last executing test programs: 2m10.978273301s ago: executing program 2 (id=150): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001880)=@bridge_setlink={0x34, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x20840}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x5, 0x0, 0x1, {0xc, 0x5, 0x0, 0x1, [{0x8, 0x1}]}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x0) 2m9.108926906s ago: executing program 2 (id=154): syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x2881) r0 = socket$inet(0x2, 0x3, 0xd) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x7, 0x0, 0x0, 0xfffffffb}]}) getsockopt$inet_mreqsrc(r0, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x28) 2m7.06144089s ago: executing program 2 (id=157): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0xd, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x4}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r3, &(0x7f00000002c0), &(0x7f0000000300)=@tcp6=r0, 0x1}, 0x20) 2m4.60079419s ago: executing program 2 (id=159): syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000080)='./file2\x00', 0x402, &(0x7f0000001280)=ANY=[@ANYRES64=0x0, @ANYRESOCT, @ANYRESOCT, @ANYBLOB="ec1a3881369fae6987d7a6922db874bcb0563edbf212875f142a04bbe14fd11ed31543677ddfbd12a760f13dd2fd476b0d7e088b2ac5eaebe64ab225975b882e26ccc04ae1e56422927a5de974cf1bc2873d781e837bdea83a1a8ff1fc5670132de294b6b2ae840099cb4d037cc46b3980928a506f800befa5037ecc4c128dc83d62f8d7ede6c05d595ab96a009e378894d776a0e83d4c1bbd9cfe6dbf29c3c5", @ANYRESOCT, @ANYBLOB="650dff969a08ff9e724d5d7c4ef89e23d56dda29c31665f63ec8a6f772a525c5b7212d46fcdce41a1775bdc7ae8d824d46ff9c67feac09d995afa0aed98ce5381701ee97a11793808dbb0a95927953efd647f04a4d25be7c929451bd4f6a217f6976fe903f0542222969f6d90184c98b67298ed804d7b1b0e667a2c734bec13f27287182ddd1e4f5ecf7"], 0x1, 0x242, &(0x7f0000000e40)="$eJzsmL+LE0EUx7+zu5kkIqLNFTYKHhjRSy57KNeE8wTBysYTtdLgrceZvYskK5iA4mFjo52FYGPhP2BxxdV2/gOCFioIFqawEEQOVt7O7GbiJpdltfN9iuE7M2/m/ZjNKwKGYf5bPn/68fHJucWVUwD2YxZFvf7VBoRQ2jLsPzy/e/JZ4/yL1+9fvdk8cH/nz/voSBjuhuZCaQ//DoDKso0g8RTGZ3+RmNWTFRQTfRkWTmh9BQJVrW/AKsT3evgZKoDbELim19tkX63eWve96s22v0pinoY6DS4NI/lSfIMtgVU9pxuFsd/t9VtN3/c6hnD03pitXCJx1ppJ1a8AicGyhYaOluKj+K8+frRFK3Ft5mEl9avDQl0nsbCblAmLKMa1USUx8j/sDPO3i4l7etpW0x+brb4V05Is+b5nd3uN7/+kWKY4NJfveIXSOatXHgDQWweRJwwMTy3B6xQw3LLpSx0xPpr55jKADJ9OJBzjdTDeeEm/aI4EL6aymCCeZor570WuLGIxM9h5m976op9SMeZ4KKa7ECPfj9zLuJQ15jik/BUro9+yclZMTv51A++2Vf8IXwocB2TcPxyjf9WCjTu1bq8/t77RXPPWvE3XXTgjgIen3VrUiNSY6nvD/lyO+tM+oz8XJthKS+JeMwg6dTVKIVFGEHTcaO4aP5tL2+1v1/WxABcAHFMTapsyudFO+RBS2ViRLalK2ohhGIZhGIZhGIZhGIZhGCYrI394HoFAOB1XWf8OAAD//5X0aKk=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000380)='./file0\x00') chdir(&(0x7f0000000080)='./file0\x00') 2m3.681783105s ago: executing program 2 (id=163): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) shutdown(r0, 0x0) 2m1.884565939s ago: executing program 2 (id=167): r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x80000001, 0x82002) syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') poll(&(0x7f0000000180)=[{r0}], 0x1, 0x7a0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) 1m57.799127417s ago: executing program 32 (id=167): r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x80000001, 0x82002) syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') poll(&(0x7f0000000180)=[{r0}], 0x1, 0x7a0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) 17.598298417s ago: executing program 3 (id=464): ioprio_set$uid(0x3, 0x0, 0x0) r0 = eventfd2(0x0, 0x0) io_setup(0x6, &(0x7f0000000040)=0x0) io_submit(r1, 0x2, &(0x7f0000002900)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x2, r0}, &(0x7f0000000200)={0x0, 0x0, 0xfffffffe, 0x8, 0x3511, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r0}]) 16.261008892s ago: executing program 3 (id=468): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x4000000, 0x1, 0x0, 'queue0\x00', 0x1c52}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x82) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="26eba9fdb4cbab48929e1af151000000000000000500000000000100", 0x1c}], 0x1) 15.262306601s ago: executing program 3 (id=472): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x14) 13.558411403s ago: executing program 3 (id=477): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x8020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf}, 0x20) 12.558243071s ago: executing program 3 (id=480): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000000)=0x7, 0x4) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000040)=0xf2b, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f00000000c0)=""/20, &(0x7f0000000100)=0x14) 12.517003488s ago: executing program 1 (id=482): ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}}) r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}}) ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8000"}, 0x0, 0x2, {}, 0x20800}) 11.472981967s ago: executing program 3 (id=484): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) r2 = eventfd(0x5f0) ioctl$KVM_IOEVENTFD(r1, 0x40a0ae49, &(0x7f0000000080)={0x7ff, 0x0, 0x0, r2, 0x7000}) 11.45774291s ago: executing program 1 (id=485): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0xa, 0x0, 0x0, @mcast2}, r1}}, 0x48) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000004c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000500), r1, 0x0, 0x2, 0x4}}, 0x20) 7.653602475s ago: executing program 1 (id=488): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x38, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x38}}, 0x0) 5.471213549s ago: executing program 4 (id=495): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000580)={0x1, @pix_mp={0xfffffffc, 0x0, 0x34325842, 0x4, 0x2, [{}, {0x277c, 0x4}, {}, {}, {}, {0xd360}, {0x0, 0x2}, {0x0, 0x80000}], 0x10}}) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0xa0000001, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1) 4.603996383s ago: executing program 0 (id=497): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r1}, 0x10) close(r0) 4.514596032s ago: executing program 4 (id=498): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xfffffffd}]}) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000001c0)={0x0, 0x0}) 3.935661776s ago: executing program 5 (id=499): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000440)={0x28, 0x7, r1, 0x0, &(0x7f0000000480)='LL', 0x2, 0x2}) ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r0, 0x3b87, &(0x7f0000000600)={0x18, 0x1, 0x0, 0x0, r1}) 3.561410441s ago: executing program 0 (id=500): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) sendmmsg$inet(r0, &(0x7f0000000500)=[{{&(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10, 0x0}}], 0x1, 0x0) 3.558952248s ago: executing program 1 (id=501): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1) sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="4d7e00000000000000002a00000008002f000000000005003600000000000c0005000000000000000000050037005000000008000200", @ANYRES32=r0, @ANYBLOB="0600060000e2ff00060004"], 0x50}, 0x4, 0x700000000000000}, 0x0) 3.330009636s ago: executing program 5 (id=502): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000100)={r1, 0x36}, 0x8) 2.850089119s ago: executing program 4 (id=503): r0 = syz_io_uring_setup(0x24fc, &(0x7f00000000c0)={0x0, 0x0, 0x10100, 0x1, 0xe6}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000140)=@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}) io_uring_enter(r0, 0x5b43, 0x0, 0x0, 0x0, 0x0) 2.745134098s ago: executing program 0 (id=504): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_emit_ethernet(0xfdef, &(0x7f0000001200)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0x0, 0x0, 0x0, @local, @local}}}}, 0x0) 2.702119513s ago: executing program 1 (id=505): r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r0, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000004c0)=""/4082, 0xff2}, {&(0x7f0000000200)=""/253, 0xfd}], 0x2}}], 0x56e, 0x0, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYBLOB="01002d"], 0x14}, 0x1, 0x0, 0x0, 0x20000040}, 0x810) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002b40)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x4000084) 2.444985869s ago: executing program 5 (id=506): r0 = syz_open_dev$loop(&(0x7f0000000240), 0x3e, 0x6542) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x6, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x2, 0x7]}}) sendfile(r1, r0, 0x0, 0x80000001) 1.9366444s ago: executing program 5 (id=507): rt_sigprocmask(0x0, &(0x7f0000000200)={[0xffffffff]}, 0x0, 0x8) r0 = gettid() tkill(r0, 0x11) rt_sigaction(0x11, &(0x7f0000000480)={0x0, 0x90000005, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000000)) 1.826326883s ago: executing program 4 (id=508): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x82) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x0, 0x1000}) r1 = fanotify_init(0x81, 0x40000) fanotify_mark(r1, 0x101, 0x40001032, r0, 0x0) 1.77937795s ago: executing program 0 (id=509): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000220000000400000002"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, 0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, &(0x7f0000000280), &(0x7f00000002c0)=r0}, 0x20) 1.207185908s ago: executing program 5 (id=510): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000600)="3f03fe7f0302140006001e008137", 0xe, 0x20040080, &(0x7f0000000000)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) 948.14708ms ago: executing program 4 (id=511): symlink(&(0x7f00000049c0)='.\x00', &(0x7f00000059c0)='./file0\x00') bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000140) 898.934547ms ago: executing program 1 (id=512): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000700)={0x20, 0x11, 0x1, "ce"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000080)={0x1, 0x4, 0x4, &(0x7f0000000040)={0x1c, "2f5aa708658854e6cd8ab7c9d8af328bd1d85242ddeec4ec4a45c09e8c486c0d4f"}}) 774.546914ms ago: executing program 0 (id=513): r0 = syz_open_dev$I2C(&(0x7f00000002c0), 0x0, 0x2000) ioctl$I2C_PEC(r0, 0x708, 0x3) ioctl$I2C_SMBUS(r0, 0x720, 0x0) ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000040)={0x1, 0x8, 0x4, &(0x7f0000000000)={0x16, "1621249d2d2ff3c1d6b8a25a625f7a0ea3ca140a917443450d59c821a1c5fb4395"}}) 273.993846ms ago: executing program 5 (id=514): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x3, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x3a) connect$pppl2tp(r1, &(0x7f00000001c0)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x1, 0x0, 0x1, 0x0, {0xa, 0xfffc, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0xd8}}}, 0x32) 25.919378ms ago: executing program 4 (id=515): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0}) ioctl$DMA_BUF_SET_NAME_A(r2, 0x40086203, 0x0) 0s ago: executing program 0 (id=516): r0 = socket$phonet(0x23, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'hsr0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newlink={0x5c, 0x10, 0x503, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, 0xf115}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_VLAN_INGRESS_QOS={0x10, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7, 0x8}}]}, @IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x5c}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.72' (ED25519) to the list of known hosts. [ 201.079848][ T5793] cgroup: Unknown subsys name 'net' [ 201.206774][ T5793] cgroup: Unknown subsys name 'cpuset' [ 201.223782][ T5793] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 208.282731][ T5793] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 214.341632][ T5816] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 214.347767][ T5814] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 214.350669][ T5816] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 214.357611][ T5814] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 214.365255][ T5816] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 214.382972][ T5816] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 214.395503][ T5816] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 214.404332][ T5816] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 214.413599][ T5814] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 214.415107][ T5816] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 214.431799][ T5816] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 214.431960][ T5814] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 214.448575][ T5814] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 214.482796][ T5112] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 214.511606][ T5820] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 214.529077][ T5820] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 214.542911][ T5820] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 214.551361][ T5817] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 214.625158][ T5817] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 214.653969][ T5813] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 214.662708][ T5820] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 214.674468][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 214.691142][ T5813] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 214.699240][ T5813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 214.764219][ T5820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 216.316157][ T5810] chnl_net:caif_netlink_parms(): no params data found [ 216.359357][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 216.527533][ T5816] Bluetooth: hci1: command tx timeout [ 216.531492][ T5820] Bluetooth: hci0: command tx timeout [ 216.760664][ T5820] Bluetooth: hci2: command tx timeout [ 216.854223][ T5820] Bluetooth: hci3: command tx timeout [ 216.859870][ T5820] Bluetooth: hci4: command tx timeout [ 216.993213][ T5809] chnl_net:caif_netlink_parms(): no params data found [ 217.251905][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 217.461391][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 218.071038][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.079358][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.089128][ T5812] bridge_slave_0: entered allmulticast mode [ 218.102343][ T5812] bridge_slave_0: entered promiscuous mode [ 218.262562][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.272626][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.280683][ T5810] bridge_slave_0: entered allmulticast mode [ 218.290706][ T5810] bridge_slave_0: entered promiscuous mode [ 218.350731][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.358344][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.366760][ T5812] bridge_slave_1: entered allmulticast mode [ 218.377359][ T5812] bridge_slave_1: entered promiscuous mode [ 218.424123][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.439616][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.447734][ T5810] bridge_slave_1: entered allmulticast mode [ 218.458022][ T5810] bridge_slave_1: entered promiscuous mode [ 218.600450][ T5816] Bluetooth: hci1: command tx timeout [ 218.606112][ T5816] Bluetooth: hci0: command tx timeout [ 218.772122][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.840437][ T5820] Bluetooth: hci2: command tx timeout [ 218.922002][ T5820] Bluetooth: hci4: command tx timeout [ 218.927749][ T5820] Bluetooth: hci3: command tx timeout [ 218.959246][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 218.973014][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.981056][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.988916][ T5821] bridge_slave_0: entered allmulticast mode [ 218.998983][ T5821] bridge_slave_0: entered promiscuous mode [ 219.056444][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.066001][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.074063][ T5809] bridge_slave_0: entered allmulticast mode [ 219.085689][ T5809] bridge_slave_0: entered promiscuous mode [ 219.109543][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.160815][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.168527][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.176548][ T5821] bridge_slave_1: entered allmulticast mode [ 219.186818][ T5821] bridge_slave_1: entered promiscuous mode [ 219.237649][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.245337][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.253817][ T5809] bridge_slave_1: entered allmulticast mode [ 219.263344][ T5809] bridge_slave_1: entered promiscuous mode [ 219.283631][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.301982][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.309437][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.317380][ T5822] bridge_slave_0: entered allmulticast mode [ 219.326081][ T5822] bridge_slave_0: entered promiscuous mode [ 219.384404][ T5812] team0: Port device team_slave_0 added [ 219.467033][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.477273][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.485749][ T5822] bridge_slave_1: entered allmulticast mode [ 219.495994][ T5822] bridge_slave_1: entered promiscuous mode [ 219.561852][ T5812] team0: Port device team_slave_1 added [ 219.739058][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.852780][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.865194][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 219.872739][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.899710][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 219.922207][ T5810] team0: Port device team_slave_0 added [ 219.944775][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.971556][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.990995][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.002864][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 220.010420][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 220.037513][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 220.064014][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.145280][ T5810] team0: Port device team_slave_1 added [ 220.467619][ T5822] team0: Port device team_slave_0 added [ 220.485177][ T5821] team0: Port device team_slave_0 added [ 220.518306][ T5809] team0: Port device team_slave_0 added [ 220.539860][ T5809] team0: Port device team_slave_1 added [ 220.550631][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 220.558224][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 220.585101][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 220.641402][ T5822] team0: Port device team_slave_1 added [ 220.656035][ T5821] team0: Port device team_slave_1 added [ 220.706631][ T5816] Bluetooth: hci0: command tx timeout [ 220.706874][ T5820] Bluetooth: hci1: command tx timeout [ 220.821815][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 220.829074][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 220.856206][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 220.941033][ T5820] Bluetooth: hci2: command tx timeout [ 221.000267][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.005853][ T5820] Bluetooth: hci3: command tx timeout [ 221.007488][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.019285][ T5820] Bluetooth: hci4: command tx timeout [ 221.039421][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.087021][ T5812] hsr_slave_0: entered promiscuous mode [ 221.097997][ T5812] hsr_slave_1: entered promiscuous mode [ 221.156329][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.164054][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.191275][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.209954][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.217695][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.246138][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.261163][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.268477][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.295230][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.334467][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.341877][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.369246][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.497663][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.505422][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.533085][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.631415][ T5810] hsr_slave_0: entered promiscuous mode [ 221.642242][ T5810] hsr_slave_1: entered promiscuous mode [ 221.651291][ T5810] debugfs: 'hsr0' already exists in 'hsr' [ 221.657306][ T5810] Cannot create hsr debugfs directory [ 221.863420][ T5821] hsr_slave_0: entered promiscuous mode [ 221.874779][ T5821] hsr_slave_1: entered promiscuous mode [ 221.885160][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 221.891845][ T5821] Cannot create hsr debugfs directory [ 222.056355][ T5809] hsr_slave_0: entered promiscuous mode [ 222.065786][ T5809] hsr_slave_1: entered promiscuous mode [ 222.075413][ T5809] debugfs: 'hsr0' already exists in 'hsr' [ 222.081530][ T5809] Cannot create hsr debugfs directory [ 222.308414][ T5822] hsr_slave_0: entered promiscuous mode [ 222.322443][ T5822] hsr_slave_1: entered promiscuous mode [ 222.332108][ T5822] debugfs: 'hsr0' already exists in 'hsr' [ 222.338030][ T5822] Cannot create hsr debugfs directory [ 222.760440][ T5820] Bluetooth: hci1: command tx timeout [ 222.766083][ T5820] Bluetooth: hci0: command tx timeout [ 223.015295][ T5820] Bluetooth: hci2: command tx timeout [ 223.090616][ T5820] Bluetooth: hci4: command tx timeout [ 223.096265][ T5820] Bluetooth: hci3: command tx timeout [ 223.707278][ T5812] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 223.751376][ T5812] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 223.773638][ T5812] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 223.816089][ T5812] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 224.258237][ T5810] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 224.290847][ T5810] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 224.350206][ T5810] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 224.375186][ T5810] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 224.636643][ T5809] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 224.682876][ T5809] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 224.799511][ T5809] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 224.829771][ T5809] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 224.858876][ T5821] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 225.016407][ T5821] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 225.046289][ T5821] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 225.105273][ T5822] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 225.144988][ T5822] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 225.174954][ T5821] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 225.225046][ T5822] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 225.298817][ T5822] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 225.808029][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.114566][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.161577][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.318705][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.326458][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.457798][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.465940][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.606840][ T5810] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.643501][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.712416][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.745151][ T3967] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.753001][ T3967] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.896990][ T3967] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.904705][ T3967] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.002062][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.092663][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.201260][ T3762] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.208960][ T3762] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.345348][ T3762] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.353150][ T3762] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.373429][ T3762] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.381553][ T3762] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.399407][ T3762] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.407207][ T3762] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.665337][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.798495][ T5821] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 227.943919][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.107568][ T3762] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.115439][ T3762] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.463842][ T3762] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.471628][ T3762] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.580608][ T5822] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 229.671672][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 230.073141][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 230.279617][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 230.690490][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 230.717483][ T5810] veth0_vlan: entered promiscuous mode [ 230.831983][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 230.869344][ T5810] veth1_vlan: entered promiscuous mode [ 231.261507][ T5821] veth0_vlan: entered promiscuous mode [ 231.422156][ T5810] veth0_macvtap: entered promiscuous mode [ 231.437683][ T5809] veth0_vlan: entered promiscuous mode [ 231.498783][ T5821] veth1_vlan: entered promiscuous mode [ 231.543308][ T5810] veth1_macvtap: entered promiscuous mode [ 231.624175][ T5809] veth1_vlan: entered promiscuous mode [ 231.650133][ T5822] veth0_vlan: entered promiscuous mode [ 231.818544][ T5822] veth1_vlan: entered promiscuous mode [ 231.905387][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 231.993894][ T5821] veth0_macvtap: entered promiscuous mode [ 232.076119][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 232.099389][ T5809] veth0_macvtap: entered promiscuous mode [ 232.137824][ T5821] veth1_macvtap: entered promiscuous mode [ 232.212627][ T1861] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.229003][ T5809] veth1_macvtap: entered promiscuous mode [ 232.271652][ T1861] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.345703][ T1861] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.417417][ T1861] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.482089][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 232.525028][ T5822] veth0_macvtap: entered promiscuous mode [ 232.548815][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 232.602466][ T5822] veth1_macvtap: entered promiscuous mode [ 232.645750][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 232.716448][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 232.756496][ T1099] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.820906][ T1099] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.881972][ T1099] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.949383][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 232.976984][ T3916] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.046825][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 233.067223][ T3916] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.119920][ T3762] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.148387][ T3762] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.183667][ T3762] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.264773][ T3762] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.334808][ T3762] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.380761][ T3762] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.396378][ T5812] veth0_vlan: entered promiscuous mode [ 233.444303][ T3762] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.542296][ T5812] veth1_vlan: entered promiscuous mode [ 233.918175][ T5812] veth0_macvtap: entered promiscuous mode [ 234.040745][ T5812] veth1_macvtap: entered promiscuous mode [ 234.285802][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 234.455887][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 234.558284][ T1861] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.611971][ T1861] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.694183][ T1861] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.746300][ T3967] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.874034][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 234.882386][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 240.895196][ T4021] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.903663][ T4021] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.049025][ T195] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.057230][ T195] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.205959][ T195] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.214302][ T195] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.387920][ T3604] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.396400][ T3604] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.420655][ T3520] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.430407][ T3520] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.482352][ T3916] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.491739][ T3916] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.819068][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 242.267761][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.276348][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.528045][ T3967] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.536371][ T3967] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.328323][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.338048][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.657322][ T6011] loop3: detected capacity change from 0 to 256 [ 243.710530][ T3967] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.718609][ T3967] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.937663][ T6011] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 244.167919][ T30] audit: type=1800 audit(1756326399.550:2): pid=6011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.8" name="file1" dev="loop3" ino=1048601 res=0 errno=0 [ 244.648424][ T6017] loop1: detected capacity change from 0 to 2048 [ 244.869118][ T6022] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 245.015008][ T30] audit: type=1800 audit(1756326400.380:3): pid=6017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.11" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 245.204923][ T6017] NILFS (loop1): writing node/leaf block does not appear in b-tree (ino=16) at key=5, level=0 [ 245.221913][ T6017] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=16) [ 245.359805][ T6017] Remounting filesystem read-only [ 246.072277][ T5822] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 246.196667][ T6035] tap0: tun_chr_ioctl cmd 21731 [ 247.385596][ T6048] process 'syz.1.24' launched './file0' with NULL argv: empty string added [ 247.614418][ T6052] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 247.666165][ T6039] loop4: detected capacity change from 0 to 32768 [ 247.760522][ T6039] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 248.544491][ T6039] XFS (loop4): Ending clean mount [ 248.611711][ T6039] XFS (loop4): Quotacheck needed: Please wait. [ 248.820884][ T6039] XFS (loop4): Quotacheck: Done. [ 249.072663][ T5812] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 251.242730][ T6086] loop4: detected capacity change from 0 to 1024 [ 251.412741][ T6086] ======================================================= [ 251.412741][ T6086] WARNING: The mand mount option has been deprecated and [ 251.412741][ T6086] and is ignored by this kernel. Remove the mand [ 251.412741][ T6086] option from the mount to silence this warning. [ 251.412741][ T6086] ======================================================= [ 251.452516][ T6086] EXT4-fs: inline encryption not supported [ 251.459441][ T6086] EXT4-fs: Ignoring removed bh option [ 251.888651][ T6086] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.518986][ T5812] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.157855][ T6098] loop2: detected capacity change from 0 to 65536 [ 254.221862][ T6098] XFS (loop2): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 254.363974][ T6115] loop0: detected capacity change from 0 to 128 [ 254.376452][ T6115] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 254.405062][ T6115] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 255.107285][ T6098] XFS (loop2): Ending clean mount [ 255.194659][ T5821] XFS (loop2): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 259.498384][ T6157] loop3: detected capacity change from 0 to 1024 [ 259.625564][ T6157] EXT4-fs: Ignoring removed nobh option [ 259.792488][ T6152] loop0: detected capacity change from 0 to 32768 [ 259.889722][ T6152] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.60 (6152) [ 259.905710][ T6157] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 260.255190][ T6164] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 260.262551][ T6164] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 260.489499][ T6152] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 260.500616][ T6152] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 260.509628][ T6152] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 260.649225][ T5809] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.875004][ T6152] BTRFS info (device loop0): rebuilding free space tree [ 260.952561][ T6152] BTRFS info (device loop0): disabling free space tree [ 260.960898][ T6152] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 260.971090][ T6152] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 261.033663][ T6152] BTRFS info (device loop0): enabling ssd optimizations [ 261.041134][ T6152] BTRFS info (device loop0): enabling disk space caching [ 261.048570][ T6152] BTRFS info (device loop0): force clearing of disk cache [ 261.056460][ T6152] BTRFS info (device loop0): enabling auto defrag [ 261.063415][ T6152] BTRFS info (device loop0): max_inline set to 0 [ 261.326492][ T5810] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 261.627068][ T6186] loop1: detected capacity change from 0 to 64 [ 262.821643][ T6185] loop3: detected capacity change from 0 to 40427 [ 262.836277][ T6185] F2FS-fs: heap/no_heap options were deprecated [ 262.845787][ T6185] f2fs: Unexpected value for 'prjquota' [ 263.279750][ T6197] loop1: detected capacity change from 0 to 128 [ 263.322561][ T6196] netlink: 8 bytes leftover after parsing attributes in process `syz.0.67'. [ 263.332503][ T6196] netlink: 8 bytes leftover after parsing attributes in process `syz.0.67'. [ 263.499589][ T6200] netlink: 165 bytes leftover after parsing attributes in process `syz.3.71'. [ 263.621543][ T6201] netlink: 'syz.4.72': attribute type 3 has an invalid length. [ 264.382440][ T6209] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 266.498515][ T6229] loop1: detected capacity change from 0 to 128 [ 266.740619][ T6229] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 266.777223][ T6229] ext4 filesystem being mounted at /19/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 267.508925][ T5822] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 267.829154][ T6239] loop2: detected capacity change from 0 to 512 [ 268.036517][ T6239] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 268.322189][ T6243] netlink: 'syz.0.90': attribute type 10 has an invalid length. [ 268.351741][ T6243] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 268.378974][ T6243] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 268.491850][ T6247] netlink: 'syz.0.90': attribute type 10 has an invalid length. [ 268.500234][ T6247] netlink: 40 bytes leftover after parsing attributes in process `syz.0.90'. [ 268.509355][ T6247] batadv0: entered promiscuous mode [ 268.515331][ T6247] batadv0: entered allmulticast mode [ 268.533068][ T6239] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #3: comm syz.2.88: corrupted inode contents [ 268.605435][ T6239] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #3: comm syz.2.88: mark_inode_dirty error [ 268.622273][ T6247] bond0: (slave batadv0): Releasing backup interface [ 268.634550][ T6239] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #3: comm syz.2.88: corrupted inode contents [ 268.692410][ T6239] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #3: comm syz.2.88: mark_inode_dirty error [ 268.732261][ T6247] bridge0: port 3(batadv0) entered blocking state [ 268.739408][ T6247] bridge0: port 3(batadv0) entered disabled state [ 268.816385][ T6239] Quota error (device loop2): write_blk: dquota write failed [ 268.825037][ T6239] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 268.835603][ T6239] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.88: Failed to acquire dquot type 0 [ 268.965438][ T6239] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.88: corrupted inode contents [ 269.011017][ T6239] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #16: comm syz.2.88: mark_inode_dirty error [ 269.096615][ T6239] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.88: corrupted inode contents [ 269.150932][ T3967] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 269.160827][ T3967] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 269.173529][ T6239] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #16: comm syz.2.88: mark_inode_dirty error [ 269.229051][ T6239] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.88: corrupted inode contents [ 269.301331][ T6239] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 269.355843][ T6239] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.88: corrupted inode contents [ 269.414736][ T6239] EXT4-fs error (device loop2): ext4_truncate:4666: inode #16: comm syz.2.88: mark_inode_dirty error [ 269.498965][ T6239] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 269.595479][ T6239] EXT4-fs (loop2): 1 truncate cleaned up [ 269.606490][ T6239] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 269.620725][ T6239] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 270.132904][ T6258] loop1: detected capacity change from 0 to 16 [ 270.184651][ T6258] erofs (device loop1): mounted with root inode @ nid 36. [ 270.418635][ T5821] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 270.522755][ T6256] loop0: detected capacity change from 0 to 4096 [ 270.660362][ T6256] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 271.551233][ T30] audit: type=1800 audit(1756326426.870:4): pid=6267 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.94" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 271.857536][ T6264] loop1: detected capacity change from 0 to 4096 [ 271.908756][ T6264] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512). [ 272.459859][ T6264] ntfs3(loop1): Failed to initialize $Extend/$ObjId. [ 272.813699][ T6272] loop3: detected capacity change from 0 to 2048 [ 273.055366][ T6272] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 273.756207][ T5809] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 275.273867][ T6292] loop0: detected capacity change from 0 to 32768 [ 275.291265][ T6298] loop4: detected capacity change from 0 to 764 [ 275.354503][ T6298] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 275.418092][ T6292] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 276.524346][ T6292] XFS (loop0): Ending clean mount [ 276.582555][ T6292] XFS (loop0): Quotacheck needed: Please wait. [ 276.680673][ T6292] XFS (loop0): Quotacheck: Done. [ 277.000471][ T5810] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 277.595890][ T6326] loop4: detected capacity change from 0 to 256 [ 277.802891][ T6326] netlink: 20 bytes leftover after parsing attributes in process `syz.4.122'. [ 279.086333][ T6334] loop2: detected capacity change from 0 to 4096 [ 279.169890][ T6334] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 279.597719][ T6342] netlink: 56 bytes leftover after parsing attributes in process `syz.1.129'. [ 279.633277][ T6336] loop4: detected capacity change from 0 to 4096 [ 280.714862][ T6350] loop1: detected capacity change from 0 to 256 [ 280.943383][ T6350] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 281.181909][ T6350] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 281.191653][ T6350] FAT-fs (loop1): Filesystem has been set read-only [ 281.242550][ T6357] netlink: 4 bytes leftover after parsing attributes in process `syz.2.134'. [ 282.934167][ T6359] loop0: detected capacity change from 0 to 32768 [ 282.968300][ T6359] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.137 (6359) [ 282.989967][ T6359] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 283.010694][ T6359] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 283.452122][ T6359] BTRFS info (device loop0): enabling ssd optimizations [ 283.459388][ T6359] BTRFS info (device loop0): enabling free space tree [ 283.641878][ T5810] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 286.948848][ T6407] loop3: detected capacity change from 0 to 2048 [ 287.325136][ T6407] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 287.333382][ T6407] UDF-fs: Scanning with blocksize 512 failed [ 287.846980][ T6407] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 288.665264][ T30] audit: type=1800 audit(1756326444.040:5): pid=6407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.151" name="file2" dev="loop3" ino=819 res=0 errno=0 [ 291.564113][ T6428] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 291.926234][ T6394] Set syz1 is full, maxelem 65536 reached [ 292.572154][ T6433] loop2: detected capacity change from 0 to 16 [ 292.614738][ T6433] erofs (device loop2): mounted with root inode @ nid 36. [ 293.134321][ T5821] syz-executor: attempt to access beyond end of device [ 293.134321][ T5821] loop2: rw=524288, sector=103079215096, nr_sectors = 64 limit=16 [ 293.154356][ T5821] syz-executor: attempt to access beyond end of device [ 293.154356][ T5821] loop2: rw=0, sector=103079215096, nr_sectors = 8 limit=16 [ 293.170621][ T5821] erofs (device loop2): failed to readdir of logical block 0 of nid 46 [ 293.270850][ T5821] erofs (device loop2): bogus i_mode (0) @ nid 281474976710655 [ 293.279373][ T5821] erofs (device loop2): bogus i_mode (0) @ nid 281474976710655 [ 293.498396][ T6437] loop4: detected capacity change from 0 to 4096 [ 293.769044][ T6444] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 293.816314][ T6442] loop3: detected capacity change from 0 to 512 [ 293.967023][ T6442] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 294.258521][ T6442] EXT4-fs (loop3): 1 truncate cleaned up [ 294.267444][ T6442] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 294.647563][ T6443] loop1: detected capacity change from 0 to 32768 [ 294.753803][ T6443] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.164 (6443) [ 294.851661][ T3967] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.376206][ T6447] loop0: detected capacity change from 0 to 32768 [ 295.381629][ T6443] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 295.399385][ T6443] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm [ 295.405150][ T3967] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.564509][ T3967] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.886103][ T5809] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.966436][ T3967] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.016833][ T6443] BTRFS info (device loop1): enabling ssd optimizations [ 296.027220][ T6443] BTRFS info (device loop1): enabling free space tree [ 296.324446][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 296.331349][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 296.468543][ T5822] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 296.842596][ T3967] bridge_slave_1: left allmulticast mode [ 296.848592][ T3967] bridge_slave_1: left promiscuous mode [ 296.856092][ T3967] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.004870][ T3967] bridge_slave_0: left allmulticast mode [ 297.011247][ T3967] bridge_slave_0: left promiscuous mode [ 297.018183][ T3967] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.236854][ T3967] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 298.277616][ T3967] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 298.327018][ T3967] bond0 (unregistering): Released all slaves [ 299.118371][ T3967] hsr_slave_0: left promiscuous mode [ 299.153764][ T3967] hsr_slave_1: left promiscuous mode [ 299.162573][ T3967] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 299.171394][ T3967] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 299.313772][ T3967] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 299.321706][ T3967] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 299.475999][ T3967] veth1_macvtap: left promiscuous mode [ 299.485961][ T3967] veth0_macvtap: left promiscuous mode [ 299.498032][ T3967] veth1_vlan: left promiscuous mode [ 299.503881][ T3967] veth0_vlan: left promiscuous mode [ 299.601711][ T6477] loop4: detected capacity change from 0 to 512 [ 299.625277][ T6477] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 299.781835][ T5872] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 300.272237][ T5872] usb 1-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 300.284026][ T5872] usb 1-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 300.294233][ T5872] usb 1-1: config 0 interface 0 has no altsetting 0 [ 300.301362][ T5872] usb 1-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00 [ 300.313773][ T5872] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.507113][ T6485] netlink: 44 bytes leftover after parsing attributes in process `syz.3.173'. [ 300.641476][ T5872] usb 1-1: config 0 descriptor?? [ 301.117193][ T5872] lenovo 0003:17EF:6067.0001: unknown main item tag 0x0 [ 301.125288][ T5872] lenovo 0003:17EF:6067.0001: unknown main item tag 0x0 [ 301.137797][ T5872] lenovo 0003:17EF:6067.0001: unknown main item tag 0x0 [ 301.146876][ T5872] lenovo 0003:17EF:6067.0001: unknown main item tag 0x0 [ 301.154314][ T5872] lenovo 0003:17EF:6067.0001: unknown main item tag 0x0 [ 301.424819][ T5872] lenovo 0003:17EF:6067.0001: hidraw0: USB HID v0.00 Device [HID 17ef:6067] on usb-dummy_hcd.0-1/input0 [ 301.549249][ T5872] usb 1-1: USB disconnect, device number 2 [ 301.852382][ T5816] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 302.017532][ T5816] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 302.133531][ T5816] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 302.157532][ T3967] team0 (unregistering): Port device team_slave_1 removed [ 302.185184][ T5816] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 302.212766][ T3967] team0 (unregistering): Port device team_slave_0 removed [ 302.280660][ T5816] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 303.448668][ T6495] fido_id[6495]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 303.582645][ T6508] netlink: 12 bytes leftover after parsing attributes in process `syz.4.179'. [ 303.598296][ T6508] netlink: 12 bytes leftover after parsing attributes in process `syz.4.179'. [ 303.624420][ T6506] loop1: detected capacity change from 0 to 1024 [ 303.679718][ T6506] EXT4-fs: Ignoring removed bh option [ 303.754775][ T6506] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 304.308017][ T6506] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 304.381727][ T5816] Bluetooth: hci3: command tx timeout [ 304.517286][ T6506] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 305.197685][ T5822] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 305.708871][ T6530] binder: binder_mmap: 6528 200000001000-20000000b000 bad vm_flags failed -1 [ 305.904619][ T6532] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 306.181654][ T6494] chnl_net:caif_netlink_parms(): no params data found [ 306.444131][ T5816] Bluetooth: hci3: command tx timeout [ 307.071350][ T6546] netlink: 'syz.0.191': attribute type 1 has an invalid length. [ 307.079245][ T6546] netlink: 'syz.0.191': attribute type 1 has an invalid length. [ 307.087675][ T6546] netlink: 'syz.0.191': attribute type 1 has an invalid length. [ 307.097767][ T6546] block nbd0: shutting down sockets [ 307.957979][ T6556] loop1: detected capacity change from 0 to 2048 [ 308.122430][ T6556] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 308.215238][ T6556] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 308.223671][ T6556] UDF-fs: Scanning with blocksize 512 failed [ 308.497285][ T6556] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 308.521069][ T5816] Bluetooth: hci3: command tx timeout [ 308.812110][ T6494] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.819765][ T6494] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.828079][ T6494] bridge_slave_0: entered allmulticast mode [ 308.838623][ T6494] bridge_slave_0: entered promiscuous mode [ 308.961852][ T6494] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.969461][ T6494] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.980379][ T6494] bridge_slave_1: entered allmulticast mode [ 308.990724][ T6494] bridge_slave_1: entered promiscuous mode [ 309.792751][ T6494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 309.854802][ T6494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 309.889002][ T5872] hid-generic 0000:0005:0009.0002: unknown main item tag 0x0 [ 309.896986][ T5872] hid-generic 0000:0005:0009.0002: unknown main item tag 0x0 [ 309.904997][ T5872] hid-generic 0000:0005:0009.0002: unknown main item tag 0x0 [ 310.048388][ T5872] hid-generic 0000:0005:0009.0002: hidraw0: HID v0.02 Device [syz0] on syz1 [ 310.425766][ T6494] team0: Port device team_slave_0 added [ 310.479514][ T6494] team0: Port device team_slave_1 added [ 310.601984][ T5816] Bluetooth: hci3: command tx timeout [ 311.039275][ T6494] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 311.046887][ T6494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 311.079535][ T6494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 311.408274][ T6494] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 311.416295][ T6494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 311.443115][ T6494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 312.364831][ T6596] loop3: detected capacity change from 0 to 40427 [ 312.380430][ T6596] F2FS-fs (loop3): build fault injection rate: 14 [ 312.387196][ T6596] F2FS-fs (loop3): build fault injection type: 0x3bfe8c [ 312.413456][ T6596] F2FS-fs (loop3): invalid crc value [ 312.441279][ C1] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of bio_endio+0xddf/0xf30 [ 312.473137][ C0] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of bio_endio+0xddf/0xf30 [ 312.784832][ T6601] netlink: 16 bytes leftover after parsing attributes in process `syz.1.210'. [ 312.837343][ T6596] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 312.846889][ T6596] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50 [ 312.866462][ T6596] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 313.244470][ T6597] fido_id[6597]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 313.249593][ T6494] hsr_slave_0: entered promiscuous mode [ 313.269489][ T6494] hsr_slave_1: entered promiscuous mode [ 313.279097][ T6494] debugfs: 'hsr0' already exists in 'hsr' [ 313.285509][ T6494] Cannot create hsr debugfs directory [ 314.697147][ T6616] loop4: detected capacity change from 0 to 256 [ 314.788282][ T6616] exfat: Deprecated parameter 'utf8' [ 315.121895][ T6616] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe649ead, utbl_chksum : 0xe619d30d) [ 315.965653][ T6494] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 316.009889][ T6494] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 316.133582][ T6494] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 316.187167][ T6494] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 316.415577][ T6630] loop0: detected capacity change from 0 to 1024 [ 317.668765][ T3604] hfsplus: b-tree write err: -5, ino 4 [ 318.270964][ T6494] 8021q: adding VLAN 0 to HW filter on device bond0 [ 318.615315][ T6494] 8021q: adding VLAN 0 to HW filter on device team0 [ 318.762089][ T3916] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.770242][ T3916] bridge0: port 1(bridge_slave_0) entered forwarding state [ 318.890383][ T6649] loop3: detected capacity change from 0 to 4096 [ 318.958465][ T3916] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.966225][ T3916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 319.230227][ T6659] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 319.899088][ T6662] loop1: detected capacity change from 0 to 164 [ 320.096120][ T6662] Unable to read rock-ridge attributes [ 320.209606][ T6662] Unable to read rock-ridge attributes [ 320.268082][ T6662] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 320.355248][ T6667] bridge0: entered allmulticast mode [ 321.117340][ T6670] loop3: detected capacity change from 0 to 2048 [ 321.304810][ T6670] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 322.209009][ T6494] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 322.510365][ T6685] loop4: detected capacity change from 0 to 128 [ 322.557496][ T6685] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 322.694206][ T6685] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 323.576534][ T3916] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 324.108656][ T6690] loop1: detected capacity change from 0 to 4096 [ 324.583611][ T6703] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 326.775430][ T6494] veth0_vlan: entered promiscuous mode [ 326.969920][ T6494] veth1_vlan: entered promiscuous mode [ 328.043049][ T6732] loop4: detected capacity change from 0 to 32768 [ 328.219409][ T6732] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.250 (6732) [ 328.236597][ T6733] loop0: detected capacity change from 0 to 32768 [ 328.278119][ T6732] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 328.289779][ T6732] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 328.507975][ T6494] veth0_macvtap: entered promiscuous mode [ 328.659218][ T6733] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 328.781240][ T6494] veth1_macvtap: entered promiscuous mode [ 329.087830][ T6494] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 329.136372][ T6732] BTRFS info (device loop4): enabling ssd optimizations [ 329.145424][ T6732] BTRFS info (device loop4): enabling free space tree [ 329.204158][ T6494] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 329.523354][ T3967] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.642231][ T3967] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.714226][ T3967] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.731497][ T6733] XFS (loop0): Ending clean mount [ 329.757005][ T6733] XFS (loop0): Quotacheck needed: Please wait. [ 329.771173][ T5812] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 329.809711][ T3967] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.883834][ T6733] XFS (loop0): Quotacheck: Done. [ 330.207352][ T5810] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 330.843801][ T6772] ------------[ cut here ]------------ [ 330.849493][ T6772] WARNING: CPU: 0 PID: 6772 at fs/exec.c:119 path_noexec+0x2ac/0x310 [ 330.860494][ T6772] Modules linked in: [ 330.864691][ T6772] CPU: 0 UID: 0 PID: 6772 Comm: syz.4.254 Not tainted syzkaller #0 PREEMPT(none) [ 330.874465][ T6772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 330.885564][ T6772] RIP: 0010:path_noexec+0x2ac/0x310 [ 330.891410][ T6772] Code: 49 89 ff 8b 7d d4 e8 33 64 e1 ff 4c 89 ff e9 c8 fe ff ff 44 89 e7 e8 23 64 e1 ff 4d 85 ed 0f 85 a3 fe ff ff e8 15 a1 3e ff 90 <0f> 0b 90 48 8b 7d c0 4c 8b 37 e8 e5 58 e1 ff 48 8b 00 48 89 45 c8 [ 330.911658][ T6772] RSP: 0018:ffff88811a8e7bc0 EFLAGS: 00010283 [ 330.918024][ T6772] RAX: ffffffff82b64dcb RBX: ffff88810ad3cce0 RCX: 0000000000080000 [ 330.930846][ T6772] RDX: ffffc90009806000 RSI: 0000000000000066 RDI: 0000000000000067 [ 330.939334][ T6772] RBP: ffff88811a8e7c00 R08: ffffea000000000f R09: 0000000000000003 [ 330.949065][ T6772] R10: 0000000000000003 R11: 0000000000000002 R12: 0000000000000000 [ 330.957582][ T6772] R13: 0000000000000000 R14: ffff8881409da1a0 R15: 0000000000000000 [ 330.966327][ T6772] FS: 00007fc49dab76c0(0000) GS:ffff8881aa696000(0000) knlGS:0000000000000000 [ 330.977521][ T6772] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 330.985482][ T6772] CR2: 00007f9c2180c000 CR3: 000000012824c000 CR4: 00000000003526f0 [ 330.994046][ T6772] Call Trace: [ 330.997601][ T6772] [ 331.000940][ T6772] do_mmap+0x1570/0x1d70 [ 331.005501][ T6772] vm_mmap_pgoff+0x40d/0x770 [ 331.010656][ T6772] ksys_mmap_pgoff+0x51b/0x7c0 [ 331.015816][ T6772] __x64_sys_mmap+0x19c/0x260 [ 331.021082][ T6772] x64_sys_call+0x18a7/0x3e20 [ 331.026287][ T6772] do_syscall_64+0xd9/0x210 [ 331.034592][ T6772] ? irqentry_exit+0x16/0x60 [ 331.039585][ T6772] ? clear_bhb_loop+0x40/0x90 [ 331.045832][ T6772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.052234][ T6772] RIP: 0033:0x7fc49cb8ebe9 [ 331.057250][ T6772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.077481][ T6772] RSP: 002b:00007fc49dab7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 331.086768][ T6772] RAX: ffffffffffffffda RBX: 00007fc49cdb5fa0 RCX: 00007fc49cb8ebe9 [ 331.095319][ T6772] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000200000fff000 [ 331.104080][ T6772] RBP: 00007fc49cc11e19 R08: 0000000000000004 R09: 0000000000000000 [ 331.112506][ T6772] R10: 0000000000004011 R11: 0000000000000246 R12: 0000000000000000 [ 331.121181][ T6772] R13: 00007fc49cdb6038 R14: 00007fc49cdb5fa0 R15: 00007ffefe7a9798 [ 331.133207][ T6772] [ 331.136434][ T6772] ---[ end trace 0000000000000000 ]--- [ 331.585574][ T6778] pim6reg: entered allmulticast mode [ 331.991761][ T6778] pim6reg: left allmulticast mode [ 333.531460][ T6788] capability: warning: `syz.1.261' uses 32-bit capabilities (legacy support in use) [ 334.239308][ T6793] loop0: detected capacity change from 0 to 1024 [ 334.294527][ T6793] EXT4-fs: inline encryption not supported [ 334.301328][ T6793] EXT4-fs: Ignoring removed i_version option [ 334.595114][ T6793] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 334.986997][ T6804] loop1: detected capacity change from 0 to 512 [ 335.546342][ T6804] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 335.561631][ T6804] ext4 filesystem being mounted at /61/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 335.616742][ T5810] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.309959][ T6795] loop4: detected capacity change from 0 to 8192 [ 336.425525][ T5822] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.451828][ T6795] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 336.663822][ T30] audit: type=1800 audit(1756326492.040:6): pid=6795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.264" name="file1" dev="loop4" ino=1048606 res=0 errno=0 [ 338.100884][ T6821] loop3: detected capacity change from 0 to 32768 [ 338.172909][ T6821] read_mapping_page failed! [ 338.177721][ T6821] jfs_mount: diMount failed w/rc = -5 [ 338.188391][ T6821] Mount JFS Failure: -5 [ 338.193135][ T6821] jfs_mount failed w/return code = -5 [ 339.332184][ T5817] Bluetooth: hci0: command 0x0406 tx timeout [ 339.339157][ T5112] Bluetooth: hci1: command 0x0406 tx timeout [ 339.345556][ T5817] Bluetooth: hci2: command 0x0406 tx timeout [ 339.345691][ T5817] Bluetooth: hci4: command 0x0406 tx timeout [ 339.972605][ T6834] loop1: detected capacity change from 0 to 4096 [ 340.875230][ T6844] loop3: detected capacity change from 0 to 32768 [ 340.904105][ T6844] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.277 (6844) [ 340.953223][ T6844] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 340.968098][ T6844] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 340.977471][ T6844] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 341.344411][ T6844] BTRFS info (device loop3): rebuilding free space tree [ 341.418136][ T6844] BTRFS info (device loop3): disabling free space tree [ 341.425622][ T6844] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 341.435987][ T6844] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 341.462958][ T6844] BTRFS info (device loop3): enabling ssd optimizations [ 341.471076][ T6844] BTRFS info (device loop3): turning off barriers [ 341.480941][ T6844] BTRFS info (device loop3): disabling tree log [ 341.487426][ T6844] BTRFS info (device loop3): turning on flush-on-commit [ 341.495782][ T6844] BTRFS info (device loop3): enabling disk space caching [ 341.503511][ T6844] BTRFS info (device loop3): force clearing of disk cache [ 341.511036][ T6844] BTRFS info (device loop3): doing ref verification [ 341.517861][ T6844] BTRFS info (device loop3): use lzo compression, level 0 [ 341.807319][ T5809] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 343.954058][ T6873] loop0: detected capacity change from 0 to 4096 [ 344.547423][ T6873] ntfs3(loop0): Failed to initialize $Extend/$ObjId. [ 344.626654][ T6881] loop4: detected capacity change from 0 to 2048 [ 344.786491][ T6881] NILFS (loop4): invalid segment: Checksum error in super root [ 344.794958][ T6881] NILFS (loop4): error -22 while loading super root [ 345.196259][ T6887] sch_fq: defrate 0 ignored. [ 345.307095][ T6888] loop1: detected capacity change from 0 to 512 [ 345.522302][ T3520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 345.530594][ T3520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.886718][ T6888] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 345.899946][ T6888] ext4 filesystem being mounted at /65/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 345.983895][ T6895] loop4: detected capacity change from 0 to 64 [ 346.078709][ T4021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 346.091914][ T4021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 346.415120][ T6899] loop0: detected capacity change from 0 to 512 [ 346.530897][ T6899] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 346.711122][ T6899] EXT4-fs (loop0): 1 truncate cleaned up [ 346.721526][ T6899] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 346.758645][ T5822] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 347.643734][ T5810] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 349.487392][ T6924] loop1: detected capacity change from 0 to 32768 [ 349.809254][ T6924] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded=yes,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow [ 349.809439][ T6924] allowing incompatible features above 0.0: (unknown version) [ 349.809546][ T6924] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 349.857775][ T6924] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 349.867686][ T6924] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 349.883891][ T6924] bcachefs (loop1): Version upgrade required: [ 349.883891][ T6924] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 349.883891][ T6924] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 349.883891][ T6924] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 349.963254][ T6924] bcachefs (loop1): dropping and reconstructing all alloc info [ 350.043928][ T6938] warning: `syz.0.298' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 350.182568][ T6924] bcachefs (loop1): accounting_read... done [ 350.195823][ T6924] bcachefs (loop1): alloc_read... done [ 350.207971][ T6924] bcachefs (loop1): snapshots_read... done [ 350.223287][ T6924] bcachefs (loop1): done starting filesystem [ 350.491696][ T5822] bcachefs (loop1): shutting down [ 350.799903][ T5822] bcachefs (loop1): shutdown complete [ 351.518214][ T6943] loop3: detected capacity change from 0 to 40427 [ 351.552976][ T6943] F2FS-fs (loop3): build fault injection rate: 25 [ 351.561810][ T6943] F2FS-fs (loop3): build fault injection type: 0x3bfe8d [ 351.582741][ T6943] F2FS-fs (loop3): invalid crc value [ 351.588539][ T6943] F2FS-fs (loop3): Wrong cp_pack_start_sum: 1 [ 351.597869][ T6943] F2FS-fs (loop3): Failed to get valid F2FS checkpoint [ 353.265950][ T6957] loop3: detected capacity change from 0 to 1024 [ 354.237139][ T6965] loop5: detected capacity change from 0 to 512 [ 354.258978][ T6963] loop0: detected capacity change from 0 to 512 [ 354.567405][ T6965] EXT4-fs error (device loop5): ext4_iget_extra_inode:5104: inode #15: comm syz.5.308: corrupted in-inode xattr: invalid ea_ino [ 354.629674][ T6963] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 354.644230][ T6963] ext4 filesystem being mounted at /64/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 354.702812][ T6965] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.308: couldn't read orphan inode 15 (err -117) [ 354.815163][ T6963] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #2: comm syz.0.307: corrupted inode contents [ 354.924968][ T6963] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #2: comm syz.0.307: mark_inode_dirty error [ 354.926675][ T6965] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 355.101062][ T6963] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #2: comm syz.0.307: corrupted inode contents [ 355.233448][ T6963] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm syz.0.307: mark_inode_dirty error [ 355.356639][ T6972] loop3: detected capacity change from 0 to 64 [ 356.029301][ T5810] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 356.043062][ T6494] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 357.070821][ T5872] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 357.325124][ T5872] usb 1-1: Using ep0 maxpacket: 32 [ 357.397701][ T5872] usb 1-1: config 0 interface 0 has no altsetting 0 [ 357.560557][ T5872] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 357.571263][ T5872] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.579792][ T5872] usb 1-1: Product: syz [ 357.584529][ T5872] usb 1-1: Manufacturer: syz [ 357.589447][ T5872] usb 1-1: SerialNumber: syz [ 357.767540][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 357.774762][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 357.876161][ T5872] usb 1-1: config 0 descriptor?? [ 358.161163][ T6993] loop5: detected capacity change from 0 to 512 [ 358.309894][ T6993] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 358.455791][ T6993] EXT4-fs (loop5): warning: maximal mount count reached, running e2fsck is recommended [ 358.469125][ T5872] gs_usb 1-1:0.0: Configuring for 2 interfaces [ 358.571947][ T6993] EXT4-fs error (device loop5): ext4_orphan_get:1392: comm syz.5.316: inode #15: comm syz.5.316: iget: illegal inode # [ 358.743039][ T6993] EXT4-fs (loop5): Remounting filesystem read-only [ 358.752676][ T6993] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 358.901768][ T5872] gs_usb 1-1:0.0: Disabling termination support for channel 0 (-EPROTO) [ 359.038007][ T5872] gs_usb 1-1:0.0: Couldn't get bit timing const for channel 1 (-EPROTO) [ 359.268711][ T5872] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -71 [ 359.432935][ T5872] usb 1-1: USB disconnect, device number 3 [ 359.563650][ T6494] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 359.844606][ T7006] loop3: detected capacity change from 0 to 128 [ 360.902917][ T7012] loop5: detected capacity change from 0 to 4096 [ 360.926353][ T7018] program syz.4.325 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 361.226717][ T7027] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 361.861008][ T7022] sctp: failed to load transform for md5: -2 [ 364.041037][ T7053] loop1: detected capacity change from 0 to 4096 [ 365.390573][ T5872] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 365.432670][ T7075] random: crng reseeded on system resumption [ 365.481649][ T7075] Restarting kernel threads ... [ 365.488155][ T7075] Done restarting kernel threads. [ 365.615566][ T5872] usb 6-1: Using ep0 maxpacket: 16 [ 365.634275][ T5872] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 365.655353][ T5872] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 365.667248][ T5872] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 365.681317][ T5872] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 365.690822][ T5872] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.776965][ T5872] usb 6-1: config 0 descriptor?? [ 366.327980][ T5872] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 366.336461][ T5872] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 366.344534][ T5872] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 366.352429][ T5872] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 366.366711][ T5872] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 366.376261][ T5872] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 366.383970][ T5872] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 366.391823][ T5872] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 366.399394][ T5872] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 366.407282][ T5872] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 366.905160][ T5872] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0003/input/input5 [ 367.204915][ T5872] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 367.305288][ T7092] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached [ 367.335399][ T5872] usb 6-1: USB disconnect, device number 2 [ 369.094565][ T7100] loop5: detected capacity change from 0 to 32768 [ 369.215194][ T7100] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 369.406523][ T7100] XFS (loop5): Ending clean mount [ 369.449898][ T7100] XFS (loop5): Quotacheck needed: Please wait. [ 369.546123][ T7100] XFS (loop5): Quotacheck: Done. [ 369.713138][ T6494] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 369.832294][ T7119] loop0: detected capacity change from 0 to 64 [ 370.089099][ T7119] syz.0.356: attempt to access beyond end of device [ 370.089099][ T7119] loop0: rw=34817, sector=39, nr_sectors = 125 limit=64 [ 370.103628][ T7119] syz.0.356: attempt to access beyond end of device [ 370.103628][ T7119] loop0: rw=34817, sector=167, nr_sectors = 1 limit=64 [ 370.117841][ T7119] syz.0.356: attempt to access beyond end of device [ 370.117841][ T7119] loop0: rw=34817, sector=169, nr_sectors = 1 limit=64 [ 370.133194][ T7119] syz.0.356: attempt to access beyond end of device [ 370.133194][ T7119] loop0: rw=34817, sector=171, nr_sectors = 7 limit=64 [ 370.341276][ T7119] syz.0.356: attempt to access beyond end of device [ 370.341276][ T7119] loop0: rw=34817, sector=179, nr_sectors = 740 limit=64 [ 370.975548][ T7125] loop3: detected capacity change from 0 to 4096 [ 371.046623][ T7125] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512). [ 373.166227][ T7150] loop5: detected capacity change from 0 to 256 [ 373.177792][ T7149] loop1: detected capacity change from 0 to 128 [ 373.969421][ T7157] loop0: detected capacity change from 0 to 64 [ 374.144806][ T7153] loop3: detected capacity change from 0 to 2364 [ 375.683415][ T5872] IPVS: starting estimator thread 0... [ 375.790608][ T7173] IPVS: using max 192 ests per chain, 9600 per kthread [ 376.779395][ T7172] fido_id[7172]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 377.629272][ T7183] loop1: detected capacity change from 0 to 32768 [ 377.696056][ T7183] btrfs: Deprecated parameter 'usebackuproot' [ 377.702779][ T7183] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 377.768405][ T7183] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.378 (7183) [ 377.884038][ T7183] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 377.899325][ T7183] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm [ 377.908740][ T7183] workqueue: max_active 65524 requested for btrfs-worker is out of range, clamping between 1 and 2048 [ 377.951450][ T7183] workqueue: max_active 65524 requested for btrfs-delalloc is out of range, clamping between 1 and 2048 [ 378.095443][ T7183] workqueue: max_active 65524 requested for btrfs-endio is out of range, clamping between 1 and 2048 [ 378.115957][ T7183] workqueue: max_active 65524 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048 [ 378.153325][ T7183] workqueue: max_active 65524 requested for btrfs-rmw is out of range, clamping between 1 and 2048 [ 378.207595][ T7183] workqueue: max_active 65524 requested for btrfs-endio-write is out of range, clamping between 1 and 2048 [ 378.244580][ T7183] workqueue: max_active 65524 requested for btrfs-compressed-write is out of range, clamping between 1 and 2048 [ 378.657117][ T7183] BTRFS info (device loop1): rebuilding free space tree [ 378.730810][ T7183] BTRFS info (device loop1): enabling ssd optimizations [ 378.740985][ T7183] BTRFS info (device loop1): using spread ssd allocation scheme [ 378.755147][ T7183] BTRFS info (device loop1): enabling free space tree [ 378.764377][ T7183] BTRFS info (device loop1): force clearing of disk cache [ 378.771921][ T7183] BTRFS info (device loop1): enabling auto defrag [ 378.778566][ T7183] BTRFS info (device loop1): doing ref verification [ 378.788632][ T7183] BTRFS info (device loop1): trying to use backup root at mount time [ 378.797145][ T7183] BTRFS info (device loop1): max_inline set to 4096 [ 379.504143][ T5822] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 380.651062][ T7228] loop0: detected capacity change from 0 to 512 [ 384.823424][ T7269] loop4: detected capacity change from 0 to 1024 [ 386.600715][ T7277] loop1: detected capacity change from 0 to 32768 [ 386.656305][ T7277] read_mapping_page failed! [ 386.661270][ T7277] ialloc: diAlloc returned -5! [ 387.309688][ T7288] loop5: detected capacity change from 0 to 256 [ 387.421968][ T30] audit: type=1326 audit(1756326542.808:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7290 comm="syz.1.412" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe9bfd8ebe9 code=0x0 [ 387.493037][ T7288] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xc5dfab67, utbl_chksum : 0xe619d30d) [ 388.747735][ T7302] loop5: detected capacity change from 0 to 2048 [ 388.793075][ T7302] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 388.857840][ T7306] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 388.930773][ T7302] NILFS (loop5): DAT doesn't have a block to manage vblocknr = 147 [ 388.939540][ T7302] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=15) [ 388.972987][ T7302] Remounting filesystem read-only [ 388.978349][ T7302] NILFS (loop5): error -5 truncating bmap (ino=15) [ 389.148238][ T6494] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer [ 389.770941][ T5872] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 389.959363][ T7313] loop4: detected capacity change from 0 to 764 [ 390.056270][ T5872] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 390.066039][ T5872] usb 6-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 390.075678][ T5872] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.180541][ T7313] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 390.237809][ T5872] usb 6-1: config 0 descriptor?? [ 390.670603][ T5872] usb 6-1: USB disconnect, device number 3 [ 391.482220][ T7324] CUSE: unknown device info "" [ 391.487408][ T7324] CUSE: zero length info key specified [ 392.081642][ T7330] loop5: detected capacity change from 0 to 128 [ 392.200620][ T7330] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 392.227733][ T7332] vxfs: WRONG superblock magic 00000000 at 1 [ 392.235556][ T7332] vxfs: WRONG superblock magic 00000000 at 8 [ 392.242084][ T7332] vxfs: can't find superblock. [ 393.674808][ T24] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 393.970520][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 394.023468][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 394.101245][ T24] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 394.116681][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.127274][ T24] usb 2-1: Product: syz [ 394.131816][ T24] usb 2-1: Manufacturer: syz [ 394.136811][ T24] usb 2-1: SerialNumber: syz [ 394.257034][ T24] usb 2-1: config 0 descriptor?? [ 394.260583][ T7353] loop0: detected capacity change from 0 to 128 [ 394.321909][ T24] hub 2-1:0.0: bad descriptor, ignoring hub [ 394.328351][ T24] hub 2-1:0.0: probe with driver hub failed with error -5 [ 394.347509][ T24] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input6 [ 394.549721][ T7353] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 394.573803][ T7353] ext4 filesystem being mounted at /93/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 394.891852][ T5157] usb 2-1: reset high-speed USB device number 2 using dummy_hcd [ 395.372557][ T5810] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 395.616773][ T24] usb 2-1: USB disconnect, device number 2 [ 397.411121][ T7385] netlink: 'syz.3.455': attribute type 83 has an invalid length. [ 398.365754][ T7389] loop1: detected capacity change from 0 to 2048 [ 398.517915][ T7387] loop0: detected capacity change from 0 to 32768 [ 398.540837][ T7389] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 398.660357][ T7389] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 398.801469][ T7389] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 399.728309][ T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 399.950920][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 400.003251][ T24] usb 6-1: config 0 has an invalid interface number: 184 but max is 0 [ 400.012127][ T24] usb 6-1: config 0 has no interface number 0 [ 400.018819][ T24] usb 6-1: config 0 interface 184 has no altsetting 0 [ 400.144417][ T24] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 400.159892][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.175977][ T24] usb 6-1: Product: syz [ 400.181008][ T24] usb 6-1: Manufacturer: syz [ 400.186006][ T24] usb 6-1: SerialNumber: syz [ 400.248683][ T7410] loop4: detected capacity change from 0 to 256 [ 400.313703][ T24] usb 6-1: config 0 descriptor?? [ 400.344184][ T24] smsc75xx v1.0.0 [ 400.348057][ T24] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 400.368616][ T24] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -22 [ 400.464398][ T7410] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 400.686884][ T5872] usb 6-1: USB disconnect, device number 4 [ 402.523214][ T7419] loop0: detected capacity change from 0 to 32768 [ 402.860367][ T7419] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 402.860554][ T7419] allowing incompatible features above 0.0: (unknown version) [ 402.860658][ T7419] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 402.906559][ T7419] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 402.920351][ T7419] bcachefs (loop0): initializing new filesystem [ 402.943640][ T7419] bcachefs (loop0): going read-write [ 403.011153][ T7419] bcachefs (loop0): marking superblocks [ 403.076841][ T7419] bcachefs (loop0): initializing freespace [ 403.109503][ T7419] bcachefs (loop0): done initializing freespace [ 403.138371][ T7419] bcachefs (loop0): reading snapshots table [ 403.144929][ T7419] bcachefs (loop0): reading snapshots done [ 403.205028][ T7441] capability: warning: `syz.4.475' uses deprecated v2 capabilities in a way that may be insecure [ 403.330907][ T7419] bcachefs (loop0): done starting filesystem [ 403.460595][ T7441] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 403.470993][ T7441] overlayfs: fs on './file1' does not support file handles, falling back to index=off,nfs_export=off. [ 403.482432][ T7441] overlayfs: fs on './file1' does not support file handles, falling back to xino=off. [ 403.492894][ T7441] overlayfs: conflicting lowerdir path [ 403.565775][ T7419] syz.0.471 (7419) used greatest stack depth: 1200 bytes left [ 403.676833][ T5810] bcachefs (loop0): shutting down [ 403.682485][ T5810] bcachefs (loop0): going read-only [ 403.687919][ T5810] bcachefs (loop0): finished waiting for writes to stop [ 403.712758][ T5810] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3 [ 404.157680][ T5810] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3 [ 404.362889][ T5810] bcachefs (loop0): clean shutdown complete, journal seq 4 [ 404.393799][ T5810] bcachefs (loop0): marking filesystem clean [ 404.635182][ T5810] bcachefs (loop0): shutdown complete [ 405.314613][ T195] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.627091][ T195] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.942224][ T195] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.228696][ T195] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.279558][ T7456] loop4: detected capacity change from 0 to 2048 [ 406.378927][ T7456] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 407.114895][ T195] bridge_slave_1: left allmulticast mode [ 407.122932][ T195] bridge_slave_1: left promiscuous mode [ 407.129839][ T195] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.258121][ T195] bridge_slave_0: left allmulticast mode [ 407.264973][ T195] bridge_slave_0: left promiscuous mode [ 407.272002][ T195] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.244021][ T195] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 408.333164][ T195] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 408.406864][ T195] bond0 (unregistering): Released all slaves [ 409.470771][ T195] hsr_slave_0: left promiscuous mode [ 409.511761][ T195] hsr_slave_1: left promiscuous mode [ 409.520927][ T195] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 409.528612][ T195] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 409.595919][ T195] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 409.604181][ T195] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 409.666716][ T195] veth1_macvtap: left promiscuous mode [ 409.677225][ T195] veth0_macvtap: left promiscuous mode [ 409.683392][ T195] veth1_vlan: left promiscuous mode [ 409.688995][ T195] veth0_vlan: left promiscuous mode [ 410.763494][ T49] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 410.776432][ T49] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 410.788709][ T49] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 410.915093][ T49] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 410.937458][ T49] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 411.376438][ T195] team0 (unregistering): Port device team_slave_1 removed [ 411.571407][ T195] team0 (unregistering): Port device team_slave_0 removed [ 413.103005][ T49] Bluetooth: hci1: command tx timeout [ 413.696846][ T195] IPVS: stop unused estimator thread 0... [ 415.161971][ T49] Bluetooth: hci1: command tx timeout [ 415.501215][ T7477] chnl_net:caif_netlink_parms(): no params data found [ 416.600897][ T24] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 416.801039][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 416.883687][ T24] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 416.893467][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.995764][ T24] usb 2-1: config 0 descriptor?? [ 417.242501][ T49] Bluetooth: hci1: command tx timeout [ 417.311595][ T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 417.337702][ T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 417.395459][ T7549] vlan2: entered promiscuous mode [ 417.399054][ T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 417.400968][ T7549] hsr0: entered promiscuous mode [ 417.408516][ T24] usb 2-1: media controller created [ 417.520809][ T7540] ===================================================== [ 417.528176][ T7540] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xcc/0x120 [ 417.535994][ T7540] _copy_to_user+0xcc/0x120 [ 417.541388][ T7540] i2cdev_ioctl_smbus+0x586/0x660 [ 417.546075][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 417.546816][ T7540] i2cdev_ioctl+0xa14/0xf40 [ 417.565011][ T7540] __se_sys_ioctl+0x23c/0x400 [ 417.571748][ T7540] __x64_sys_ioctl+0x97/0xe0 [ 417.576907][ T7540] x64_sys_call+0x1cbc/0x3e20 [ 417.582897][ T7540] do_syscall_64+0xd9/0x210 [ 417.588095][ T7540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.595080][ T7540] [ 417.597521][ T7540] Uninit was stored to memory at: [ 417.603529][ T7540] __i2c_smbus_xfer+0x254d/0x2f60 [ 417.608756][ T7540] i2c_smbus_xfer+0x31d/0x4d0 [ 417.614130][ T7540] i2cdev_ioctl_smbus+0x4a1/0x660 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 417.619395][ T7540] i2cdev_ioctl+0xa14/0xf40 [ 417.624606][ T7540] __se_sys_ioctl+0x23c/0x400 [ 417.629480][ T7540] __x64_sys_ioctl+0x97/0xe0 [ 417.634805][ T7540] x64_sys_call+0x1cbc/0x3e20 [ 417.639842][ T7540] do_syscall_64+0xd9/0x210 [ 417.645492][ T7540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.651807][ T7540] [ 417.654239][ T7540] Local variable msgbuf1.i created at: [ 417.663251][ T7540] __i2c_smbus_xfer+0x86a/0x2f60 [ 417.668774][ T7540] i2c_smbus_xfer+0x31d/0x4d0 [ 417.675006][ T7540] [ 417.677541][ T7540] Bytes 0-1 of 2 are uninitialized [ 417.683180][ T7540] Memory access of size 2 starts at ffff888026137d06 [ 417.690268][ T7540] Data copied to user address 0000200000000040 [ 417.696641][ T7540] [ 417.699115][ T7540] CPU: 0 UID: 0 PID: 7540 Comm: syz.1.512 Tainted: G W syzkaller #0 PREEMPT(none) [ 417.710763][ T7540] Tainted: [W]=WARN [ 417.714784][ T7540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 417.725242][ T7540] ===================================================== [ 417.733515][ T7540] Disabling lock debugging due to kernel taint [ 417.740162][ T7540] Kernel panic - not syncing: kmsan.panic set ... [ 417.746757][ T7540] CPU: 0 UID: 0 PID: 7540 Comm: syz.1.512 Tainted: G B W syzkaller #0 PREEMPT(none) [ 417.758305][ T7540] Tainted: [B]=BAD_PAGE, [W]=WARN [ 417.763941][ T7540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 417.774498][ T7540] Call Trace: [ 417.777988][ T7540] [ 417.781032][ T7540] __dump_stack+0x26/0x30 [ 417.785689][ T7540] dump_stack_lvl+0x53/0x270 [ 417.790545][ T7540] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 417.796782][ T7540] dump_stack+0x1e/0x25 [ 417.801185][ T7540] vpanic+0x361/0xc50 [ 417.805432][ T7540] panic+0x15d/0x160 [ 417.809792][ T7540] kmsan_report+0x31c/0x320 [ 417.814890][ T7540] ? kmsan_internal_check_memory+0x1e1/0x230 [ 417.821270][ T7540] ? kmsan_copy_to_user+0xf1/0x190 [ 417.826666][ T7540] ? _copy_to_user+0xcc/0x120 [ 417.831527][ T7540] ? i2cdev_ioctl_smbus+0x586/0x660 [ 417.837027][ T7540] ? i2cdev_ioctl+0xa14/0xf40 [ 417.841985][ T7540] ? __se_sys_ioctl+0x23c/0x400 [ 417.847108][ T7540] ? __x64_sys_ioctl+0x97/0xe0 [ 417.852230][ T7540] ? x64_sys_call+0x1cbc/0x3e20 [ 417.857445][ T7540] ? do_syscall_64+0xd9/0x210 [ 417.862602][ T7540] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.868976][ T7540] ? __pfx_az6027_i2c_xfer+0x10/0x10 [ 417.874685][ T7540] ? __i2c_transfer+0x11cd/0x3110 [ 417.880532][ T7540] ? kmsan_get_metadata+0xfb/0x160 [ 417.885852][ T7540] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 417.892468][ T7540] ? kmsan_get_metadata+0xfb/0x160 [ 417.897802][ T7540] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 417.904113][ T7540] ? __i2c_smbus_xfer+0x1e93/0x2f60 [ 417.909533][ T7540] ? kmsan_get_metadata+0xfb/0x160 [ 417.915028][ T7540] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 417.921188][ T7540] kmsan_internal_check_memory+0x1e1/0x230 [ 417.927494][ T7540] kmsan_copy_to_user+0xf1/0x190 [ 417.932668][ T7540] _copy_to_user+0xcc/0x120 [ 417.937405][ T7540] i2cdev_ioctl_smbus+0x586/0x660 [ 417.942767][ T7540] i2cdev_ioctl+0xa14/0xf40 [ 417.947483][ T7540] ? kmsan_report+0x2e4/0x320 [ 417.952372][ T7540] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 417.957893][ T7540] __se_sys_ioctl+0x23c/0x400 [ 417.962902][ T7540] __x64_sys_ioctl+0x97/0xe0 [ 417.967736][ T7540] x64_sys_call+0x1cbc/0x3e20 [ 417.972751][ T7540] do_syscall_64+0xd9/0x210 [ 417.977570][ T7540] ? irqentry_exit+0x16/0x60 [ 417.982394][ T7540] ? clear_bhb_loop+0x40/0x90 [ 417.987272][ T7540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.993458][ T7540] RIP: 0033:0x7fe9bfd8ebe9 [ 417.998273][ T7540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.018781][ T7540] RSP: 002b:00007fe9c0bf2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 418.027662][ T7540] RAX: ffffffffffffffda RBX: 00007fe9bffb5fa0 RCX: 00007fe9bfd8ebe9 [ 418.035790][ T7540] RDX: 0000200000000080 RSI: 0000000000000720 RDI: 0000000000000004 [ 418.044254][ T7540] RBP: 00007fe9bfe11e19 R08: 0000000000000000 R09: 0000000000000000 [ 418.052400][ T7540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 418.060525][ T7540] R13: 00007fe9bffb6038 R14: 00007fe9bffb5fa0 R15: 00007fffdd9cc138 [ 418.068868][ T7540] [ 418.072341][ T7540] Kernel Offset: disabled [ 418.076735][ T7540] Rebooting in 86400 seconds..