kJ/kpfoqf5qf56X66n+ln+ln5Z/nZfraf6+f6+X6+X+AX+EV+kV/sF/slfolf5pf5FX6FX+VX+TV+jV/n1/kNfoPf5Df5LX6L3+q3+u1+u9/pd/rdfrff4/f4vX6v3+dDCF32nw3+gD/ov/aH/Df+sP/WH/Hf+aP+e3/M/+CP+xP+pP/Rn/I/+dP+jD/rf/bn/C/+vL/gL/rgxybeSYxLvJsYn3gvMSExMTEpMTkxJTE1MS3xfmJ6YkZiZuKDxKzEh4nZiTmJuYl5ifmJjxILEgsTixIfJxYnPkksSSxNLEssT6xIrEyEkGtrHPKEvCEZbgz5wk0hfygQCoZCwYfCoUi4ORQNt4Ri4dZQPNwWSoTbQ8lQKtwRHgv1Qv3QIDQMjcLjoXF4IjQJTUOz8GRoHp4KLcLToWV4JrQKz4bW4bnQJjwf2oYXQrvwYmgfOoSO4aXQKbwcOocuoWvoFrqHV0KP0DP8EnqHPuHV0De8FvqF10P/MCAMDG+EQeHNMDi8FYaEoWFYeDsMDyPCyDAqjA5jwtjwThgX3g3jw3thQpgYJoXJYUqYGqaF98P0MCPMDB+EWeHDMDvMCXPDvDA/fBQWhIVhUfg4LA6fhCVhaVgWlgdIWRlWhdVhTVgb1oX1YUPYGDaFzWFL+DRsDdvC9rAj7Ay7wu7wWdgTPg97wxdhX/gy7A9/CQfCV+Fg+DocCt+Ew+HbcCR8F46G78Ox8EM4Hk6EkwHDqfBTOB3OhLPh53Au/BLOhwvhovzNmhBCCCHE/xX9B5d3+yffU5cX/Pq7c4CM23Ic+seaG7L+dd9T5WyeAIBnurR7+G+rQoWuXbtevu4SDVHeOQCQuJKfBq7ES6EZPAUtoSkU/af99VQdzvG/rv8bKQCQHv6x/i2/U3/ErD+oHyXnAOTPeyUnHVyJr9Qv9jv1szX+g/rpvhoL0OT/yMkAV+Ir9YvAE/AstPy7awohhBBCCCGEEH/VU93R5o8+3176fJ7TXMlJC1fiP/p8LoQQQgghhBBCiKvv+Q4dn368ZcumbWRzFTbtMv51Cv8t/fzOJs1/Rxt/3gYvn736b+nnP70pd/nR/j/JumpPSUIIIYQQQoj/kCtv+q92J0IIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghROr1/+OfkF3tYxRCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGutv8VAAD//zmwHF0=") open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) 1m29.450265281s ago: executing program 8 (id=4748): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000940)={0x60, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0x0, 0x1}}) 1m29.236930143s ago: executing program 8 (id=4751): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000140)={0x0, @in6={{0xa, 0x0, 0x0, @mcast2}}}, &(0x7f0000000200)=0x90) 1m28.637441498s ago: executing program 8 (id=4759): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_SCRNMAP(r0, 0x4b41, &(0x7f0000001f80)) 1m28.255225611s ago: executing program 8 (id=4765): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, 0x0) 1m27.836600578s ago: executing program 8 (id=4770): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101201) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000040)={0x80, 0x6, 0x302, 0x0, 0x0, 0xff, 0x0}) 1m24.626363152s ago: executing program 6 (id=4802): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="640100001800210800000000fddbdf251d0102001e010600f802000000eb6d1c4f28cf20017a13585466a7140908a8197ba559b346ad5b29290c90d2968e731fd9e4f3388bb08a9cbd0b4da9b324178252c8c8e94b70abdddd02f39c5851b2424d3c7b2cdd337e60604e9d6ab35e5c0c0ee937c3b80c76fcbe30aadc890e828d4dc899909673d51a20f021f9d91750de2c00001dd38b27435f28bc2b61ce9475a1d973323ea21bc82580d4bcdbdd1f57227d225f0b688118eda805ad141c3dbe57b99fde6d2be5724535168ba6b684cbe75d6673119157c5af56cd26529f962e550e99f93e10bf9de9d67baf43cec0204ede44f961ef8591fd0f41fe84a05787dea0eff9ecd4581000d68da6f3352b00000000000000000000000000000081d67b1204eb0b3af09834f17e4dcd35964477270000150001000000000005010000b99001299cd5f13e02"], 0x164}}, 0x20040044) 1m24.347128168s ago: executing program 6 (id=4804): r0 = syz_open_dev$video4linux(&(0x7f0000000240), 0x0, 0x20600) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, 0x0) 1m24.218814086s ago: executing program 6 (id=4805): r0 = syz_open_procfs(0x0, &(0x7f0000000100)='auxv\x00') read$FUSE(r0, 0x0, 0x0) 1m24.056102632s ago: executing program 6 (id=4806): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0) 1m23.838078313s ago: executing program 6 (id=4807): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @empty}, 0xc) 1m23.595126909s ago: executing program 6 (id=4809): r0 = syz_open_dev$usbfs(&(0x7f0000000280), 0x77, 0x101a01) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, 0x0) 1m11.370031169s ago: executing program 38 (id=4770): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101201) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000040)={0x80, 0x6, 0x302, 0x0, 0x0, 0xff, 0x0}) 1m7.308241135s ago: executing program 39 (id=4809): r0 = syz_open_dev$usbfs(&(0x7f0000000280), 0x77, 0x101a01) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, 0x0) 29.459091824s ago: executing program 7 (id=5425): r0 = syz_open_dev$evdev(&(0x7f00000001c0), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xf773, "00207d2000002000201b14700c1e0ac74f000000001200000000000900"}) 29.077270367s ago: executing program 7 (id=5433): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) waitid(0x30000000, 0x0, 0x0, 0x4, 0x0) 28.695093494s ago: executing program 7 (id=5439): r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000080)={0x9, @output={0x0, 0x1, {0x5, 0x7fff}, 0xb81b, 0x7fffffff}}) 28.389131313s ago: executing program 7 (id=5446): r0 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$sock_ifreq(r0, 0x891e, &(0x7f0000000600)={'veth0_vlan\x00', @ifru_data=0x0}) 28.287098862s ago: executing program 7 (id=5447): unshare(0x600) bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000080)={@map=0x1, 0xffffffffffffffff, 0x2f, 0x0, 0xffffffffffffffff, @void, @value}, 0x20) 28.001174621s ago: executing program 7 (id=5453): set_mempolicy(0x1, &(0x7f0000000000)=0x1, 0x4) syz_clone(0x41000000, 0x0, 0x0, 0x0, 0x0, 0x0) 11.654076783s ago: executing program 40 (id=5453): set_mempolicy(0x1, &(0x7f0000000000)=0x1, 0x4) syz_clone(0x41000000, 0x0, 0x0, 0x0, 0x0, 0x0) 2.272772339s ago: executing program 9 (id=5804): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r0, 0x6, 0x1b, 0x0, 0x0) 2.237280408s ago: executing program 2 (id=5805): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003e40)=@newtaction={0x60, 0x30, 0xffff, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x1, 0x9, 0x4, 0x5, 0x1}, 0xf5}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0) 2.108340841s ago: executing program 3 (id=5808): r0 = openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_afonly={0x0, 0xffffffffffffffff, 0x0, 0x2, 0xffffffffffffff77}}, 0x20) 2.04567024s ago: executing program 9 (id=5809): r0 = syz_open_dev$video(&(0x7f0000000300), 0x51, 0x2) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000000)={0xd, @vbi}) 1.636353096s ago: executing program 3 (id=5810): r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x40047459, 0x0) 1.624688163s ago: executing program 1 (id=5811): r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000200)={0x3, 0x4800000, 0x3, {0x3, @sliced={0x5, [0x3, 0x7, 0x2, 0x83, 0x6, 0x83a4, 0x6, 0x5, 0xcf7, 0x3, 0xfff, 0x0, 0x6, 0x400, 0x4, 0x3, 0x0, 0x2, 0xfff1, 0xff80, 0x3, 0x53, 0x3, 0x101, 0x9, 0xa, 0x6041, 0x8, 0x9, 0x0, 0x4, 0x8, 0x8, 0x4, 0xff, 0x8, 0x40, 0x6, 0x401, 0x7, 0x1000, 0xf08, 0x2, 0x4, 0xfff, 0x4, 0xa, 0x800], 0x5773}}, 0x7e9b8b9e}) 1.505220266s ago: executing program 4 (id=5812): r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r0, 0x10d, 0xef, &(0x7f0000000040), &(0x7f0000000080)=0x4) 1.434987223s ago: executing program 9 (id=5813): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x0, 0x8400, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x2, 0x10, &(0x7f00000006c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x5a4b}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x12, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.358950544s ago: executing program 2 (id=5814): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x101401, 0x0) ioctl$BLKSECTGET(r0, 0x1267, &(0x7f00000000c0)) 1.3258206s ago: executing program 3 (id=5815): r0 = socket$rds(0x15, 0x5, 0x0) getsockopt$sock_buf(r0, 0x1, 0x37, 0xffffffffffffffff, &(0x7f0000000500)=0x5) 1.263043042s ago: executing program 1 (id=5816): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x0, {}, [{0x50, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x1}}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) 1.208984879s ago: executing program 4 (id=5817): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x900}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @sit={{0x8}, {0x4}}}, @IFLA_NUM_TX_QUEUES={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x0) 1.078078391s ago: executing program 9 (id=5818): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00') read$FUSE(r0, 0x0, 0x0) 1.044534403s ago: executing program 2 (id=5819): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SDTEFACILITIES(r0, 0x89eb, 0x0) 979.431763ms ago: executing program 3 (id=5820): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3c8, 0x0, 0x0, 0x1d0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x1d0}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28}}, {{@arp={@multicast2, @multicast1, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@link_local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'xfrm0\x00', 'pim6reg\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x418) 974.806241ms ago: executing program 1 (id=5821): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x80000001}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}}, 0x0) 905.833248ms ago: executing program 4 (id=5822): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) setsockopt$ax25_int(r0, 0x101, 0xc, &(0x7f0000000080)=0x10000, 0x4) 784.584401ms ago: executing program 2 (id=5823): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x84, 0x3, &(0x7f00000000c0)) getpgid(0xffffffffffffffff) 744.650118ms ago: executing program 9 (id=5824): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$inet6(r0, &(0x7f0000000040)="a191", 0x2, 0x890, &(0x7f0000000100)={0xa, 0x4e22, 0x5, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x5}, 0x1c) 744.168856ms ago: executing program 3 (id=5825): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_opts(r0, 0x0, 0xf, &(0x7f0000000000)='\x00', 0x1) 716.30164ms ago: executing program 5 (id=5680): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0585611, &(0x7f0000000200)={0x0, 0xd, 0x0, "6e145c0ef63b736608314ceb833d278f8739057c56b9f38df459aa6db8a9f4d6"}) 704.91553ms ago: executing program 1 (id=5826): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_access\x00', &(0x7f0000000e00)={{}, {}, [], {}, [], {0x8}}, 0x24, 0x0) 624.899501ms ago: executing program 4 (id=5827): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@newnexthop={0x30, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0x4}, @NHA_FDB={0x4}, @NHA_ID={0x8}, @NHA_OIF={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) 558.24826ms ago: executing program 3 (id=5828): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file2\x00', 0x80, &(0x7f00000001c0)=ANY=[@ANYRES16=0x0, @ANYRES64=0x0, @ANYRES8=0x0], 0x1, 0x122e, &(0x7f0000002580)="$eJzs3MFrHFUcB/BftqlZU5tErdX2oA+9eBqaHDwJEiQFyYJSG6EVhCmZ6JJxN2SWwIoYe/Lq0b9BPHpTxH8gV/8Cb7mIpxzEEXZSk60NmlqyRT+fy/zIb76Z99hl4S3v7f7rX368uVFlG/kgWlNT0dqKSAcpUrTinhdXm+ut26vLnc7KjZSuL99cfC2lNPfSD+9/+s3LPw4uvPft3Hczsbfwwf4vSz/vXd67sv/7zY+6VepWqdcfpDzd6fcH+Z2ySOvdajNL6Z2yyKsidXtVsT3W3yj7W1vDlPfWL85ubRdVlfLeMG0WwzTop8H2MOUf5t1eyrIsXZwNTnT+729Z+/qgrr+PqOvz8UTUdV0/GbMxFU/FxZiLzyPi6Xgmno1L8Vxcjufjhbgyuusshg8AAAAAAAAAAAAAAAAAAAD/Hwej0/zj5/8vHJ7/n48F5/8BAAAAAAAAAAAAAAAAAADgDLx76/bqcqezciOldkT5xc7azlpzbfrLG9GNMoq4FvPxW4xO/zea+vpbnZVraeRcROwe5nd31s6N5xdHPydwmJ8e9e7lF5t8irvlsfxMzDb5dkQUsRTzcenY89tH+aUH5tvx6ivHnp/FfL0b0Y8y1kfPPsp/tpjSm2937stfHd0HAAAA/wVZ+tPC+Pq3Wb9n2Un9Jn+K7wfuW19Px9Xpyc6diGr4yWZelsX2eNH+y18mVsw8HsM4TdH6N/GZOLHVGmt99VPEpGf6WBTtw/fyo/iHU5OfzkMUdx/J3MeLCX8wcSaOXvRJjwQAAAAAAAAAAIDT+Cf7AX+Nh95FOB0P2Fn2xmSmCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MEOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAoQIAAP//uXHE5A==") truncate(&(0x7f0000000000)='./file2\x00', 0x1) 480.503936ms ago: executing program 9 (id=5829): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./bus\x00', 0x0, &(0x7f00000008c0)={[{@dax_inode}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@abort}, {@noload}, {@noload}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV") syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) 480.398733ms ago: executing program 2 (id=5830): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x200, 0xc, 0x2}) 350.696662ms ago: executing program 4 (id=5831): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000320001002abd7000fedbdb2505000000080004"], 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x4000000) 350.325112ms ago: executing program 1 (id=5832): setresuid(0xee01, 0xee00, 0xffffffffffffffff) pivot_root(0x0, 0x0) 349.526153ms ago: executing program 5 (id=5833): pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000001c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r1, @ANYBLOB="05", @ANYRES32=r0], 0x0) 233.125272ms ago: executing program 2 (id=5834): openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x20a02) close(0x3) 166.513726ms ago: executing program 1 (id=5835): r0 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x40000000}, &(0x7f0000000100), &(0x7f0000000280)) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x22, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}]}, 0x2}, 0x1) 0s ago: executing program 4 (id=5836): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x2, 0x5, 0x4}}, 0x10) kernel console output (not intermixed with test programs): found, idVendor=0572, idProduct=cafe, bcdDevice=55.01 [ 417.674814][T17428] ntfs3(loop7): ino=21, The size of extended attributes must not exceed 64KiB [ 417.685005][ T25] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.685038][ T25] usb 9-1: Product: syz [ 417.685059][ T25] usb 9-1: Manufacturer: syz [ 417.685080][ T25] usb 9-1: SerialNumber: syz [ 417.714151][ T25] usb 9-1: config 0 descriptor?? [ 417.735443][T17413] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 418.113966][ T25] cxacru 9-1:0.0: submit of read urb for cm 0x90 failed (-8) [ 418.253470][T17467] cxacru 9-1:0.0: Direct firmware load for cxacru-fw.bin failed with error -2 [ 418.283371][T17467] cxacru 9-1:0.0: Falling back to sysfs fallback for: cxacru-fw.bin [ 418.356939][T17471] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled [ 418.362038][ T25] usb 9-1: USB disconnect, device number 4 [ 418.388525][T17191] hsr_slave_0: entered promiscuous mode [ 418.394201][ T5831] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 418.537015][T17191] hsr_slave_1: entered promiscuous mode [ 418.585812][T17191] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 418.594216][T17191] Cannot create hsr debugfs directory [ 418.829374][ T5831] usb 3-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 418.838546][ T5831] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.862522][ T5831] usb 3-1: config 0 descriptor?? [ 418.900911][ T5831] gspca_main: spca508-2.14.0 probing 8086:0110 [ 419.078256][ T9] usb 8-1: new full-speed USB device number 13 using dummy_hcd [ 419.316875][ T5849] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 419.326795][ T5849] Bluetooth: hci2: Injecting HCI hardware error event [ 419.336078][ T5853] Bluetooth: hci2: hardware error 0x00 [ 419.344959][ T5831] gspca_spca508: reg_read err -71 [ 419.352623][ T5831] gspca_spca508: reg_read err -71 [ 419.367950][ T5831] gspca_spca508: reg_read err -71 [ 419.373687][ T5831] gspca_spca508: reg_read err -71 [ 419.380836][ T9] usb 8-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 419.424767][ T5831] gspca_spca508: reg write: error -71 [ 419.430255][ T5831] spca508 3-1:0.0: probe with driver spca508 failed with error -71 [ 419.438354][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.473167][ T9] usb 8-1: config 0 descriptor?? [ 419.483284][ T5831] usb 3-1: USB disconnect, device number 4 [ 419.491994][ T29] audit: type=1326 audit(1734951650.567:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17509 comm="syz.9.4525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ebc985d29 code=0x7ffc0000 [ 419.525551][T17510] syz.9.4525 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 419.551835][ T9] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 419.631481][ T5849] Bluetooth: hci3: command tx timeout [ 419.654359][ T29] audit: type=1326 audit(1734951650.585:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17509 comm="syz.9.4525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ebc985d29 code=0x7ffc0000 [ 419.680134][ T29] audit: type=1326 audit(1734951650.594:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17509 comm="syz.9.4525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f7ebc985d29 code=0x7ffc0000 [ 419.702340][ C0] vkms_vblank_simulate: vblank timer overrun [ 419.735441][ T29] audit: type=1326 audit(1734951650.659:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17509 comm="syz.9.4525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ebc985d29 code=0x7ffc0000 [ 419.757790][ C0] vkms_vblank_simulate: vblank timer overrun [ 419.915833][T17521] netlink: 'syz.9.4526': attribute type 1 has an invalid length. [ 420.009974][T17507] loop1: detected capacity change from 0 to 32768 [ 420.020049][ T9] gp8psk: usb in 128 operation failed. [ 420.026805][ T9] gp8psk: usb in 137 operation failed. [ 420.031715][T17507] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4523 (17507) [ 420.037660][ T9] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 420.074278][T17507] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 420.110922][T17507] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 420.126807][ T9] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 420.173449][T17507] BTRFS info (device loop1): using free-space-tree [ 420.204170][ T9] usb 8-1: USB disconnect, device number 13 [ 420.631979][T17507] BTRFS info (device loop1 state M): max_inline set to 0 [ 420.726361][T17556] netlink: 'syz.9.4535': attribute type 49 has an invalid length. [ 420.828070][ T5828] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 421.034481][T17565] netlink: 'syz.7.4538': attribute type 30 has an invalid length. [ 421.548350][ T5893] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 421.791636][T17594] loop7: detected capacity change from 0 to 2048 [ 421.944212][T17594] NILFS (loop7): broken superblock, retrying with spare superblock (blocksize = 1024) [ 421.963286][ T5893] usb 3-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 421.972669][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 422.010889][ T5853] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 422.082992][ T5893] usb 3-1: Product: syz [ 422.133542][ T5893] usb 3-1: Manufacturer: syz [ 422.138197][ T5893] usb 3-1: SerialNumber: syz [ 422.144338][T17594] syz.7.4547: attempt to access beyond end of device [ 422.144338][T17594] loop7: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 422.144494][T17604] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 422.205665][ T5893] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 422.644669][ T5893] vp7045: USB control message 'in' went wrong. [ 422.651609][ T5893] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 422.680625][ T5893] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 422.723016][ T5893] usb 3-1: USB disconnect, device number 5 [ 423.157394][T17191] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 423.241980][T17191] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 423.262186][T17645] loop9: detected capacity change from 0 to 64 [ 423.274620][T17191] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 423.304179][T17645] BFS-fs: bfs_fill_super(): loop9 is unclean, continuing [ 423.316804][T17191] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 423.488490][T17649] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 423.509350][ T5843] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 423.642433][T17191] 8021q: adding VLAN 0 to HW filter on device bond0 [ 423.658969][T17191] 8021q: adding VLAN 0 to HW filter on device team0 [ 423.695478][T17191] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 423.705995][T17191] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 423.730547][ T5927] bridge0: port 1(bridge_slave_0) entered blocking state [ 423.737713][ T5927] bridge0: port 1(bridge_slave_0) entered forwarding state [ 423.819515][ T5927] bridge0: port 2(bridge_slave_1) entered blocking state [ 423.826705][ T5927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 423.837046][ T5843] usb 8-1: Using ep0 maxpacket: 8 [ 423.844837][ T5843] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 423.855174][ T5843] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 423.867993][ T5843] usb 8-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 423.891425][ T5843] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.923848][ T5843] usb 8-1: Product: syz [ 423.939081][ T5843] usb 8-1: Manufacturer: syz [ 423.958595][ T5843] usb 8-1: SerialNumber: syz [ 423.976492][ T5843] usb 8-1: config 0 descriptor?? [ 424.000284][ T5843] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 424.062038][ T5831] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 424.176891][T17191] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 424.257767][ T5831] usb 10-1: Using ep0 maxpacket: 8 [ 424.275494][ T2335] usb 8-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2 [ 424.289467][ T2335] usb 8-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw [ 424.295959][ T5831] usb 10-1: config 0 has an invalid interface number: 52 but max is 0 [ 424.321838][ T5831] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 424.332144][ T5831] usb 10-1: config 0 has no interface number 0 [ 424.338517][ T5831] usb 10-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 424.350164][ T5831] usb 10-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 424.360403][ T5831] usb 10-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 424.373462][ T5831] usb 10-1: config 0 interface 52 has no altsetting 0 [ 424.510792][ T9] usb 8-1: USB disconnect, device number 14 [ 424.517569][ T5831] usb 10-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 424.571087][ T5831] usb 10-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 424.579311][ T5831] usb 10-1: Manufacturer: syz [ 424.640057][ T5831] usb 10-1: config 0 descriptor?? [ 424.648560][T17688] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4578'. [ 424.657549][T17688] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4578'. [ 424.914158][T17191] veth0_vlan: entered promiscuous mode [ 424.931241][ T5831] synaptics_usb 10-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 424.940803][ T5831] synaptics_usb 10-1:0.52: probe with driver synaptics_usb failed with error -5 [ 424.950087][T17191] veth1_vlan: entered promiscuous mode [ 424.982379][T17697] netlink: 'syz.2.4579': attribute type 1 has an invalid length. [ 425.059444][T17191] veth0_macvtap: entered promiscuous mode [ 425.087714][T17191] veth1_macvtap: entered promiscuous mode [ 425.120948][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.147242][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.169937][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.180479][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.190536][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.202409][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.213358][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.223862][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.233781][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.244315][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.254378][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.259741][ T51] usb 10-1: USB disconnect, device number 2 [ 425.264928][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.264954][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.264977][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.264999][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.265018][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.265038][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.265057][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.346546][T17191] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 425.357032][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.367662][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.377860][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.388735][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.398963][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.409742][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.420881][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.432362][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.442273][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.452835][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.462781][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.473424][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.483366][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.493858][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.503717][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.514214][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.524041][T17191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.535576][T17191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.547672][T17191] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 425.598045][T17191] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.607009][T17191] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.615805][T17191] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.632781][T17191] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.669591][T17706] netlink: 'syz.7.4583': attribute type 1 has an invalid length. [ 425.939777][T17713] loop7: detected capacity change from 0 to 128 [ 425.975759][ T5927] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.044544][ T5927] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.148811][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.188784][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.714414][ T29] audit: type=1326 audit(1734951657.222:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17738 comm="syz.7.4592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d35785d29 code=0x7ffc0000 [ 426.736569][T17703] loop1: detected capacity change from 0 to 32768 [ 426.818822][ T29] audit: type=1326 audit(1734951657.222:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17738 comm="syz.7.4592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d35785d29 code=0x7ffc0000 [ 426.837660][T17703] ialloc: diAlloc returned -5! [ 426.900611][ T5831] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 426.923929][ T29] audit: type=1326 audit(1734951657.249:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17738 comm="syz.7.4592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7f1d35785d29 code=0x7ffc0000 [ 427.041304][ T29] audit: type=1326 audit(1734951657.249:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17738 comm="syz.7.4592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d35785d29 code=0x7ffc0000 [ 427.063583][ C0] vkms_vblank_simulate: vblank timer overrun [ 427.099604][ T5831] usb 10-1: Using ep0 maxpacket: 16 [ 427.112006][ T5831] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 427.152448][ T29] audit: type=1326 audit(1734951657.249:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17738 comm="syz.7.4592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d35785d29 code=0x7ffc0000 [ 427.179449][ T5831] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 427.238190][ T5831] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 427.285826][ T5831] usb 10-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice=4f.14 [ 427.332483][ T5831] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.369645][ T5831] usb 10-1: Product: syz [ 427.399690][ T5831] usb 10-1: Manufacturer: syz [ 427.409614][ T5831] usb 10-1: SerialNumber: syz [ 427.448657][ T5831] usb 10-1: config 0 descriptor?? [ 427.507844][T17735] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 427.517719][ T5831] mceusb 10-1:0.0: mceusb_dev_probe: device setup failed! [ 427.563842][ T5831] mceusb 10-1:0.0: probe with driver mceusb failed with error -12 [ 427.691638][T17765] netlink: 'syz.8.4602': attribute type 8 has an invalid length. [ 427.830678][ T5831] usb 10-1: USB disconnect, device number 3 [ 428.536513][T17800] netlink: 48 bytes leftover after parsing attributes in process `syz.8.4616'. [ 428.545989][T17803] loop7: detected capacity change from 0 to 512 [ 428.619086][T17803] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 428.887420][T17803] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #16: comm syz.7.4615: invalid indirect mapped block 83886080 (level 1) [ 429.001098][T17803] EXT4-fs (loop7): Remounting filesystem read-only [ 429.023394][T17803] EXT4-fs (loop7): 1 orphan inode deleted [ 429.032718][T17824] binder: 17823:17824 ioctl c00c620f 200001c0 returned -22 [ 429.051163][T17803] EXT4-fs (loop7): 1 truncate cleaned up [ 429.122393][T17803] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 429.164872][ T5831] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 429.426031][ T5831] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 429.434817][ T5831] usb 2-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 429.463334][T13528] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 429.471534][ T5831] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 429.500015][ T5831] usb 2-1: config 1 has no interface number 1 [ 429.511431][ T5831] usb 2-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 429.542117][ T5831] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 429.633578][ T5831] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 429.663671][ T5831] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 429.671696][ T5831] usb 2-1: Product: syz [ 429.706135][ T5831] usb 2-1: Manufacturer: syz [ 429.735803][ T5831] usb 2-1: SerialNumber: syz [ 429.775804][T17854] loop9: detected capacity change from 0 to 256 [ 429.888553][T17854] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 430.030247][ T5831] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor [ 430.078841][ T5831] usb 2-1: 2:1 : invalid channels 0 [ 430.175680][ T5831] usb 2-1: USB disconnect, device number 9 [ 430.520387][T13546] udevd[13546]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 430.945547][T17900] netlink: 12 bytes leftover after parsing attributes in process `syz.8.4649'. [ 431.083095][T17876] loop6: detected capacity change from 0 to 32768 [ 431.417380][T17876] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 431.526894][T17876] bcachefs (loop6): initializing new filesystem [ 431.542187][T17876] bcachefs (loop6): going read-write [ 431.597218][T17876] bcachefs (loop6): marking superblocks [ 431.815589][T17876] bcachefs (loop6): initializing freespace [ 431.864404][T17876] bcachefs (loop6): done initializing freespace [ 431.900004][T17876] bcachefs (loop6): reading snapshots table [ 431.917087][T17876] bcachefs (loop6): reading snapshots done [ 432.245068][T17876] bcachefs (loop6): done starting filesystem [ 432.510739][T17876] syz.6.4639 (17876) used greatest stack depth: 14000 bytes left [ 432.642355][T17968] loop8: detected capacity change from 0 to 2048 [ 432.676294][T17191] bcachefs (loop6): shutting down [ 432.681405][T17191] bcachefs (loop6): going read-only [ 432.729712][T17191] bcachefs (loop6): finished waiting for writes to stop [ 432.758800][T17191] bcachefs (loop6): flushing journal and stopping allocators, journal seq 3 [ 432.989330][T17191] bcachefs (loop6): flushing journal and stopping allocators complete, journal seq 7 [ 433.059138][T17191] bcachefs (loop6): shutdown complete, journal seq 8 [ 433.085802][T17191] bcachefs (loop6): marking filesystem clean [ 433.129201][T17982] xt_connbytes: Forcing CT accounting to be enabled [ 433.147250][T17982] xt_bpf: check failed: parse error [ 433.188390][T17191] bcachefs (loop6): shutdown complete [ 433.440319][T17994] loop1: detected capacity change from 0 to 764 [ 433.532140][T18000] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4683'. [ 433.541152][T18000] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4683'. [ 434.153885][T18028] loop1: detected capacity change from 0 to 8 [ 434.446429][T18036] xt_policy: output policy not valid in PREROUTING and INPUT [ 435.565641][T18083] loop2: detected capacity change from 0 to 512 [ 435.603844][T18079] loop7: detected capacity change from 0 to 4096 [ 435.632976][T18079] ntfs3(loop7): Different NTFS sector size (1024) and media sector size (512). [ 435.690815][T18083] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 435.703960][ T5853] Bluetooth: hci1: command 0x041b tx timeout [ 435.732471][T18083] ext4 filesystem being mounted at /91/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 435.874058][T18083] Quota error (device loop2): do_check_range: Getting block 835 out of range 1-5 [ 435.928313][T18083] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 435.977562][T18083] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.4716: Failed to acquire dquot type 0 [ 436.074001][T18067] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 436.188554][T17240] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 436.211149][T16039] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 436.284615][T18106] xt_CT: You must specify a L4 protocol and not use inversions on it [ 436.391290][T17240] usb 10-1: Using ep0 maxpacket: 16 [ 436.393215][T18112] loop8: detected capacity change from 0 to 1024 [ 436.464023][T17240] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x69, changing to 0x9 [ 436.521482][T18112] hfsplus: xattr search failed [ 436.523572][T17240] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 436.591772][T17240] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 436.650545][T17240] usb 10-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a [ 436.660721][T17240] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.701043][T17240] usb 10-1: Product: syz [ 436.713753][T17240] usb 10-1: Manufacturer: syz [ 436.727100][T17240] usb 10-1: SerialNumber: syz [ 436.774624][T17240] usb 10-1: config 0 descriptor?? [ 436.809992][T17240] pegasus_notetaker 10-1:0.0: probe with driver pegasus_notetaker failed with error -22 [ 437.026772][T18108] loop1: detected capacity change from 0 to 32768 [ 437.138238][ T967] usb 10-1: USB disconnect, device number 4 [ 437.214885][T18128] netlink: 224 bytes leftover after parsing attributes in process `syz.6.4673'. [ 437.400520][T18131] loop8: detected capacity change from 0 to 256 [ 437.444969][ T5849] Bluetooth: hci0: command 0x0406 tx timeout [ 437.900438][T18151] loop6: detected capacity change from 0 to 1024 [ 438.050435][T18131] exFAT-fs (loop8): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 438.066592][T18162] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4741'. [ 438.119186][ T52] hfsplus: b-tree write err: -5, ino 4 [ 438.157705][ T29] audit: type=1800 audit(1734951667.799:96): pid=18131 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4727" name="bus" dev="loop8" ino=1048703 res=0 errno=0 [ 438.288748][T18167] loop6: detected capacity change from 0 to 16 [ 438.308100][T18167] erofs (device loop6): mounted with root inode @ nid 36. [ 438.435273][T18171] loop9: detected capacity change from 0 to 2048 [ 438.644866][T18171] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 439.025884][T18186] loop1: detected capacity change from 0 to 32768 [ 439.596468][T18186] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 439.674240][T18186] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 439.682400][T18186] bcachefs (loop1): Version upgrade required: [ 439.682400][T18186] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 439.682400][T18186] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 439.682400][T18186] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 439.789385][T18186] bcachefs (loop1): dropping and reconstructing all alloc info [ 440.004491][T18186] bcachefs (loop1): check_topology... done [ 440.032429][T18186] bcachefs (loop1): accounting_read... done [ 440.098042][T18186] bcachefs (loop1): alloc_read... done [ 440.119008][T18186] bcachefs (loop1): stripes_read... done [ 440.125378][T18186] bcachefs (loop1): snapshots_read... done [ 440.159974][T18215] loop9: detected capacity change from 0 to 32768 [ 440.160668][T18186] bcachefs (loop1): check_allocations... [ 440.265708][T18244] netlink: 'syz.6.4769': attribute type 8 has an invalid length. [ 440.288435][T18244] netlink: 224 bytes leftover after parsing attributes in process `syz.6.4769'. [ 440.334696][T18186] done [ 440.354526][T18186] bcachefs (loop1): going read-write [ 440.359149][T18215] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 440.439161][ T51] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 440.512911][T18186] bcachefs (loop1): done starting filesystem [ 440.580440][T18267] loop6: detected capacity change from 0 to 1024 [ 440.668940][T18215] XFS (loop9): Ending clean mount [ 440.674564][T18267] hfsplus: filesystem is marked journaled, leaving read-only. [ 440.738184][ T51] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 440.748506][ T51] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 440.759529][ T5828] bcachefs (loop1): shutting down [ 440.764596][ T5828] bcachefs (loop1): going read-only [ 440.772383][ T5828] bcachefs (loop1): finished waiting for writes to stop [ 440.779630][ T51] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 440.799735][ T5828] bcachefs (loop1): flushing journal and stopping allocators, journal seq 11 [ 440.828953][ T51] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 440.840346][ T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 440.869359][ T51] usb 3-1: Product: syz [ 440.873645][ T51] usb 3-1: Manufacturer: syz [ 440.879381][ T51] usb 3-1: SerialNumber: syz [ 440.885577][ T5828] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 12 [ 441.005534][ T5828] bcachefs (loop1): unshutdown complete, journal seq 13 [ 441.036371][ T5828] bcachefs (loop1): done going read-only, filesystem not clean [ 441.061901][T15987] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 441.175867][ T5828] bcachefs (loop1): shutdown complete [ 441.485284][ T51] usb 3-1: 0:2 : does not exist [ 441.564206][ T51] usb 3-1: USB disconnect, device number 6 [ 441.731388][T18298] loop6: detected capacity change from 0 to 8 [ 441.890713][T18298] SQUASHFS error: Failed to read block 0x730: -5 [ 441.902847][T13546] udevd[13546]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 441.921491][T18298] SQUASHFS error: Unable to read metadata cache entry [72e] [ 443.281552][T18361] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4802'. [ 443.737267][ T51] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 443.766528][T18346] loop2: detected capacity change from 0 to 32768 [ 443.871574][T18346] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4797 (18346) [ 443.913879][ T51] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 443.925529][ T51] usb 10-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 443.957025][ T51] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.094853][ T51] usb 10-1: config 0 descriptor?? [ 444.100175][T18346] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 444.128939][T18346] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 444.148988][T18346] BTRFS info (device loop2): using free-space-tree [ 444.336726][ T51] ath6kl: Failed to submit usb control message: -71 [ 444.354328][ T51] ath6kl: unable to send the bmi data to the device: -71 [ 444.405381][ T51] ath6kl: Unable to send get target info: -71 [ 444.421302][T18402] netlink: 'syz.1.4811': attribute type 3 has an invalid length. [ 444.469567][ T51] ath6kl: Failed to init ath6kl core: -71 [ 444.527338][ T51] ath6kl_usb 10-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 444.627500][ T51] usb 10-1: USB disconnect, device number 5 [ 444.755749][T16039] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 445.376973][T18443] ubi0: attaching mtd0 [ 445.404698][T18443] ubi0: scanning is finished [ 445.428964][T18443] ubi0: empty MTD device detected [ 445.604211][T18447] loop7: detected capacity change from 0 to 1024 [ 445.711541][T18447] hfsplus: xattr searching failed [ 445.743075][T18443] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 445.790225][T18443] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 445.808834][T18443] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 445.843958][T18443] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 445.865866][T18443] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 445.882437][T18443] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 445.903783][T18443] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 295627981 [ 445.990731][T18443] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 446.002859][T18453] ubi0: background thread "ubi_bgt0d" started, PID 18453 [ 446.212456][T18468] xt_limit: Overflow, try lower: 65536/2147483648 [ 446.755570][T18491] loop7: detected capacity change from 0 to 47 [ 447.262147][T18511] IPv6: sit1: Disabled Multicast RS [ 447.736200][T18536] binder: 18535:18536 ioctl c00c6211 9999999999999999 returned -14 [ 448.124006][T18555] loop1: detected capacity change from 0 to 16 [ 448.143312][T18555] erofs (device loop1): mounted with root inode @ nid 36. [ 448.677501][T18577] netlink: 'syz.1.4864': attribute type 1 has an invalid length. [ 448.688059][T18573] loop9: detected capacity change from 0 to 512 [ 448.807808][T18573] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 448.861603][T18573] ext4 filesystem being mounted at /150/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 449.015638][T15987] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 449.166083][T18598] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4870'. [ 449.401833][T18607] netlink: 456 bytes leftover after parsing attributes in process `syz.1.4874'. [ 449.811303][T18628] netlink: 'syz.1.4881': attribute type 11 has an invalid length. [ 450.011296][T18633] infiniband syz2: set down [ 450.016255][T18633] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 450.050804][T17240] lo speed is unknown, defaulting to 1000 [ 450.058519][T17240] lo speed is unknown, defaulting to 1000 [ 450.231988][T18645] loop1: detected capacity change from 0 to 512 [ 450.238589][ T967] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 450.395669][T18645] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 450.449319][ T967] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 450.464903][ T967] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 450.475593][T18645] ext4 filesystem being mounted at /846/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 450.504891][ T967] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.561540][ T967] usb 3-1: config 0 descriptor?? [ 450.575140][T18645] EXT4-fs error (device loop1): ext4_xattr_block_get:596: inode #15: comm syz.1.4887: corrupted xattr block 33: bad e_name length [ 450.599491][ T967] pwc: Askey VC010 type 2 USB webcam detected. [ 450.694264][ T5849] Bluetooth: hci3: command 0x0405 tx timeout [ 450.782611][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 450.818196][ T967] pwc: send_video_command error -71 [ 450.870066][ T967] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 450.886217][ T967] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71 [ 450.927263][ T967] usb 3-1: USB disconnect, device number 7 [ 451.923925][T18685] loop1: detected capacity change from 0 to 32768 [ 451.963331][T18685] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4897 (18685) [ 452.022709][T18685] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 452.064386][T18685] BTRFS info (device loop1): using sha256 (sha256-ni) checksum algorithm [ 452.090197][T18685] BTRFS info (device loop1): using free-space-tree [ 452.474163][ T5828] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 453.122965][T18763] netlink: 'syz.9.4913': attribute type 1 has an invalid length. [ 453.168138][T18763] netlink: 'syz.9.4913': attribute type 2 has an invalid length. [ 454.714132][T18792] loop2: detected capacity change from 0 to 32768 [ 454.757770][T18792] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4923 (18792) [ 454.869819][T18829] netlink: 'syz.1.4936': attribute type 2 has an invalid length. [ 454.957876][T18792] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 454.982749][T18792] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 454.991218][T18792] BTRFS info (device loop2): using free-space-tree [ 455.522833][T18822] loop7: detected capacity change from 0 to 40427 [ 455.539739][T18822] F2FS-fs (loop7): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 455.593798][T18822] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 455.650471][T18822] F2FS-fs (loop7): build fault injection attr: rate: 27486, type: 0x1fffff [ 455.704027][T18822] F2FS-fs (loop7): invalid crc value [ 455.725251][T16039] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 455.781984][T18822] F2FS-fs (loop7): Found nat_bits in checkpoint [ 455.859050][T18877] loop9: detected capacity change from 0 to 1764 [ 455.918550][T18822] F2FS-fs (loop7): Try to recover 1th superblock, ret: -30 [ 455.927240][T18822] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4 [ 457.121189][T18911] loop9: detected capacity change from 0 to 1764 [ 457.263057][T18920] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4959'. [ 457.622497][T18923] loop1: detected capacity change from 0 to 32768 [ 457.650724][ T5853] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 457.660615][ T5853] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 457.668404][ T5853] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 457.677834][ T5853] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 457.685602][ T5853] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 457.695341][ T5853] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 457.739088][T18927] lo speed is unknown, defaulting to 1000 [ 457.979880][T18923] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 458.000849][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.047366][T18923] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 458.055732][T18923] bcachefs (loop1): Version upgrade required: [ 458.055732][T18923] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 458.055732][T18923] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 458.055732][T18923] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 458.270894][T18959] overlayfs: unescaped trailing colons in lowerdir mount option. [ 458.286581][T18923] bcachefs (loop1): dropping and reconstructing all alloc info [ 458.471670][T18923] bcachefs (loop1): check_topology... done [ 458.498370][ T29] audit: type=1326 audit(1734951686.564:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18960 comm="syz.9.4970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ebc985d29 code=0x7ffc0000 [ 458.528400][T18923] bcachefs (loop1): accounting_read... done [ 458.548547][T18923] bcachefs (loop1): alloc_read... done [ 458.554093][T18923] bcachefs (loop1): stripes_read... done [ 458.568968][T18923] bcachefs (loop1): snapshots_read... done [ 458.575194][T18923] bcachefs (loop1): check_allocations... [ 458.603086][ T29] audit: type=1326 audit(1734951686.564:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18960 comm="syz.9.4970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ebc985d29 code=0x7ffc0000 [ 458.646438][ T29] audit: type=1326 audit(1734951686.610:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18960 comm="syz.9.4970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f7ebc985d29 code=0x7ffc0000 [ 458.668601][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.674882][ T29] audit: type=1326 audit(1734951686.610:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18960 comm="syz.9.4970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ebc985d29 code=0x7ffc0000 [ 458.698669][ T29] audit: type=1326 audit(1734951686.610:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18960 comm="syz.9.4970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ebc985d29 code=0x7ffc0000 [ 458.721906][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.741075][T18927] chnl_net:caif_netlink_parms(): no params data found [ 458.781230][T18923] done [ 458.799956][T18923] bcachefs (loop1): going read-write [ 458.866197][T18923] bcachefs (loop1): done starting filesystem [ 458.971187][T18927] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.978360][T18927] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.995288][T18927] bridge_slave_0: entered allmulticast mode [ 459.017136][T18927] bridge_slave_0: entered promiscuous mode [ 459.034957][ T5932] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 459.082074][T18927] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.139441][T18927] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.175886][T18927] bridge_slave_1: entered allmulticast mode [ 459.198781][ T5932] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 459.212904][T18927] bridge_slave_1: entered promiscuous mode [ 459.233039][ T5932] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 459.245766][ T5828] bcachefs (loop1): shutting down [ 459.254820][ T5828] bcachefs (loop1): going read-only [ 459.255857][ T5932] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 459.260034][ T5828] bcachefs (loop1): finished waiting for writes to stop [ 459.280076][ T5932] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 459.294861][ T5932] usb 3-1: SerialNumber: syz [ 459.375890][ T5828] bcachefs (loop1): flushing journal and stopping allocators, journal seq 11 [ 459.391278][T18927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 459.435989][ T5828] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 11 [ 459.506781][ T5828] bcachefs (loop1): unshutdown complete, journal seq 12 [ 459.515847][ T5828] bcachefs (loop1): done going read-only, filesystem not clean [ 459.524006][T18927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 459.607653][T18999] loop7: detected capacity change from 0 to 256 [ 459.620287][ T5828] bcachefs (loop1): shutdown complete [ 459.621511][ T5932] usb 3-1: 0:2 : does not exist [ 459.658698][ T5932] usb 3-1: USB disconnect, device number 8 [ 459.826940][T18973] loop9: detected capacity change from 0 to 32768 [ 459.864001][T18927] team0: Port device team_slave_0 added [ 459.895932][T18973] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode. [ 459.899061][T18927] team0: Port device team_slave_1 added [ 459.910200][T13546] udevd[13546]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 459.950114][T18973] ocfs2: Unmounting device (7,9) on (node local) [ 459.981098][ T5849] Bluetooth: hci8: command tx timeout [ 460.004480][T18927] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 460.039343][T18927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.118172][T18927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 460.143123][T18927] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 460.150114][T18927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.204831][T18927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 460.371484][T18927] hsr_slave_0: entered promiscuous mode [ 460.398210][T18927] hsr_slave_1: entered promiscuous mode [ 460.435748][T18927] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 460.452213][T18927] Cannot create hsr debugfs directory [ 460.649207][ T51] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 460.813072][ T51] usb 3-1: config 0 has an invalid interface number: 116 but max is 0 [ 460.854910][ T51] usb 3-1: config 0 has no interface number 0 [ 460.861048][ T51] usb 3-1: config 0 interface 116 altsetting 162 bulk endpoint 0x8 has invalid maxpacket 1024 [ 460.916834][ T51] usb 3-1: config 0 interface 116 has no altsetting 0 [ 460.952415][ T51] usb 3-1: New USB device found, idVendor=0bfd, idProduct=010a, bcdDevice=b4.98 [ 460.961578][ T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.091795][ T51] usb 3-1: config 0 descriptor?? [ 461.121314][T19009] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 461.143745][ T51] kvaser_usb 3-1:0.116: error -ENODEV: Cannot get usb endpoint(s) [ 461.158732][ T5853] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 461.169688][ T5853] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 461.186179][ T5853] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 461.198949][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 461.207826][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 461.219669][ T5853] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 461.230449][ T5853] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 461.237782][ T5853] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 461.381050][T19036] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4992'. [ 461.387452][T18927] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.400211][ T51] usb 3-1: USB disconnect, device number 9 [ 461.458700][T19032] veth3: entered promiscuous mode [ 461.561336][T19029] lo speed is unknown, defaulting to 1000 [ 461.673969][T19046] Cannot find add_set index 1026 as target [ 461.704622][T18927] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.215898][T18927] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.227145][ T5853] Bluetooth: hci8: command tx timeout [ 462.631171][T19065] loop2: detected capacity change from 0 to 32768 [ 462.824449][T19065] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 462.841615][T18927] netdevsim netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.144484][T19029] chnl_net:caif_netlink_parms(): no params data found [ 463.323290][T19065] XFS (loop2): Ending clean mount [ 463.337540][T19065] XFS (loop2): Quotacheck needed: Please wait. [ 463.397981][T19065] XFS (loop2): Quotacheck: Done. [ 463.520232][ T5853] Bluetooth: hci9: command tx timeout [ 463.567056][T19074] loop9: detected capacity change from 0 to 32768 [ 463.577064][T19074] (syz.9.5002,19074,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 463.700553][T19074] (syz.9.5002,19074,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 463.713913][T19110] QAT: Invalid ioctl 21531 [ 463.747534][T19074] JBD2: Ignoring recovery information on journal [ 463.795333][T18927] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 463.813752][T16039] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 463.869375][T19029] bridge0: port 1(bridge_slave_0) entered blocking state [ 463.877280][T19029] bridge0: port 1(bridge_slave_0) entered disabled state [ 463.884596][T19029] bridge_slave_0: entered allmulticast mode [ 463.892591][T19029] bridge_slave_0: entered promiscuous mode [ 463.909953][T18927] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 463.950711][T18927] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 464.141344][T19074] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode. [ 464.172405][T19029] bridge0: port 2(bridge_slave_1) entered blocking state [ 464.180046][T19029] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.199778][T19029] bridge_slave_1: entered allmulticast mode [ 464.215308][T19029] bridge_slave_1: entered promiscuous mode [ 464.287370][T18927] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 464.307671][T19125] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5012'. [ 464.469422][T19133] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5015'. [ 464.521930][ T5853] Bluetooth: hci8: command tx timeout [ 464.575606][T15987] ocfs2: Unmounting device (7,9) on (node local) [ 464.631307][T19136] loop1: detected capacity change from 0 to 256 [ 464.929950][T18927] 8021q: adding VLAN 0 to HW filter on device bond0 [ 464.947117][T19029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 464.972405][T19136] FAT-fs (loop1): Directory bread(block 64) failed [ 464.979064][T19136] FAT-fs (loop1): Directory bread(block 65) failed [ 464.985757][T19029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 464.986357][T19136] FAT-fs (loop1): Directory bread(block 66) failed [ 465.021313][T19136] FAT-fs (loop1): Directory bread(block 67) failed [ 465.023748][T18927] 8021q: adding VLAN 0 to HW filter on device team0 [ 465.083602][T19136] FAT-fs (loop1): Directory bread(block 68) failed [ 465.090195][T19136] FAT-fs (loop1): Directory bread(block 69) failed [ 465.105414][T19136] FAT-fs (loop1): Directory bread(block 70) failed [ 465.112205][T19136] FAT-fs (loop1): Directory bread(block 71) failed [ 465.119678][T19136] FAT-fs (loop1): Directory bread(block 72) failed [ 465.128137][T19136] FAT-fs (loop1): Directory bread(block 73) failed [ 465.210011][T19154] loop9: detected capacity change from 0 to 1024 [ 465.274491][T19153] xt_l2tp: invalid flags combination: 4 [ 465.297867][T19029] team0: Port device team_slave_0 added [ 465.428858][ T8593] hfsplus: b-tree write err: -5, ino 4 [ 465.536639][ T1082] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.543783][ T1082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 465.600045][ T1082] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.607239][ T1082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 465.673582][T19029] team0: Port device team_slave_1 added [ 465.778519][ T5853] Bluetooth: hci9: command tx timeout [ 466.090374][T19029] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 466.109475][T19029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 466.202771][T19189] loop2: detected capacity change from 0 to 512 [ 466.232462][T19029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 466.316980][T19189] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 466.347338][T19029] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 466.364852][T19189] ext4 filesystem being mounted at /150/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 466.388121][T19029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 466.413386][T19189] EXT4-fs error (device loop2): ext4_xattr_block_list:768: inode #15: comm syz.2.5030: corrupted xattr block 33: e_value out of bounds [ 466.414427][T19029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 466.506057][T16039] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 466.565830][T19029] hsr_slave_0: entered promiscuous mode [ 466.585291][T19029] hsr_slave_1: entered promiscuous mode [ 466.598198][T19029] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 466.606030][T19029] Cannot create hsr debugfs directory [ 466.657650][T19196] netlink: 'syz.9.5038': attribute type 12 has an invalid length. [ 466.729883][ T5853] Bluetooth: hci8: command tx timeout [ 467.390251][T19029] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.487562][T18927] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 467.491885][T19233] loop7: detected capacity change from 0 to 64 [ 467.536965][T19236] libceph: resolve '0' (ret=-3): failed [ 467.583859][ T5843] usb 10-1: new full-speed USB device number 6 using dummy_hcd [ 467.699039][T19029] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.768774][ T5843] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDF, changing to 0x8F [ 467.787861][ T5843] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 467.821895][ T5843] usb 10-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1 [ 467.827740][T18927] veth0_vlan: entered promiscuous mode [ 467.837294][ T5843] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.888091][ T5843] usb 10-1: Product: syz [ 467.911775][ T5843] usb 10-1: Manufacturer: syz [ 467.951342][ T5843] usb 10-1: SerialNumber: syz [ 467.976492][ T5843] usb 10-1: config 0 descriptor?? [ 468.004926][T19029] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.027306][ T5849] Bluetooth: hci9: command tx timeout [ 468.061702][T18927] veth1_vlan: entered promiscuous mode [ 468.214923][ T5843] input: Griffin PowerMate as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/input/input20 [ 468.267562][T19029] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.291003][ C1] powermate: config urb returned -71 [ 468.296649][ C1] powermate: config urb returned -71 [ 468.302180][ C1] powermate: config urb returned -71 [ 468.307591][ C1] powermate: config urb returned -71 [ 468.316413][ T5843] usb 10-1: USB disconnect, device number 6 [ 468.322412][ C1] powermate 10-1:0.0: powermate_irq - usb_submit_urb failed with result: -19 [ 468.333342][T19257] netlink: 'syz.7.5057': attribute type 27 has an invalid length. [ 468.382843][T19257] netlink: 'syz.7.5057': attribute type 3 has an invalid length. [ 468.411804][T19257] netlink: 132 bytes leftover after parsing attributes in process `syz.7.5057'. [ 468.431367][T18927] veth0_macvtap: entered promiscuous mode [ 468.463105][T18927] veth1_macvtap: entered promiscuous mode [ 468.552312][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.566169][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.577378][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.596461][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.612158][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.624091][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.634323][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.644919][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.654747][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.665256][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.675847][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.689685][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.699610][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.710233][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.720069][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.734555][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.744783][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.755327][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.765230][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.775712][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.786995][T18927] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 468.823721][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.834264][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.844181][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.854678][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.864536][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.875418][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.893856][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.905478][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.916688][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.937225][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.947058][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.980717][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.990575][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.060058][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.081688][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.103838][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.121481][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.143110][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.177270][T18927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.204436][T18927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.234611][T18927] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 469.272296][T18927] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.300968][T18927] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.328169][T18927] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.359709][T18927] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.423922][T19252] loop1: detected capacity change from 0 to 32768 [ 469.561838][ T29] audit: type=1326 audit(1734951696.781:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19277 comm="syz.7.5067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d35785d29 code=0x7ffc0000 [ 469.632531][ T29] audit: type=1326 audit(1734951696.809:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19277 comm="syz.7.5067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d35785d29 code=0x7ffc0000 [ 469.750443][ T29] audit: type=1326 audit(1734951696.818:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19277 comm="syz.7.5067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f1d35785d29 code=0x7ffc0000 [ 469.807139][ T1082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 469.841244][T19029] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 469.848594][ T1082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.879278][T19029] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 469.890076][ T29] audit: type=1326 audit(1734951696.818:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19277 comm="syz.7.5067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d35785d29 code=0x7ffc0000 [ 469.988593][ T29] audit: type=1326 audit(1734951696.818:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19277 comm="syz.7.5067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d35785d29 code=0x7ffc0000 [ 470.016495][T19029] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 470.122857][T19029] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 470.266206][T19300] loop1: detected capacity change from 0 to 256 [ 470.281013][ T5849] Bluetooth: hci9: command tx timeout [ 470.317983][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 470.331847][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 470.544553][T19300] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f50, chksum : 0xa6aae999, utbl_chksum : 0xe619d30d) [ 470.643950][T19307] loop9: detected capacity change from 0 to 32768 [ 470.671863][T19029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 470.689875][T19029] 8021q: adding VLAN 0 to HW filter on device team0 [ 470.732816][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.739972][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 470.751515][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.758659][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 470.933067][T19307] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 471.020054][T19029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 471.294862][T19339] loop7: detected capacity change from 0 to 256 [ 471.665174][T19353] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5090'. [ 471.674396][T19353] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5090'. [ 471.813110][T19358] loop3: detected capacity change from 0 to 256 [ 471.955085][T19307] XFS (loop9): Ending clean mount [ 471.964046][T19307] XFS (loop9): Quotacheck needed: Please wait. [ 472.002508][T19307] XFS (loop9): Quotacheck: Done. [ 472.112290][T19369] netlink: 'syz.2.5094': attribute type 1 has an invalid length. [ 472.210701][T19029] veth0_vlan: entered promiscuous mode [ 472.284061][T19029] veth1_vlan: entered promiscuous mode [ 472.308673][T15987] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 472.369841][T19029] veth0_macvtap: entered promiscuous mode [ 472.414102][T19029] veth1_macvtap: entered promiscuous mode [ 472.551969][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 472.677131][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.687441][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 472.698054][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.708027][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 472.718668][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.728664][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 472.739183][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.749596][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 472.760711][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.770660][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 472.781364][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.792388][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 472.804149][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.814048][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 472.824557][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.834402][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 472.845006][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.854898][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 472.865376][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.875291][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 472.885865][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.898995][T19029] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 472.937369][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 472.979946][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.005724][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 473.055114][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.065349][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 473.067976][T19387] netlink: 'syz.2.5102': attribute type 10 has an invalid length. [ 473.075808][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.093521][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 473.104046][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.114106][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 473.125745][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.136773][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 473.147343][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.157221][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 473.167692][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.177600][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 473.188213][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.198093][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 473.208699][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.218568][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 473.229177][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.240199][T19029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 473.251808][T19029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 473.263979][T19029] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 473.277156][T19029] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 473.285956][T19029] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 473.294710][T19029] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 473.303535][T19029] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 473.349299][T19387] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 473.411803][ T5932] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 473.419227][T19392] loop9: detected capacity change from 0 to 256 [ 473.609990][ T5932] usb 2-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice=80.99 [ 473.652080][ T5932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 473.660110][ T5932] usb 2-1: Product: syz [ 473.660134][ T5932] usb 2-1: Manufacturer: syz [ 473.660155][ T5932] usb 2-1: SerialNumber: syz [ 473.692239][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 473.706522][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 473.707084][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 473.740737][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 473.751909][ T5932] usb 2-1: config 0 descriptor?? [ 474.063072][ T5932] usb 2-1: USB disconnect, device number 10 [ 474.128828][T19405] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4985'. [ 474.280030][T19410] loop3: detected capacity change from 0 to 64 [ 474.343848][T19413] netlink: 'syz.2.5108': attribute type 1 has an invalid length. [ 474.460332][T19417] netlink: 'syz.4.5110': attribute type 4 has an invalid length. [ 474.468356][T19417] netlink: 152 bytes leftover after parsing attributes in process `syz.4.5110'. [ 474.502834][T19417] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 474.555553][T19421] netlink: 72 bytes leftover after parsing attributes in process `syz.2.5113'. [ 474.882848][T19433] loop9: detected capacity change from 0 to 256 [ 474.911363][T19433] exfat: Deprecated parameter 'utf8' [ 475.056872][T19435] loop2: detected capacity change from 0 to 1024 [ 475.165352][T19433] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 475.512356][T19435] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 475.589988][T19435] ext4 filesystem being mounted at /176/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 475.606394][T19435] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.5116: corrupted xattr block 128: overlapping e_value [ 475.944240][T19477] IPVS: set_ctl: invalid protocol: 135 172.20.20.30:20000 [ 476.025563][T16039] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 476.343612][T19490] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5138'. [ 476.461493][T19490] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5138'. [ 477.011419][T19523] ieee802154 phy0 wpan0: encryption failed: -22 [ 477.767028][T19544] loop1: detected capacity change from 0 to 4096 [ 477.798356][T19544] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 477.834438][T19561] netlink: 5 bytes leftover after parsing attributes in process `syz.9.5165'. [ 477.838780][T19544] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [ 477.878223][T19563] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 477.918597][T19544] NILFS (loop1): failed to count free inodes: err=-34 [ 478.162493][T19572] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5172'. [ 478.171956][T19572] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5172'. [ 478.554132][T19578] loop4: detected capacity change from 0 to 4096 [ 478.775267][T19593] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 478.929382][T19578] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 479.070839][T19578] Remounting filesystem read-only [ 479.231925][T19606] netlink: 1284 bytes leftover after parsing attributes in process `syz.7.5186'. [ 479.388574][T19577] loop9: detected capacity change from 0 to 32768 [ 479.418965][T19577] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.5169 (19577) [ 479.594745][T19577] BTRFS info (device loop9): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 479.636841][T19577] BTRFS info (device loop9): using blake2b (blake2b-256-generic) checksum algorithm [ 479.659489][T19619] netlink: 'syz.7.5191': attribute type 21 has an invalid length. [ 479.686063][T19577] BTRFS info (device loop9): using free-space-tree [ 480.008213][T19641] loop2: detected capacity change from 0 to 256 [ 480.124199][T19629] bond1: entered promiscuous mode [ 480.164046][T19629] 8021q: adding VLAN 0 to HW filter on device bond1 [ 480.520220][T15987] BTRFS info (device loop9): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 481.136855][T19691] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5216'. [ 481.609906][T19705] loop3: detected capacity change from 0 to 16 [ 481.634564][T19705] erofs (device loop3): mounted with root inode @ nid 36. [ 481.651214][T19705] syz.3.5219: attempt to access beyond end of device [ 481.651214][T19705] loop3: rw=0, sector=3489784, nr_sectors = 8 limit=16 [ 481.845571][T19669] loop1: detected capacity change from 0 to 40427 [ 481.870724][T19669] F2FS-fs (loop1): Corrupted extension count (64 + 1 > 64) [ 481.887958][T19669] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 482.028519][T19716] lo speed is unknown, defaulting to 1000 [ 482.164967][T19669] F2FS-fs (loop1): Found nat_bits in checkpoint [ 482.172941][T19727] netlink: 1284 bytes leftover after parsing attributes in process `syz.7.5230'. [ 482.225338][T19727] openvswitch: netlink: Message has 8 unknown bytes. [ 482.368150][T19719] loop9: detected capacity change from 0 to 4096 [ 482.416399][T19669] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 482.448912][T19669] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 483.355011][T19722] loop2: detected capacity change from 0 to 32768 [ 483.392666][T19722] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.5228 (19722) [ 483.422003][T17467] cxacru 9-1:0.0: firmware (cxacru-fw.bin) unavailable (system misconfigured?) [ 483.472557][T19722] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 483.483064][T19722] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 483.491616][T19722] BTRFS info (device loop2): using free-space-tree [ 484.036847][T19778] netlink: 'syz.3.5250': attribute type 10 has an invalid length. [ 484.053696][T19778] team0: Device ipvlan1 failed to register rx_handler [ 484.357650][ T29] audit: type=1326 audit(1734951710.386:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19794 comm="syz.4.5253" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f37b2585d29 code=0x0 [ 484.652720][T16039] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 484.968470][T19811] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5259'. [ 485.037596][T19813] xt_limit: Overflow, try lower: 0/0 [ 485.442239][T19825] loop1: detected capacity change from 0 to 16 [ 485.574968][T19825] erofs: DAX unsupported by block device. Turning off DAX. [ 485.615912][T19831] netlink: 180 bytes leftover after parsing attributes in process `syz.9.5267'. [ 485.636672][T19825] erofs (device loop1): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk! [ 485.730326][T19825] erofs (device loop1): mounted with root inode @ nid 36. [ 485.734181][T19835] loop3: detected capacity change from 0 to 2048 [ 485.778821][T19825] syz.1.5266: attempt to access beyond end of device [ 485.778821][T19825] loop1: rw=0, sector=131157, nr_sectors = 1 limit=16 [ 485.868429][T19835] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 485.882889][T19825] erofs (device loop1): read error -5 @ 0 of nid 36 [ 485.941655][T19839] loop2: detected capacity change from 0 to 1024 [ 486.168611][ T8593] hfsplus: b-tree write err: -5, ino 4 [ 486.804285][T19872] IPv6: sit1: Disabled Multicast RS [ 486.900513][T19876] ieee802154 phy0 wpan0: encryption failed: -22 [ 487.685722][T19917] loop9: detected capacity change from 0 to 256 [ 487.775904][T19917] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d) [ 487.841812][T19909] loop1: detected capacity change from 0 to 4096 [ 487.979785][T19909] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 488.101837][T19925] loop7: detected capacity change from 0 to 32768 [ 488.122086][T19925] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.5305 (19925) [ 488.148440][T19931] loop2: detected capacity change from 0 to 128 [ 488.155733][T19931] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 488.295710][T19925] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 488.384129][T19925] BTRFS info (device loop7): using sha256 (sha256-ni) checksum algorithm [ 488.419539][T19909] ntfs3(loop1): failed to convert "c46c" to cp737 [ 488.532693][T19925] BTRFS info (device loop7): using free-space-tree [ 488.628911][T19951] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 489.049785][T19973] netlink: 'syz.1.5311': attribute type 1 has an invalid length. [ 489.203096][T13528] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 489.638770][T19990] netlink: 'syz.1.5319': attribute type 3 has an invalid length. [ 489.663619][T19990] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5319'. [ 489.993061][T19936] loop3: detected capacity change from 0 to 32768 [ 490.286671][T20011] loop1: detected capacity change from 0 to 512 [ 490.559045][T19981] loop4: detected capacity change from 0 to 32768 [ 490.616673][T20011] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #13: comm syz.1.5323: attempt to clear invalid blocks 2 len 1 [ 490.703789][T20011] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 490.727578][T20011] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.5323: invalid indirect mapped block 1819239214 (level 0) [ 490.801050][T20032] (unnamed net_device) (uninitialized): option use_carrier: invalid value (9) [ 490.852568][T20011] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.5323: invalid indirect mapped block 1819239214 (level 1) [ 490.874890][T20034] loop7: detected capacity change from 0 to 64 [ 490.875978][T20011] EXT4-fs (loop1): 1 truncate cleaned up [ 490.957471][T20011] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 490.960313][T19936] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 491.010919][T20034] hfs: request for non-existent node 16777216 in B*Tree [ 491.041427][T20034] hfs: request for non-existent node 16777216 in B*Tree [ 491.095185][T19936] bcachefs (loop3): initializing new filesystem [ 491.131674][T20011] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.5323: Unrecognised inode hash code 20 [ 491.158412][T20011] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.5323: Corrupt directory, running e2fsck is recommended [ 491.236759][T20011] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.5323: Unrecognised inode hash code 20 [ 491.319527][T20011] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.5323: Corrupt directory, running e2fsck is recommended [ 491.334751][T19936] bcachefs (loop3): going read-write [ 491.390794][T19936] bcachefs (loop3): marking superblocks [ 491.443029][T19936] bcachefs (loop3): initializing freespace [ 491.469020][T19936] bcachefs (loop3): done initializing freespace [ 491.527204][T19936] bcachefs (loop3): reading snapshots table [ 491.559306][T19936] bcachefs (loop3): reading snapshots done [ 491.640070][T20054] netlink: 'syz.2.5334': attribute type 1 has an invalid length. [ 491.672665][T20054] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5334'. [ 491.781525][T19936] bcachefs (loop3): bch2_copygc_start(): error creating copygc thread EINTR [ 491.798759][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 491.812868][T19936] bcachefs (loop3): error starting copygc thread [ 491.820053][T19936] bcachefs (loop3): bch2_fs_start(): error starting filesystem EINTR [ 491.828229][T19936] bcachefs (loop3): shutting down [ 491.834943][T19936] bcachefs (loop3): going read-only [ 491.840304][T19936] bcachefs (loop3): finished waiting for writes to stop [ 491.864943][T19936] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2 [ 492.009995][T20069] netlink: 'syz.1.5337': attribute type 25 has an invalid length. [ 492.082013][T20071] loop7: detected capacity change from 0 to 2048 [ 492.133781][T20071] EXT4-fs: Ignoring removed mblk_io_submit option [ 492.153220][T19936] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 5 [ 492.187408][T20071] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 492.259481][T20082] loop1: detected capacity change from 0 to 64 [ 492.291153][T19936] bcachefs (loop3): shutdown complete, journal seq 6 [ 492.340531][T19936] bcachefs (loop3): marking filesystem clean [ 492.508722][T19936] bcachefs (loop3): shutdown complete [ 492.676875][T13528] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 493.090555][T20109] loop4: detected capacity change from 0 to 128 [ 493.121254][T20109] EXT4-fs: Invalid want_extra_isize 14 [ 493.230498][T20109] kAFS: No cell specified [ 494.470821][ T2335] pvrusb2: request_firmware fatal error with code=-110 [ 494.479480][ T2335] pvrusb2: Failure uploading firmware1 [ 494.486033][T20169] loop9: detected capacity change from 0 to 1764 [ 494.490946][ T2335] pvrusb2: Device initialization was not successful. [ 494.499149][ T2335] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 494.504031][T20166] loop7: detected capacity change from 0 to 2048 [ 494.509285][ T2335] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 494.536492][ T9] pvrusb2: Device being rendered inoperable [ 494.622949][T20166] UDF-fs: error (device loop7): udf_process_sequence: Primary Volume Descriptor not found! [ 494.677420][T20166] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 494.750862][T20166] UDF-fs: error (device loop7): udf_fiiter_advance_blk: extent after position 0 not allocated in directory (ino 1376) [ 495.274766][T20194] netlink: 'syz.9.5385': attribute type 3 has an invalid length. [ 495.806720][T20208] loop2: detected capacity change from 0 to 256 [ 496.101901][T20228] tmpfs: Group quota block hardlimit too large. [ 496.662669][T20252] (syz.7.5405,20252,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 496.685441][T20252] (syz.7.5405,20252,1):ocfs2_fill_super:1178 ERROR: status = -22 [ 496.716654][ T5849] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 496.727154][ T5849] Bluetooth: hci6: Injecting HCI hardware error event [ 496.735948][ T5849] Bluetooth: hci6: hardware error 0x00 [ 496.742208][ T5932] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 496.922162][ T5932] usb 10-1: Using ep0 maxpacket: 32 [ 496.945872][ T5932] usb 10-1: unable to get BOS descriptor or descriptor too short [ 496.961027][ T5932] usb 10-1: config 128 has an invalid interface number: 127 but max is 3 [ 496.970085][T19936] bcachefs: bch2_fs_get_tree() error: EINTR [ 496.998235][ T5932] usb 10-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 497.028021][ T5932] usb 10-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 497.043535][T19936] syz.3.5307 (19936) used greatest stack depth: 10736 bytes left [ 497.051506][ T5932] usb 10-1: config 128 has no interface number 0 [ 497.063181][ T5932] usb 10-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 497.077968][ T5932] usb 10-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 497.089997][T20236] loop1: detected capacity change from 0 to 32768 [ 497.093303][ T5932] usb 10-1: config 128 interface 127 has no altsetting 0 [ 497.128855][ T5932] usb 10-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 497.138247][ T5932] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.173599][ T5932] usb 10-1: Product: syz [ 497.178110][ T5932] usb 10-1: Manufacturer: syz [ 497.183241][ T5932] usb 10-1: SerialNumber: syz [ 497.552238][T20267] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5407'. [ 497.577639][ T5932] usb 10-1: USB disconnect, device number 7 [ 498.018951][T13546] udevd[13546]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 498.199495][T20303] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 498.378412][T20311] QAT: failed to copy from user cfg_data. [ 498.549836][T20316] netlink: 'syz.9.5429': attribute type 21 has an invalid length. [ 498.624685][T20316] netlink: 156 bytes leftover after parsing attributes in process `syz.9.5429'. [ 498.886849][T20331] loop9: detected capacity change from 0 to 16 [ 498.906676][T20333] netlink: 'syz.1.5414': attribute type 2 has an invalid length. [ 498.960410][T20331] virtio-fs: tag <(null)> not found [ 499.436047][T20351] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 499.685244][ T5849] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 500.068919][T20364] loop4: detected capacity change from 0 to 1024 [ 500.215808][ T9] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 500.360716][T20387] lo speed is unknown, defaulting to 1000 [ 500.421926][ T25] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 500.456981][T20398] loop1: detected capacity change from 0 to 2048 [ 500.478552][ T9] usb 10-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 500.497380][ T9] usb 10-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 500.526487][ T9] usb 10-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 500.559007][ T9] usb 10-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 500.585679][ T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 500.586707][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 500.611856][T20398] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 500.630839][ T25] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 500.638540][T20377] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 500.643977][ T25] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 500.666699][ T25] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 500.681538][ T25] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 500.696055][ T25] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 500.707066][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.717676][ T25] usb 3-1: Product: syz [ 500.727361][ T25] usb 3-1: Manufacturer: syz [ 500.736815][ T25] usb 3-1: SerialNumber: syz [ 500.904102][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 501.151527][ T25] usb 3-1: USB disconnect, device number 10 [ 501.310226][ T9] aiptek 10-1:17.0: Aiptek using 400 ms programming speed [ 501.319004][ T9] input: Aiptek as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:17.0/input/input21 [ 501.328980][T20422] loop3: detected capacity change from 0 to 256 [ 501.412529][ T9] usb 10-1: USB disconnect, device number 8 [ 501.418650][ C0] aiptek 10-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 501.472310][T20422] FAT-fs (loop3): Directory bread(block 64) failed [ 501.478952][T20422] FAT-fs (loop3): Directory bread(block 65) failed [ 501.526241][T20422] FAT-fs (loop3): Directory bread(block 66) failed [ 501.541677][ T6383] udevd[6383]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 501.557760][T20422] FAT-fs (loop3): Directory bread(block 67) failed [ 501.584709][T20422] FAT-fs (loop3): Directory bread(block 68) failed [ 501.635042][T20422] FAT-fs (loop3): Directory bread(block 69) failed [ 501.660478][T20422] FAT-fs (loop3): Directory bread(block 70) failed [ 501.691321][T20422] FAT-fs (loop3): Directory bread(block 71) failed [ 501.709007][T20422] FAT-fs (loop3): Directory bread(block 72) failed [ 501.744257][T20422] FAT-fs (loop3): Directory bread(block 73) failed [ 502.144599][T20445] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5480'. [ 502.550442][T20461] xt_nat: multiple ranges no longer supported [ 502.629065][T20464] netlink: 196 bytes leftover after parsing attributes in process `syz.3.5488'. [ 502.677874][T20464] netlink: 'syz.3.5488': attribute type 3 has an invalid length. [ 502.874908][T20475] ipt_REJECT: ECHOREPLY no longer supported. [ 502.967813][ T25] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 503.147519][ T25] usb 10-1: Using ep0 maxpacket: 32 [ 503.161658][T20487] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5502'. [ 503.175951][ T25] usb 10-1: config 0 has an invalid interface number: 51 but max is 0 [ 503.192103][ T25] usb 10-1: config 0 has no interface number 0 [ 503.210453][ T25] usb 10-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 503.247366][ T25] usb 10-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 503.273129][ T25] usb 10-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 503.282642][ T25] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.290733][ T25] usb 10-1: Product: syz [ 503.299416][ T25] usb 10-1: Manufacturer: syz [ 503.325529][ T25] usb 10-1: SerialNumber: syz [ 503.353887][ T25] usb 10-1: config 0 descriptor?? [ 503.370395][ T25] quatech2 10-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 503.417138][T20493] loop3: detected capacity change from 0 to 64 [ 503.444879][T20496] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 1, id = 0 [ 503.603763][ T25] usb 10-1: qt2_setup_urbs - submit read urb failed -90 [ 503.611793][ T25] quatech2 10-1:0.51: probe with driver quatech2 failed with error -90 [ 503.671430][T20500] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5507'. [ 503.880907][ T25] usb 10-1: USB disconnect, device number 9 [ 503.903893][T20511] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (2147483647) [ 503.914460][T20511] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535 [ 503.925841][T20510] netlink: 'syz.3.5511': attribute type 10 has an invalid length. [ 504.107818][T20510] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 504.343771][ T25] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 504.351526][T20525] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5519'. [ 504.541538][ T25] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 504.574031][ T25] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 504.591716][T20533] kAFS: unable to lookup cell 'syz0.riX<̧+R!K+K4[Ed<6c7( n@8A5W/7|{?hT8#&3r?3U current cno (= 3) [ 506.133609][T20563] NILFS error (device loop9): nilfs_bmap_truncate: broken bmap (inode number=16) [ 506.158821][T20563] Remounting filesystem read-only [ 506.164596][T20563] NILFS (loop9): error -5 truncating bmap (ino=16) [ 506.276615][T15987] NILFS (loop9): disposed unprocessed dirty file(s) when detaching log writer [ 506.318849][T18927] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 506.433119][T20572] netlink: zone id is out of range [ 506.465504][T20572] netlink: zone id is out of range [ 506.483720][T20572] netlink: zone id is out of range [ 506.494954][T20572] netlink: zone id is out of range [ 506.532158][T20572] netlink: zone id is out of range [ 506.548328][T20572] netlink: zone id is out of range [ 506.574412][T20572] netlink: zone id is out of range [ 506.640451][T20572] netlink: zone id is out of range [ 506.757630][T20572] netlink: zone id is out of range [ 506.763069][T20572] netlink: zone id is out of range [ 506.850536][T20584] loop1: detected capacity change from 0 to 1024 [ 507.033710][T20584] hfsplus: cannot replace xattr [ 508.004788][T20623] loop2: detected capacity change from 0 to 4096 [ 508.021771][T20623] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 508.135233][T20623] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 508.439031][T20647] netlink: 'syz.4.5572': attribute type 1 has an invalid length. [ 508.527672][T20653] loop3: detected capacity change from 0 to 256 [ 508.606395][T20653] FAT-fs (loop3): Directory bread(block 64) failed [ 508.613388][T20653] FAT-fs (loop3): Directory bread(block 65) failed [ 508.666538][T20653] FAT-fs (loop3): Directory bread(block 66) failed [ 508.673133][T20653] FAT-fs (loop3): Directory bread(block 67) failed [ 508.709940][T20653] FAT-fs (loop3): Directory bread(block 68) failed [ 508.716539][T20653] FAT-fs (loop3): Directory bread(block 69) failed [ 508.735370][T20653] FAT-fs (loop3): Directory bread(block 70) failed [ 508.741945][T20653] FAT-fs (loop3): Directory bread(block 71) failed [ 508.748760][T20653] FAT-fs (loop3): Directory bread(block 72) failed [ 508.755431][T20653] FAT-fs (loop3): Directory bread(block 73) failed [ 508.766509][T20660] gre1: entered promiscuous mode [ 508.785709][T20660] gre1: entered allmulticast mode [ 508.836963][T20653] tmpfs: Bad value for 'mpol' [ 509.008127][T20670] vivid-000: disconnect [ 509.013776][T20669] vivid-000: reconnect [ 509.074672][T20665] loop1: detected capacity change from 0 to 4096 [ 509.100704][T20665] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 509.137266][T20672] loop9: detected capacity change from 0 to 128 [ 509.145696][T20672] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256 [ 509.334430][T20672] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 509.346837][T20665] ntfs3(loop1): Failed to initialize $Extend/$Reparse. [ 510.138514][T20703] netlink: 276 bytes leftover after parsing attributes in process `syz.3.5598'. [ 510.200726][T20676] loop4: detected capacity change from 0 to 32768 [ 510.544783][T20717] loop1: detected capacity change from 0 to 256 [ 510.579643][T20718] loop3: detected capacity change from 0 to 1764 [ 510.687841][T20717] FAT-fs (loop1): Directory bread(block 64) failed [ 510.720035][T20717] FAT-fs (loop1): Directory bread(block 65) failed [ 510.756619][T20717] FAT-fs (loop1): Directory bread(block 66) failed [ 510.844269][T20717] FAT-fs (loop1): Directory bread(block 67) failed [ 510.850991][T20717] FAT-fs (loop1): Directory bread(block 68) failed [ 510.886673][T20717] FAT-fs (loop1): Directory bread(block 69) failed [ 510.899035][T20717] FAT-fs (loop1): Directory bread(block 70) failed [ 510.920046][T20717] FAT-fs (loop1): Directory bread(block 71) failed [ 510.926677][T20717] FAT-fs (loop1): Directory bread(block 72) failed [ 510.963324][T20717] FAT-fs (loop1): Directory bread(block 73) failed [ 510.969440][T20728] loop2: detected capacity change from 0 to 512 [ 511.029757][T20728] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 511.115580][T20728] ext4 filesystem being mounted at /271/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 511.214190][T20728] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 511.430582][T16039] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 511.896656][T20746] loop2: detected capacity change from 0 to 32768 [ 511.920302][T20746] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.5619 (20746) [ 511.980186][T20741] loop9: detected capacity change from 0 to 32768 [ 511.987642][T20746] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 512.003064][T20741] BTRFS: device /dev/loop9 (7:9) using temp-fsid 29c2fc06-1859-45c1-a0ae-aaceee74a186 [ 512.027220][T20741] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.5618 (20741) [ 512.048800][T20746] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 512.083424][T20741] BTRFS info (device loop9): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 512.111782][T20746] BTRFS info (device loop2): using free-space-tree [ 512.198378][T20741] BTRFS info (device loop9): using sha256 (sha256-ni) checksum algorithm [ 512.206871][T20741] BTRFS info (device loop9): using free-space-tree [ 512.631881][T20776] loop4: detected capacity change from 0 to 4096 [ 512.827294][T16039] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 512.832233][T20776] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 512.870703][T15987] BTRFS info (device loop9): last unmount of filesystem 29c2fc06-1859-45c1-a0ae-aaceee74a186 [ 513.366440][ T5853] Bluetooth: hci7: command 0x0406 tx timeout [ 513.686554][T20819] netlink: 'syz.4.5638': attribute type 7 has an invalid length. [ 513.741488][T20819] netlink: 'syz.4.5638': attribute type 8 has an invalid length. [ 514.017513][T20827] loop1: detected capacity change from 0 to 1764 [ 514.076391][T20829] netlink: 'syz.9.5642': attribute type 2 has an invalid length. [ 514.111321][T20827] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 514.119589][T20831] netlink: 516 bytes leftover after parsing attributes in process `syz.4.5644'. [ 514.132320][T20829] : entered promiscuous mode [ 515.484882][T20880] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5668'. [ 515.589096][T20884] loop9: detected capacity change from 0 to 1024 [ 515.703009][T20887] loop4: detected capacity change from 0 to 4096 [ 515.869471][T20898] loop3: detected capacity change from 0 to 64 [ 516.083259][T20900] --map-set only usable from mangle table [ 516.662095][T20919] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5687'. [ 516.682160][ T5932] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 516.847035][ T5853] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 516.857512][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 516.869162][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 516.910508][ T5853] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 516.919906][ T5853] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 516.928575][ T5853] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 516.991207][ T5932] usb 10-1: config 135 contains an unexpected descriptor of type 0x2, skipping [ 517.000725][ T5932] usb 10-1: config 135 has no interfaces? [ 517.015806][T20923] lo speed is unknown, defaulting to 1000 [ 517.054416][ T5932] usb 10-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 517.109989][ T5932] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 517.215640][T20934] netlink: 'syz.1.5694': attribute type 21 has an invalid length. [ 517.223549][T20934] netlink: 128 bytes leftover after parsing attributes in process `syz.1.5694'. [ 517.263528][T20934] netlink: 'syz.1.5694': attribute type 4 has an invalid length. [ 517.281018][T20934] netlink: 'syz.1.5694': attribute type 5 has an invalid length. [ 517.291122][T20934] netlink: 3 bytes leftover after parsing attributes in process `syz.1.5694'. [ 517.441325][ T25] usb 10-1: USB disconnect, device number 10 [ 517.585314][T20944] loop4: detected capacity change from 0 to 2048 [ 517.676511][T20948] net_ratelimit: 337 callbacks suppressed [ 517.676534][T20948] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 517.765779][T20944] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 518.042478][T20923] chnl_net:caif_netlink_parms(): no params data found [ 518.117822][T20966] loop4: detected capacity change from 0 to 256 [ 518.219205][T20966] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 518.505870][T20977] loop3: detected capacity change from 0 to 1024 [ 518.515784][T20979] loop2: detected capacity change from 0 to 512 [ 518.553673][T20984] netlink: 136 bytes leftover after parsing attributes in process `syz.1.5717'. [ 518.560948][T20923] bridge0: port 1(bridge_slave_0) entered blocking state [ 518.624744][T20923] bridge0: port 1(bridge_slave_0) entered disabled state [ 518.662314][T20923] bridge_slave_0: entered allmulticast mode [ 518.704008][T20923] bridge_slave_0: entered promiscuous mode [ 518.723247][T20979] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 518.737083][T20979] ext4 filesystem being mounted at /289/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 518.762502][T20979] EXT4-fs error (device loop2): ext4_empty_dir:3103: inode #12: block 32: comm syz.2.5715: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 518.782506][T20979] EXT4-fs (loop2): Remounting filesystem read-only [ 518.782622][T20923] bridge0: port 2(bridge_slave_1) entered blocking state [ 518.862171][T20979] EXT4-fs warning (device loop2): ext4_empty_dir:3105: inode #12: comm syz.2.5715: directory missing '.' [ 518.872892][T20923] bridge0: port 2(bridge_slave_1) entered disabled state [ 518.897314][T20923] bridge_slave_1: entered allmulticast mode [ 518.915428][T20923] bridge_slave_1: entered promiscuous mode [ 518.931177][T20996] loop3: detected capacity change from 0 to 256 [ 518.990709][T20998] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5721'. [ 519.040618][T16039] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 519.054074][T20995] @: renamed from bond_slave_0 (while UP) [ 519.165004][ T5853] Bluetooth: hci2: command tx timeout [ 519.253567][T21000] 8021q: adding VLAN 0 to HW filter on device bond6 [ 519.287830][T21005] loop2: detected capacity change from 0 to 2048 [ 519.300536][T21005] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 519.400938][T20923] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 519.492602][T20923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 519.855946][T20923] team0: Port device team_slave_0 added [ 519.863653][T21021] netlink: 28 bytes leftover after parsing attributes in process `syz.9.5733'. [ 519.886735][T20923] team0: Port device team_slave_1 added [ 519.887243][T21026] loop1: detected capacity change from 0 to 128 [ 519.981014][T21026] EXT4-fs (loop1): Test dummy encryption mode enabled [ 520.086403][T21026] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 520.129643][T21026] ext4 filesystem being mounted at /996/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038-01-19 (0x7fffffff) [ 520.192909][T20923] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 520.205046][T20923] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 520.231310][T20923] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 520.281405][T20923] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 520.293032][T21041] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5741'. [ 520.302054][T20923] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 520.324043][ T5843] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 520.387300][T20923] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 520.503648][T21026] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 520.531663][ T5843] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 520.542214][T21026] EXT4-fs error (device loop1): ext4_validate_block_bitmap:423: comm syz.1.5735: bg 0: bad block bitmap checksum [ 520.580546][ T5843] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 520.628450][ T5843] usb 4-1: config 1 has no interface number 0 [ 520.634603][ T5843] usb 4-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 520.678311][ T5843] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 520.690557][ T5843] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.710862][T20923] hsr_slave_0: entered promiscuous mode [ 520.738849][ T5828] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 520.742229][ T5843] usb 4-1: Product: syz [ 520.768551][ T5843] usb 4-1: Manufacturer: syz [ 520.774019][T20923] hsr_slave_1: entered promiscuous mode [ 520.782286][ T5843] usb 4-1: SerialNumber: syz [ 520.812471][ T5843] usb 4-1: selecting invalid altsetting 1 [ 520.829468][T20923] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 520.865416][T20923] Cannot create hsr debugfs directory [ 520.984143][ T29] audit: type=1326 audit(1734951744.233:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21056 comm="syz.1.5748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa31785d29 code=0x7ffc0000 [ 521.048199][T21061] netlink: 512 bytes leftover after parsing attributes in process `syz.4.5750'. [ 521.084569][ T29] audit: type=1326 audit(1734951744.233:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21056 comm="syz.1.5748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa31785d29 code=0x7ffc0000 [ 521.193760][ T29] audit: type=1326 audit(1734951744.279:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21056 comm="syz.1.5748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7ffa31785d29 code=0x7ffc0000 [ 521.274436][ T5843] cdc_ncm 4-1:1.1: failed GET_NTB_PARAMETERS [ 521.281250][ T29] audit: type=1326 audit(1734951744.279:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21056 comm="syz.1.5748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa31785d29 code=0x7ffc0000 [ 521.284348][ T5843] cdc_ncm 4-1:1.1: bind() failure [ 521.373980][ T5843] usb 4-1: USB disconnect, device number 9 [ 521.386066][ T29] audit: type=1326 audit(1734951744.279:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21056 comm="syz.1.5748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa31785d29 code=0x7ffc0000 [ 521.396629][ T25] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 521.420459][ T5853] Bluetooth: hci2: command tx timeout [ 521.599734][T20923] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.624474][ T25] usb 10-1: Using ep0 maxpacket: 32 [ 521.661231][ T25] usb 10-1: config 0 has an invalid interface number: 1 but max is 0 [ 521.669727][ T25] usb 10-1: config 0 has no interface number 0 [ 521.681990][ T25] usb 10-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 521.703009][ T25] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.721856][ T25] usb 10-1: Product: syz [ 521.733218][ T25] usb 10-1: Manufacturer: syz [ 521.740970][ T25] usb 10-1: SerialNumber: syz [ 521.749622][T21073] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5756'. [ 521.760806][ T25] usb 10-1: config 0 descriptor?? [ 521.770278][ T25] usb 10-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 521.790372][ T25] usb 10-1: selecting invalid altsetting 1 [ 521.818174][ T25] usb 10-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 521.849894][ T25] usb 10-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 521.894858][T20923] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.902208][ T25] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 521.945545][ T25] usb 10-1: media controller created [ 522.008947][ T25] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 522.011437][T21058] loop2: detected capacity change from 0 to 32768 [ 522.136255][T20923] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.541251][ T25] usb 10-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 522.611337][ T25] usb 10-1: USB disconnect, device number 11 [ 522.699408][T20923] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.845330][T21097] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 523.208452][T20923] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 523.308965][T20923] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 523.373010][T20923] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 523.413730][T21116] loop1: detected capacity change from 0 to 2048 [ 523.425103][T20923] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 523.546322][T21116] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 523.583339][T21122] loop9: detected capacity change from 0 to 512 [ 523.603445][T21122] EXT4-fs: Ignoring removed i_version option [ 523.617860][T21116] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 523.672530][ T5853] Bluetooth: hci2: command tx timeout [ 523.706491][T21122] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 523.717730][ T5843] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 523.725859][T20923] 8021q: adding VLAN 0 to HW filter on device bond0 [ 523.748902][T20923] 8021q: adding VLAN 0 to HW filter on device team0 [ 523.765163][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 523.772353][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 523.807524][T21122] EXT4-fs (loop9): 1 truncate cleaned up [ 523.814244][T21122] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 523.923328][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 523.930481][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 523.942806][ T5843] usb 4-1: Using ep0 maxpacket: 32 [ 523.955710][ T5843] usb 4-1: config 0 has an invalid interface number: 151 but max is 0 [ 523.964769][ T5843] usb 4-1: config 0 has no interface number 0 [ 523.970885][ T5843] usb 4-1: config 0 interface 151 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 524.017026][ T5843] usb 4-1: config 0 interface 151 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 524.074616][ T5843] usb 4-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 524.109139][ T5843] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.141030][ T5843] usb 4-1: Product: syz [ 524.147894][ T5843] usb 4-1: Manufacturer: syz [ 524.172022][T21133] loop4: detected capacity change from 0 to 4096 [ 524.179440][ T5843] usb 4-1: SerialNumber: syz [ 524.194308][ T5843] usb 4-1: config 0 descriptor?? [ 524.226777][T15987] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 524.506501][ T5843] usb 4-1: USB disconnect, device number 10 [ 524.511354][T21148] netlink: 20 bytes leftover after parsing attributes in process `syz.9.5786'. [ 524.680663][T20923] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 524.734696][T13546] udevd[13546]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 525.042144][ T29] audit: type=1400 audit(1734951747.962:113): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=21161 comm="syz.2.5793" [ 525.385861][T21178] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5799'. [ 525.455960][T20923] veth0_vlan: entered promiscuous mode [ 525.511048][T20923] veth1_vlan: entered promiscuous mode [ 525.627352][T20923] veth0_macvtap: entered promiscuous mode [ 525.699714][T20923] veth1_macvtap: entered promiscuous mode [ 525.717043][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.727675][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.737765][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.748736][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.759250][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.770191][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.780317][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.791090][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.801433][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.812301][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.823663][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.835786][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.845711][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.856293][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.866201][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.876698][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.886580][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.897162][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.907069][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.917544][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.928790][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.940654][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.941717][ T5853] Bluetooth: hci2: command tx timeout [ 525.950798][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 525.950824][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.952145][T20923] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 525.989690][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 526.000262][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.010162][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 526.020777][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.030658][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 526.042380][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.053526][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 526.064062][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.073931][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 526.084421][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.094348][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 526.104948][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.114824][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 526.125356][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.135236][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 526.145958][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.157452][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 526.169791][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.180165][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 526.190853][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.200834][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 526.211504][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.221369][T20923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 526.231986][T20923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.242979][T20923] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 526.252917][T20923] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.263059][T20923] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.273087][T20923] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.281803][T20923] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.630325][ T5927] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 526.638269][ T5927] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 526.774516][ T1082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 526.847456][ T1082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 527.441569][T21239] loop9: detected capacity change from 0 to 512 [ 527.486385][T21239] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 527.548179][T21239] EXT4-fs error (device loop9): ext4_validate_block_bitmap:441: comm syz.9.5829: bg 0: block 248: padding at end of block bitmap is not set [ 527.572349][T21239] Quota error (device loop9): write_blk: dquota write failed [ 527.580139][T21239] Quota error (device loop9): qtree_write_dquot: Error -117 occurred while creating quota [ 527.590451][T21239] EXT4-fs error (device loop9): ext4_acquire_dquot:6938: comm syz.9.5829: Failed to acquire dquot type 1 [ 527.630111][T21239] EXT4-fs (loop9): 1 truncate cleaned up [ 527.648806][T21239] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 527.673691][T21239] ext4 filesystem being mounted at /341/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 527.759036][T21237] loop3: detected capacity change from 0 to 8192 [ 527.785646][T21239] EXT4-fs: Cannot change quota options when quota turned on [ 527.789009][ T30] INFO: task syz.4.3782:15506 blocked for more than 143 seconds. [ 527.811110][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 527.818561][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 527.824372][T21237] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 527.865264][ T30] Not tainted 6.13.0-rc4-syzkaller #0 [ 527.876725][T21237] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000001) [ 527.899817][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 527.917624][ T30] task:syz.4.3782 state:D stack:22992 pid:15506 tgid:15505 ppid:5846 flags:0x00004006 [ 527.951313][ T30] Call Trace: [ 527.954670][T21237] FAT-fs (loop3): Filesystem has been set read-only [ 527.961304][ T30] [ 527.964297][ T30] __schedule+0x1850/0x4c30 [ 527.968872][ T30] ? __pfx___schedule+0x10/0x10 [ 527.981652][ T30] ? __pfx_lock_release+0x10/0x10 [ 527.989836][ T30] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 527.995877][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.001548][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.007465][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 528.013396][ T30] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 528.019834][ T30] ? schedule+0x90/0x320 [ 528.024114][ T30] schedule+0x14b/0x320 [ 528.028351][ T30] schedule_preempt_disabled+0x13/0x30 [ 528.033842][ T30] __mutex_lock+0x7e7/0xee0 [ 528.039695][ T30] ? __mutex_lock+0x5ef/0xee0 [ 528.044435][ T30] ? rdma_dev_change_netns+0x3a/0x2f0 [ 528.051045][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 528.056122][ T30] ? kasan_quarantine_put+0xdc/0x230 [ 528.061521][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.067194][ T30] ? kobject_put+0x272/0x480 [ 528.071887][ T30] ? kfree+0x196/0x430 [ 528.075990][ T30] ? kobject_put+0x272/0x480 [ 528.080648][ T30] rdma_dev_change_netns+0x3a/0x2f0 [ 528.087751][ T30] rdma_dev_exit_net+0x21e/0x350 [ 528.092812][ T30] ? __pfx___might_resched+0x10/0x10 [ 528.098138][ T30] ? __pfx_rdma_dev_exit_net+0x10/0x10 [ 528.103728][ T30] ? mutex_is_locked+0x17/0x50 [ 528.108541][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.114305][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.119976][ T30] ? cfg80211_pernet_exit+0xf0/0x140 [ 528.125392][ T30] setup_net+0x796/0x9e0 [ 528.129686][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 528.135284][ T30] ? __pfx_setup_net+0x10/0x10 [ 528.140170][ T30] ? debug_mutex_init+0x38/0x70 [ 528.145067][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.151906][ T30] copy_net_ns+0x33f/0x570 [ 528.156377][ T30] create_new_namespaces+0x425/0x7b0 [ 528.163048][ T30] ? copy_namespaces+0x5c/0x490 [ 528.168022][ T30] copy_namespaces+0x41a/0x490 [ 528.172837][ T30] copy_process+0x1929/0x3d50 [ 528.177560][ T30] ? copy_process+0x9fa/0x3d50 [ 528.182681][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 528.187916][ T30] ? __pfx_copy_process+0x10/0x10 [ 528.193016][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.198679][ T30] ? futex_wait+0x285/0x360 [ 528.203299][ T30] kernel_clone+0x226/0x8e0 [ 528.207839][ T30] ? mpol_set_nodemask+0xb9/0x410 [ 528.212975][ T30] ? __pfx_kernel_clone+0x10/0x10 [ 528.218058][ T30] __x64_sys_clone+0x258/0x2a0 [ 528.222959][ T30] ? __pfx___x64_sys_clone+0x10/0x10 [ 528.228296][ T30] ? do_syscall_64+0x100/0x230 [ 528.233177][ T30] ? do_syscall_64+0xb6/0x230 [ 528.237909][ T30] do_syscall_64+0xf3/0x230 [ 528.242468][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.248455][ T30] RIP: 0033:0x7f3227b85d29 [ 528.252888][ T30] RSP: 002b:00007f3228954fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 528.262543][ T30] RAX: ffffffffffffffda RBX: 00007f3227d75fa0 RCX: 00007f3227b85d29 [ 528.271853][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000041000000 [ 528.279955][ T30] RBP: 00007f3227c01aa8 R08: 0000000000000000 R09: 0000000000000000 [ 528.288061][ T5893] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 528.295883][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 528.304058][ T30] R13: 0000000000000000 R14: 00007f3227d75fa0 R15: 00007fffc2030928 [ 528.312748][ T30] [ 528.316415][ T30] INFO: task syz.5.3809:15567 blocked for more than 143 seconds. [ 528.324476][ T30] Not tainted 6.13.0-rc4-syzkaller #0 [ 528.330755][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 528.339393][T15987] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 528.349840][ T30] task:syz.5.3809 state:D stack:21872 pid:15567 tgid:15565 ppid:5840 flags:0x00004006 [ 528.360346][ T30] Call Trace: [ 528.363694][ T30] [ 528.366648][ T30] __schedule+0x1850/0x4c30 [ 528.373472][ T30] ? __pfx___schedule+0x10/0x10 [ 528.378470][ T30] ? __pfx_lock_release+0x10/0x10 [ 528.383553][ T30] ? schedule+0x90/0x320 [ 528.387887][ T30] schedule+0x14b/0x320 [ 528.392080][ T30] schedule_timeout+0xb0/0x290 [ 528.396973][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 528.402383][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 528.408544][ T30] ? wait_for_completion+0x2fe/0x620 [ 528.413873][ T30] ? wait_for_completion+0x2fe/0x620 [ 528.419468][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 528.424706][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.430430][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 528.435672][ T30] ? wait_for_completion+0x2fe/0x620 [ 528.443200][ T30] wait_for_completion+0x355/0x620 [ 528.448939][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.455197][ T30] ? _raw_spin_unlock+0x28/0x50 [ 528.460616][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.466385][ T30] ? __pfx_wait_for_completion+0x10/0x10 [ 528.472147][ T30] ? __pfx_ib_mad_remove_device+0x10/0x10 [ 528.477917][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.484887][ T30] ? remove_client_context+0x19f/0x1e0 [ 528.490397][ T30] disable_device+0x1c7/0x360 [ 528.496359][ T30] ? __pfx_disable_device+0x10/0x10 [ 528.502662][ T30] __ib_unregister_device+0x2ac/0x3d0 [ 528.508171][ T30] ? __pfx_ib_device_get_by_index+0x10/0x10 [ 528.514131][ T30] ib_unregister_device_and_put+0xb9/0xf0 [ 528.519955][ T30] nldev_dellink+0x2c6/0x310 [ 528.524574][ T30] ? __pfx_nldev_dellink+0x10/0x10 [ 528.529913][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.535737][ T30] ? apparmor_capable+0x13b/0x1b0 [ 528.540911][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.547199][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.554110][ T30] ? security_capable+0x7e/0x2d0 [ 528.559131][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.564875][ T30] ? __pfx_nldev_dellink+0x10/0x10 [ 528.570162][ T30] rdma_nl_rcv+0x6df/0x9e0 [ 528.574850][ T30] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 528.580029][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.585844][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 528.592247][ T30] netlink_unicast+0x7f8/0x990 [ 528.597077][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 528.603596][ T30] ? __virt_addr_valid+0x45f/0x530 [ 528.608744][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.614555][ T30] ? __phys_addr_symbol+0x2f/0x70 [ 528.619619][ T30] ? __check_object_size+0x47a/0x730 [ 528.625042][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 528.629854][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 528.635251][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.641055][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 528.646123][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 528.652425][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 528.657817][ T30] __sock_sendmsg+0x223/0x270 [ 528.662548][ T30] ____sys_sendmsg+0x52a/0x7e0 [ 528.667412][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 528.672727][ T30] ? __fget_files+0x2a/0x410 [ 528.677587][ T30] ? __fget_files+0x2a/0x410 [ 528.682241][ T30] __sys_sendmsg+0x269/0x350 [ 528.686869][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 528.692166][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 528.698561][ T30] ? do_syscall_64+0x100/0x230 [ 528.704574][ T30] ? do_syscall_64+0xb6/0x230 [ 528.710496][ T30] do_syscall_64+0xf3/0x230 [ 528.715059][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.721073][ T30] RIP: 0033:0x7f5b46785d29 [ 528.725521][ T30] RSP: 002b:00007f5b4754f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 528.734058][ T30] RAX: ffffffffffffffda RBX: 00007f5b46975fa0 RCX: 00007f5b46785d29 [ 528.742069][ T30] RDX: 0000000000004000 RSI: 0000000020000100 RDI: 0000000000000003 [ 528.750131][ T30] RBP: 00007f5b46801aa8 R08: 0000000000000000 R09: 0000000000000000 [ 528.758155][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 528.766248][ T30] R13: 0000000000000000 R14: 00007f5b46975fa0 R15: 00007fff1a85da98 [ 528.774282][ T30] [ 528.777468][ T30] [ 528.777468][ T30] Showing all locks held in the system: [ 528.785240][ T30] 1 lock held by pool_workqueue_/3: [ 528.790909][ T30] #0: ffffffff8e93cff8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x830 [ 528.802144][ T30] 1 lock held by khungtaskd/30: [ 528.807217][ T30] #0: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 [ 528.818513][ T30] 4 locks held by kworker/u8:3/52: [ 528.823678][ T30] 4 locks held by kworker/u8:7/4355: [ 528.830300][ T30] #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 528.841506][ T30] #1: ffffc9000e897d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 528.852364][ T30] #2: ffffffff8fca6750 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x16a/0xd50 [ 528.862082][ T30] #3: ffffffff8e93cec0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x530 [ 528.872366][ T30] 2 locks held by getty/5586: [ 528.877062][ T30] #0: ffff8880309d40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 528.887342][ T30] #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00 [ 528.897772][ T30] 3 locks held by kworker/1:3/5843: [ 528.904794][ T30] 5 locks held by kworker/1:5/5893: [ 528.910012][ T30] 3 locks held by kworker/0:5/5932: [ 528.915663][ T30] 4 locks held by udevd/13546: [ 528.920453][ T30] 2 locks held by syz.4.3782/15506: [ 528.926967][ T30] #0: ffffffff8fca6750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 [ 528.937779][ T30] #1: ffff8880304b06b8 (&device->unregistration_lock){+.+.}-{4:4}, at: rdma_dev_change_netns+0x3a/0x2f0 [ 528.949397][ T30] 2 locks held by syz.5.3809/15567: [ 528.954608][ T30] #0: ffffffff9a76a238 (&rdma_nl_types[idx].sem){.+.+}-{4:4}, at: rdma_nl_rcv+0x32d/0x9e0 [ 528.965244][ T30] #1: ffff8880304b06b8 (&device->unregistration_lock){+.+.}-{4:4}, at: __ib_unregister_device+0x264/0x3d0 [ 528.976950][ T30] 2 locks held by syz.7.5453/20387: [ 528.982232][ T30] #0: ffffffff8fca6750 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 [ 528.991764][ T30] #1: ffff8880304b06b8 (&device->unregistration_lock){+.+.}-{4:4}, at: rdma_dev_change_netns+0x3a/0x2f0 [ 529.003156][ T30] [ 529.005502][ T30] ============================================= [ 529.005502][ T30] [ 529.014154][ T30] NMI backtrace for cpu 1 [ 529.018499][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc4-syzkaller #0 [ 529.027276][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 529.037341][ T30] Call Trace: [ 529.040654][ T30] [ 529.043589][ T30] dump_stack_lvl+0x241/0x360 [ 529.048293][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 529.053511][ T30] ? __pfx__printk+0x10/0x10 [ 529.058128][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 529.063086][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 529.068554][ T30] ? _printk+0xd5/0x120 [ 529.072727][ T30] ? __pfx__printk+0x10/0x10 [ 529.077332][ T30] ? __wake_up_klogd+0xcc/0x110 [ 529.082197][ T30] ? __pfx__printk+0x10/0x10 [ 529.086808][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 529.092450][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 529.097490][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 529.103480][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 529.109479][ T30] watchdog+0xff6/0x1040 [ 529.113736][ T30] ? watchdog+0x1ea/0x1040 [ 529.118179][ T30] ? __pfx_watchdog+0x10/0x10 [ 529.122907][ T30] kthread+0x2f2/0x390 [ 529.126989][ T30] ? __pfx_watchdog+0x10/0x10 [ 529.131678][ T30] ? __pfx_kthread+0x10/0x10 [ 529.136286][ T30] ret_from_fork+0x4d/0x80 [ 529.140714][ T30] ? __pfx_kthread+0x10/0x10 [ 529.145330][ T30] ret_from_fork_asm+0x1a/0x30 [ 529.150126][ T30] [ 529.153390][ T30] Sending NMI from CPU 1 to CPUs 0: [ 529.160216][ C0] NMI backtrace for cpu 0 [ 529.160231][ C0] CPU: 0 UID: 0 PID: 1082 Comm: kworker/u8:5 Not tainted 6.13.0-rc4-syzkaller #0 [ 529.160257][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 529.160272][ C0] Workqueue: events_unbound nsim_dev_trap_report_work [ 529.160313][ C0] RIP: 0010:memset+0xf/0x20 [ 529.160337][ C0] Code: 44 88 1f e9 8e 6e 27 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 49 89 f9 40 88 f0 48 89 d1 aa 4c 89 c8 e9 62 6e 27 00 0f 1f 80 00 00 00 00 90 90 90 90 90 [ 529.160356][ C0] RSP: 0018:ffffc900041ef448 EFLAGS: 00000202 [ 529.160376][ C0] RAX: ffffc900041ef500 RBX: ffffc900041ef5b8 RCX: 0000000000000001 [ 529.160394][ C0] RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffffc900041ef5df [ 529.160411][ C0] RBP: dffffc0000000000 R08: ffffc900041ef5df R09: ffffc900041ef5d0 [ 529.160429][ C0] R10: dffffc0000000000 R11: fffff5200083debc R12: ffffc900041f0000 [ 529.160448][ C0] R13: ffffc900041ef580 R14: ffffffff8141f865 R15: ffffc900041ef5d0 [ 529.160473][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 529.160493][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 529.160510][ C0] CR2: 00007fa68f748178 CR3: 0000000033e1c000 CR4: 0000000000350ef0 [ 529.160529][ C0] Call Trace: [ 529.160538][ C0] [ 529.160548][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 529.160577][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 529.160608][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 529.160636][ C0] ? nmi_handle+0x2a/0x5a0 [ 529.160675][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 529.160698][ C0] ? nmi_handle+0x151/0x5a0 [ 529.160727][ C0] ? nmi_handle+0x2a/0x5a0 [ 529.160756][ C0] ? memset+0xf/0x20 [ 529.160776][ C0] ? default_do_nmi+0x63/0x160 [ 529.160803][ C0] ? exc_nmi+0x123/0x1f0 [ 529.160828][ C0] ? end_repeat_nmi+0xf/0x53 [ 529.160850][ C0] ? arch_stack_walk+0xe5/0x150 [ 529.160886][ C0] ? memset+0xf/0x20 [ 529.160907][ C0] ? memset+0xf/0x20 [ 529.160929][ C0] ? memset+0xf/0x20 [ 529.160949][ C0] [ 529.160957][ C0] [ 529.160965][ C0] unwind_next_frame+0xcfb/0x22d0 [ 529.160999][ C0] ? __unwind_start+0xf8/0x740 [ 529.161030][ C0] __unwind_start+0x59a/0x740 [ 529.161059][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 529.161085][ C0] arch_stack_walk+0xe5/0x150 [ 529.161118][ C0] ? arch_stack_walk+0xe5/0x150 [ 529.161150][ C0] stack_trace_save+0x118/0x1d0 [ 529.161174][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 529.161206][ C0] kasan_save_track+0x3f/0x80 [ 529.161265][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 529.161291][ C0] __kasan_kmalloc+0x98/0xb0 [ 529.161319][ C0] __kmalloc_node_track_caller_noprof+0x28b/0x4c0 [ 529.161354][ C0] ? __alloc_skb+0x1f3/0x440 [ 529.161377][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 529.161404][ C0] ? __alloc_skb+0x1f3/0x440 [ 529.161427][ C0] kmalloc_reserve+0x111/0x2a0 [ 529.161454][ C0] __alloc_skb+0x1f3/0x440 [ 529.161486][ C0] ? __pfx___alloc_skb+0x10/0x10 [ 529.161518][ C0] nsim_dev_trap_report_work+0x261/0xb50 [ 529.161563][ C0] ? process_scheduled_works+0x976/0x1840 [ 529.161589][ C0] process_scheduled_works+0xa68/0x1840 [ 529.161631][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 529.161661][ C0] ? assign_work+0x364/0x3d0 [ 529.161688][ C0] worker_thread+0x870/0xd30 [ 529.161722][ C0] ? __kthread_parkme+0x169/0x1d0 [ 529.161751][ C0] ? __pfx_worker_thread+0x10/0x10 [ 529.161776][ C0] kthread+0x2f2/0x390 [ 529.161804][ C0] ? __pfx_worker_thread+0x10/0x10 [ 529.161829][ C0] ? __pfx_kthread+0x10/0x10 [ 529.161858][ C0] ret_from_fork+0x4d/0x80 [ 529.161882][ C0] ? __pfx_kthread+0x10/0x10 [ 529.161911][ C0] ret_from_fork_asm+0x1a/0x30 [ 529.161943][ C0] [ 529.165373][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 529.165392][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc4-syzkaller #0 [ 529.165420][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 529.165438][ T30] Call Trace: [ 529.165449][ T30] [ 529.165461][ T30] dump_stack_lvl+0x241/0x360 [ 529.165505][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 529.165544][ T30] ? __pfx__printk+0x10/0x10 [ 529.165577][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 529.165617][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 529.165646][ T30] ? vscnprintf+0x5d/0x90 [ 529.165680][ T30] panic+0x349/0x880 [ 529.165713][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 529.165743][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 529.165779][ T30] ? __pfx_panic+0x10/0x10 [ 529.165810][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 529.165853][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 529.165880][ T30] ? __irq_work_queue_local+0x137/0x410 [ 529.165913][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 529.165941][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 529.165973][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 529.166007][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 529.166042][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 529.166070][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 529.166108][ T30] watchdog+0x1035/0x1040 [ 529.166142][ T30] ? watchdog+0x1ea/0x1040 [ 529.166180][ T30] ? __pfx_watchdog+0x10/0x10 [ 529.166218][ T30] kthread+0x2f2/0x390 [ 529.166251][ T30] ? __pfx_watchdog+0x10/0x10 [ 529.166282][ T30] ? __pfx_kthread+0x10/0x10 [ 529.166317][ T30] ret_from_fork+0x4d/0x80 [ 529.166344][ T30] ? __pfx_kthread+0x10/0x10 [ 529.166378][ T30] ret_from_fork_asm+0x1a/0x30 [ 529.166419][ T30] [ 529.707845][ T30] Kernel Offset: disabled [ 529.712168][ T30] Rebooting in 86400 seconds..