last executing test programs: 4m32.184911498s ago: executing program 2 (id=141): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0xffffffff, "ffbdbdc772022acd2c000000000800000000000000008000", 0xffffffffffffffff}) ioctl$SYNC_IOC_FILE_INFO(r1, 0x40103e05, &(0x7f0000000240)={""/32, 0x0, 0x0, 0xfd91, 0x0, 0x0}) 4m30.149161012s ago: executing program 2 (id=154): socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) mount$nfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)=ANY=[@ANYRES64=r0]) 4m29.759000119s ago: executing program 2 (id=157): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x3, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000140)="d800000018007b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000004000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5000000000000", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0) 4m29.188931622s ago: executing program 2 (id=161): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000640)='./file2\x00', 0x10050, &(0x7f00000000c0)={[{@errors_remount}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7}}]}, 0x3, 0x51e, &(0x7f0000000680)="$eJzs3dFrJHcdAPDvTLLX5C41qfqgBWuxlUvV2ySN1wYfqoLoU0Gt+HrGZBNCNtkj2bSXUGyKf4AgogVf9MkXwT9AkL74LkJB30VFkXrVB4X2RmZ29u6y2U1yuJuB5POBX3Z+M7Pz/f427G9/v51hJ4BL6+mImI2IsYh4LiKmy/VpWeKwU/L93rv7+kpeksiyV95NIinXdY/1WPl4rXzaRER882sR302Ox93dP9hcbjYbO2V9rr2VvJ9lBzc2tpbXG+uN7cXFhReWXly6uTQ/lHbORMRLX/nrj3/wi6++9JvPvfanW3+f/V6e1n+z7I3oaccwdZpeK16LrvGI2BlFsIqMFy3suFlxLgAAnCwf7384Ij5VjP+nY6wYzQEAAAAXSfbFqXg/icgAAACACyuNiKlI0np5ve9UpGm93rmG96NxNW22dtufXWvtba/m2yJmopaubTQb8+W1AzNRS/L6QnmNbbf+fE99MSKeiIgfTU8W9fpKq7la9ZcfAAAAcElc65n//3u6M/8vHFacHAAAADA8M1UnAAAAAIyc+T8AAABcfOb/AAAAcKF9/eWX85J173+9+ur+3mbr1Rurjd3N+tbeSn2ltXO7vt5qrRe/2bd12vGardbtz8f23p25dmO3Pbe7f3Brq7W33b61ceQW2AAAAMA5euKTb/8xiYjDL0wWJXel3FaLyMYe3nm8igyBUUkfZee/jC4P4Pw9/Pk+WWEewPkzpIfLq1Z1AkDlklO2D7x453fDzwUAABiN6x8ffP7/3bVKUwNGrDz/n5w2/wcunrGqEwAq0zn/dy/rqDob4DzVThoBmBTAhZcO5/z/KZcSJjoUAACo2FRRkrRezgOmIk3r9YjHi9sC1JK1jWZjPiI+FBF/mK49ltcXimcmRvMAAAAAAAAAAAAAAAAAAAAAAAAAcEZZlkQGAAAAXGgR6d+6d+a6Pv3sVO/3A1eS/0wXjxHx2k9f+cmd5XZ7ZyFf/8/769tvleufr+IbDAAAAKBXd57enccDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDC9d/f1lW45z7j/+HJEzPSLPx4TxeNE1CLi6r+SGH/oeUlEjA0h/uGbEfGxfvGTPK2YKbM4Ev9KRBoRk8OK3/f1PyF+dOJfG0J8uMzezvufL/V7/6XxdPHY//03Xpb/1+D+L73f/40N6P8eH3TQ2tHqk+/8am5g/Dcjnhzv3/904yf58frEf+aMbfzOtw4OBm3Lfh5xvV//lxyNNdfeuj23u39wY2Nreb2x3theXFx4YenFpZtL83NrG81G+bdvjB9+4tf3HtQ+ONb+qyf0v0X7B7z+z56x/R+8c+fuRzqLPf+ZqMXPsmz2mf7//8JnjsfvfvZ9utwrr+evYfrWt/vGf+qXv39qUG55+1cHtH/ilPbPnrH9z33j+38+464AwDnY3T/YXG42GzsWLDzCQj7urDyNJJI4vmm5+sQ6C2+U77HlZvfdNqQj/7acHI0y+Yr6IwAAYHQeDPp7tyTVJAQAAAAAAAAAAAAAAAAAAACX0Kk/AzZoUxoRZ/w5sd6Yh9U0FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgRP8LAAD//0mN1e4=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000001c0)='./file0\x00') lstat(&(0x7f0000000040)='./file2\x00', 0x0) 4m28.186148476s ago: executing program 2 (id=168): syz_mount_image$hfs(&(0x7f0000000000), &(0x7f0000000100)='./file1\x00', 0x1200001, &(0x7f0000000080)={[{@gid}, {@codepage={'codepage', 0x3d, 'cp850'}}, {}, {@iocharset={'iocharset', 0x3d, 'cp869'}}]}, 0x2, 0x33c, &(0x7f0000001f80)="$eJzs3U9PE0EYBvBndrtlKwRXwJB4MiiJJwJ40HiRGOLFL+DBEBFKQlgxUUyUxIiejfFmYuLRm2ejX0Evxi+gJw7Gk16IB9fMu7PtbNndllJYGp5fYt125887nZ3tDKQMiOjYujb//d3Fbf1PeQBcAFcAB4APVACcxrj/cH2jbUFu40ghzql2pVlar2dl9WFyGIF+VsGQ/RodjCiKoh9tU/0+lFioPMoewRYHGDCjU877hx7ZwdiK23W8WD2sdrCDRxguMxwiIiqf+fx3zKfEkJm/Ow4waebh/f75n5rf7JQXx5HQ+Px34ueR0u/PSTml13urG2F9OV7C6d53klViVlmZ10TUfLuriK8sd9Caclm1ZJNYnNrKalif2pICnuOqYSUbk8dlJA0RedFW41QTGWvTAkVtLzYobfB0G2Zz4h8tqjFzAfzpJ15nV7fwpYOY1Gf1VS2oAG+w3Jj/VSKlu0l6KmgZKnH80/klSiuDOFWqlc3wT0klZ0wN+Pi+2cpa3vvqw9WxZNGlqNb5e5DE+aqanwsjSP9YIW7dTH7rJNcoUFGyarBzzTYS/c3MNdZaV23FC+tTS/fCvIu+tzJXdOqluqkm8AsfMG/N/x2dehL5IzM1ypWkNFdGYXsqkjKnH1NkaN7d08gkcT09XjvK8wJ3cBnDDx5vri2GYf1++QfJUOky+9kexxNfiOZy1K/o/6008PWBB6Bnlf6LoijzVAWH0QWeNPXS22aTN9cWlbnn7a8KfedsOTWXnxjAHADzSnJH6Kb2p41cA80C2+QKpK4/urflldQF6SUHSVRyKrl0D6Z3kqpSp1wMdDRSal1UeuPJ2mLY1Z2I+kyz0zF+q+xgqAx6vqDi9Z+1XpmWu45+CArWP176aW1XAqvEmZwV0Ig8nuhsBdcoNneeOJgctFlznbsAnG+p0UFS47PWYgMTJ47ibyX3/qsMNY9vuM2f/xMRERERERERERERERERERERERER9Zu9fhuhm68TpGvcPoZ/eIOIiIiIiIiIiIiIiIiIiIiIiIiIiIiIaH+s/X8BV3aMqWbt/1u0U5Nw4x1i/F7s/+t2sP+v2urnvciIjoT/AQAA//8TP1iR") mount(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x2012024, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) rename(&(0x7f0000001800)='./file0\x00', &(0x7f0000001080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 4m27.485062608s ago: executing program 2 (id=172): keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) keyctl$read(0xb, r0, &(0x7f0000000240)=""/112, 0x349b7f55) 4m25.784089471s ago: executing program 32 (id=172): keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) keyctl$read(0xb, r0, &(0x7f0000000240)=""/112, 0x349b7f55) 3m59.491309733s ago: executing program 0 (id=284): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000002200f30c0000000000feff00760000000f00001e37000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x18) r1 = io_uring_setup(0x6b3, &(0x7f0000000000)={0x0, 0xf324, 0x100, 0xfffffefe, 0xb9}) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r1, 0x13, &(0x7f00000000c0)=[0x80000001, 0x7], 0x2) 3m59.005162743s ago: executing program 0 (id=289): r0 = syz_io_uring_setup(0x45b4, &(0x7f00000035c0)={0x0, 0xfffffffc, 0x10100, 0x3}, &(0x7f0000000140)=0x0, &(0x7f0000000040)=0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000300)=@hci={0x1f, 0xfffe}}) io_uring_enter(r0, 0x291c, 0x0, 0x0, 0x0, 0x0) 3m58.420863273s ago: executing program 0 (id=294): r0 = syz_usb_connect$uac1(0x2, 0xa5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902930003010000000904000000010100000a240100000002010213240600000600000000000000dfff000000000924030000000000000924050000f8431cfd09240300000300040206240504"], 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, 0x0, &(0x7f00000002c0)={0x0, 0x3, 0x4, @lang_id={0xfffffffffffffeb7, 0x3, 0x40d}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000300)={0x2c, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1809}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f00000009c0)={0x2c, 0x0, &(0x7f0000000880)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0) 3m55.871828521s ago: executing program 0 (id=306): syz_mount_image$ext4(&(0x7f0000002080)='ext4\x00', &(0x7f0000000400)='./file0\x00', 0x400, &(0x7f00000020c0), 0x0, 0x548, &(0x7f0000000cc0)="$eJzs3c9vI1cdAPDvTH42TZst9AAVsAsUFrRae+OlUdVLuxcQqiohKg6IwzYkThRixyF2ShMikf4NIIHECf4EDkgckHriwI0jN4RUDkgLRKANEhVGHk+yadbeeDeOTePPR5qdHy953/fsnXnPb+J5AYysaxGxHxGTEfFWRMzlx5N8idfaS+vn7h/sLR0e7C3Ff5vNN/+eZOmtY0d5NfP103me0xHxza9FfDd5OG59Z3d9sVIpb+X7xUZ1s1jf2b25Vl1cLa+WN0qlhfmFWy/ffqnUt7perf7q3lfXXv/Wb3/z6ff/sP/lH7aKNZunnaxHP7WrPnEcp2U8Il6/iGBDMJavJ4dcDp5MGhEfi4jPZef/XIxl/zsBgMus2ZyL5tzJfQDgskuzMbAkLeRjAbORpoVCewzv+ZhJK7V648ZKbXtjuT1WdiUm0qm8r/D97N+JZGWtUp7P0rL0bL90av92RDwXET+ZeirbLyzVKsvD6fIAwMh7+lT7/6+pdvvfgw539QCAj4zpYRcAABg47T8AjB7tPwCMnh7a//xm//6FlwUAGAyf/wFg9Gj/AWD0aP8BYKR84403WkvzMH/+9fLbO9vrtbdvLpfr64Xq9lJhqba1WVit1VazZ/ZUz8qvUqttjkfEO8VGud4o1nd271Zr2xuNu9lzve+WJwZSKwDgUZ67+t4fk4jYf+WpbAlzOcDISIddAGBoxoZdAGBozPYFo6v38fjfX2g5gOHp+DDv6Y6bHx40+NljBPF3RvB/5fonu4//n+4buC8Al4vxfxhdTzb+/2rfywEMXqfxf/18GA3NZnI05/9kPv3/5HESAHApneP7eM0f9asTAgzVWZN5d711/zj3/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCSmY2I70WSFvK5wGcjTQuFiGci4kpMJCtrlfKtiHg2rkbExNTK2rBLDACcX/rXJJ//6/rci7OnUyeTf09FPif4D37+5k/fWWw0tuZbx/9xfHzqaPqw0oPfO8e8ggBAn2Xtdylfzz84fv9gb+loGWR57t2JD/KpiJcOD/aypZ0yHuPZejrrS8z8M8n323ORvhARY32Iv/9uRHziuP7JB81mHj/Jxkau5DOfnowfeexn+h1/5uTrfzp++qH4aZbWXrc6Xx8/lW/ah7LBZffenYh4rdP1L41r2brz+T+dXaHO796ddmZH177DE/GPrn9jHeK3zvlrvcb4yu++/tDB5lw77d2IF8Y7xU+O4ydd4r/YY/w/feozP361S1rzFxHXo3P8k7GKjepmsb6ze3OturhaXi1vlEoL8wu3Xr79UqmYjVEXj0aqH/a3V248261srfrPdIk/3bH+k8e/+4Ue6//L/7z1nc8+Iv6XPt/5/X++Y/y2Vpv4xR7jL878uuv03a34y13qf9b7f6PH+O//ZXe5xx8FAAagvrO7vliplLfOtdH6tNmPfLKNyRNHWkXsSwl73PhzDC7WmRsT/XxVB7oxftxX7G/O327lOODqpH2vxbk27g8q1nCvS8DFe3DSD7skAAAAAAAAAAAAAABAN4P46tKw6wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDl9b8AAAD//zGbxOs=") r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x24000, 0x0) 3m54.801344109s ago: executing program 0 (id=312): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000004880)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000040)="18", 0x1}], 0x1}}, {{&(0x7f0000000240)={0xa, 0x4e22, 0xb, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}, 0x1c, &(0x7f0000000f80)=[{&(0x7f0000000e80)="a7", 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000100), &(0x7f0000000200)=0x8) 3m54.139898776s ago: executing program 0 (id=316): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000003a40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="300000000000000029000000370000005e02000000000000c910ff01000000000000000000000000000100000000000024"], 0x58}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000003bc0)=ANY=[], 0x98}}], 0x2, 0x4008081) 3m52.105512047s ago: executing program 33 (id=316): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000003a40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="300000000000000029000000370000005e02000000000000c910ff01000000000000000000000000000100000000000024"], 0x58}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000003bc0)=ANY=[], 0x98}}], 0x2, 0x4008081) 1m20.985126543s ago: executing program 6 (id=1086): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000010000b7080000000000007b8af8ff00000000b7080000000000107b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r1, @ANYBLOB="0000000002000000b705000008000000850000005d00000095"], &(0x7f00000001c0)='GPL\x00', 0x5, 0xff6, &(0x7f0000001e00)=""/4086, 0x0, 0xa, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1m20.284531659s ago: executing program 6 (id=1091): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000010c0)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x4}, @NL80211_ATTR_SCAN_SUPP_RATES={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4048001}, 0x0) 1m19.729128867s ago: executing program 6 (id=1094): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000007c0)='children\x00') read$FUSE(r0, &(0x7f0000000800)={0x2020}, 0x2020) 1m18.709298228s ago: executing program 6 (id=1101): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x80, &(0x7f0000000140)={[{@type={'type', 0x3d, '\vGgO'}}, {@nobarrier}, {@barrier}, {@part}, {@nodecompose}, {@gid}, {@nls={'nls', 0x3d, 'koi8-r'}}]}, 0x40, 0x700, &(0x7f0000000640)="$eJzs3U1sHGcZAOB3dtcbbyq52zZpC0KK1YgIGkjsLCVBQiJUCPlQoUhcel0Sp7G8diPbRU6EiAsUjnBCOfRQhMyhJ9QDUhEHRDkjIXFFuUfiHnFg0czOrPfHXu82sZ26zyON55uZ7+ed1zOfd2cTbQCfWwtvxtRWJLFw/o3NdPvBdqP1YLuxUpQj4kRElCIqnVUkqxHJJxFXo7PEF9KdeXfJXuO89vDj98/d/7DR2arkS1a/NKrdjvaIEbbyJWYjopyvJ1TZq7/r8fpQf/cm6jrpxp0m7GyRODhq7SFbkzQf474Fnnb3IspTu+yvR5yMiOn8dUDks0PpkMN74iaa5QAAAODpVN6vwrOP4lFsxszhhAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHQ9L5zsAkX0pFeTaS4vv/q/m+VLV6xPGO9rV9jr9385ACAQAAAAAAAIAD8VH+wf2ZR/EoNmOm2N9Oss/8X8k2TmU/n4l3Yj0WYy0uxGY0YyM2Yi3mI6ZmejqsbjY3Ntbmh1v+NtKW7Xb7Xt7yUkTUh1peOoSTBgAAAAAAAIDj62exEDNHHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPRKIsqdVbacKsr1KFUiYjoiqmm9rYi/FOXPsr8edQAAAABw8Gr5eib5X6fQTrL3/C9m7/un451YjY1Yio1oxWLcyJ4FdN71l/651Wg92G6spMtwx9/9z0RxZD1GRDne3WPkuazG6W6Lhfh+/DDOx2xci7VYih9HMzZiMWajlp5ENCOJeq3z9KJexLl7vFf7tq4NxnZmYPvlLJJa3IylLLYLcb0anccm2TmkY77cM9qfqhEDI76bZif5Tm7MHN3o+X39Jn8uk2s/O2YfB6OenflUNyNzae7zbDw3OvcTXieDI81HqfsM6tTOKOnm4EhFzn80Sc5P5us017/sz/mTNuGjtMFMXIpSfvVFvNif89tfvv98f+Ov/utv126VVpdv3Vw/f4Cn9Dhm96swVRQGM9HoycRLo6++PBOtNBNb42dianDH9LgtD1Y1z0Y2FY05W34vKzXjlZ5L8O24EYtxOeZiPq7EXHwrLkWje4Wly+m+vFYaK/05ye610vD8VhsR/Nmv9FT61T6VD1eal+d68to709WzY/meq7+OuZ6r7/nRV9/EfwXS8b+Yl9Mxft79i/M06MtEPjcX0b0wOhO/a6c/11ury2u3mrfHHO9cvk5v2/f65+bfjx/14F/3JyG9XtIZt5JtZTmpFddLeuyFbrT9+armn7h02pWGjp3uHqvHTCzFD/a8U6v5a7jhnjrHXuo99u+dmbOav74pjvW9yom3o5W9Chmw71QNwCE7+erJau1h7R+1D2q/qN2qvTH9+okrJ75Ujam/V/5c/mPpD6VvJ6/GB/HTmDnqSAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DhYv3N3udlqLa51CzHds6ddjlgbrjNZobrnWKMLUdq3zvYz43UY9YjRYyV5ofo4Z3o8CrVIC5X8t9ZaXCu+Yelxe/4oIkbUqT528MnE19jEhTQPT6TD4ovTsj3t8gTNK0Wr3etUYn06lptJZZc77sTOXRD15Wbrv+2+5rXouWWAY+7ixsrti+t37n59aaX51uJbi6uXrly+crnxzflvXLy51Fqc6/w86iiBg7B+5275qGMAAAAAAAAAAAAAJpP/6/+NT/2fGSr71Kmure8+8pnDPlUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgM2rhzZjaiiTm5y7MpdsPthutdCnKOzUrEVGKiOQnEcknEVejs0S9p7tkr3Fee/jx++fuf9jY6atS1C+NajeerXyJ2Ygo5+v9ndilm+H+rvf0t/Wpwku6Z5gm7GyRODhq/w8AAP///YHw7Q==") mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 1m17.929345258s ago: executing program 6 (id=1104): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000004d80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@rights={{0x1c, 0x1, 0x1, [r1, r0, r2]}}], 0x20, 0x84}}], 0x1, 0x4000) 1m17.169172354s ago: executing program 6 (id=1109): r0 = syz_io_uring_setup(0x4e3, &(0x7f0000000480)={0x0, 0x938c, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) r3 = syz_open_dev$ttys(0xc, 0x2, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x708, 0x41e3, 0x0, 0x0, 0x0) 1m15.258060163s ago: executing program 34 (id=1109): r0 = syz_io_uring_setup(0x4e3, &(0x7f0000000480)={0x0, 0x938c, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) r3 = syz_open_dev$ttys(0xc, 0x2, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x708, 0x41e3, 0x0, 0x0, 0x0) 31.062440129s ago: executing program 3 (id=1378): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MESH_SETUP={0x8, 0x70, [@NL80211_MESH_SETUP_USERSPACE_AMPE={0x4}]}]}, 0x38}}, 0x0) 30.422093121s ago: executing program 3 (id=1382): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000640)={0x1, &(0x7f0000000680)=[{0x6, 0x0, 0x0, 0x2}]}, 0x10) close(r0) 29.884741551s ago: executing program 3 (id=1386): timer_create(0x7, 0x0, &(0x7f00000007c0)=0x0) clock_gettime(0x0, &(0x7f0000000800)={0x0, 0x0}) timer_settime(r0, 0x1, &(0x7f0000000840)={{r1, r2+10000000}, {0x0, 0x989680}}, 0x0) rt_sigaction(0x31, &(0x7f0000000940)={0x0, 0x40000000, 0x0, {[0x40]}}, 0x0, 0x8, &(0x7f0000000380)) 29.467518941s ago: executing program 3 (id=1389): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x0, &(0x7f0000000540), 0x1, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) lsetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@known='trusted.overlay.impure\x00', &(0x7f0000000140)='\x00', 0x1, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) 28.350135319s ago: executing program 3 (id=1395): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x306) close(r0) 25.692764247s ago: executing program 3 (id=1402): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0) io_setup(0xa, &(0x7f0000000000)=0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 22.82303728s ago: executing program 35 (id=1402): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0) io_setup(0xa, &(0x7f0000000000)=0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 6.449711981s ago: executing program 5 (id=1472): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) pipe2$watch_queue(&(0x7f0000000000), 0x80) 3.64264753s ago: executing program 5 (id=1487): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@dev={0xfe, 0x80, '\x00', 0x39}, 0x39, 0x1, 0xff, 0x1, 0x2, 0x9}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(r0, 0x8b32, &(0x7f0000000040)) 3.49094586s ago: executing program 1 (id=1488): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000480)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)={0x1c, r1, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x4000) 3.269254794s ago: executing program 5 (id=1489): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18) r1 = socket$caif_stream(0x25, 0x1, 0x0) sendmmsg$inet(r1, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="92", 0x1}], 0x1}}], 0x2, 0x0) 3.266456026s ago: executing program 7 (id=1490): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000004000000000000008100d00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10) process_mrelease(0xffffffffffffffff, 0x0) 2.829754642s ago: executing program 7 (id=1491): openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x101282, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x6000, 0x0) r0 = open(&(0x7f0000000040)='./file2\x00', 0x81, 0x0) ioctl$BTRFS_IOC_DEFRAG(r0, 0x4c06, 0x3) 2.829576799s ago: executing program 1 (id=1492): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7}) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x100000001, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000400)={0x7, 0x7, 0x2, {0x1, @vbi={0x8, 0xfffffff8, 0x9, 0x20363159, [0x7, 0xef], [0xe, 0x5], 0x2}}, 0x3}) 2.670809396s ago: executing program 5 (id=1493): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0xfff, 0xcf6, 0x59455247, 0x2, 0xfffffffe, 0x0, 0xa, 0x1, 0x0, 0x2}}) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1) 2.620192965s ago: executing program 4 (id=1494): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x86dd, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x38, 0x54, 0x1e5, 0x70bd29, 0xfffffffe, {0x7, r2}, [@MDBA_SET_ENTRY={0x20, 0x1, {r2, 0x1, 0x0, 0x2, {@ip4=@broadcast}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x51dcb31a43476434) 2.381569209s ago: executing program 7 (id=1495): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x7, @empty}, @ib={0x1b, 0x0, 0x0, {"7d0300"}, 0x0, 0x0, 0x6}}}, 0x118) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r1, 0x9}}, 0x10) 2.281467897s ago: executing program 1 (id=1496): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000280), r1) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x30, r2, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}, @IEEE802154_ATTR_LLSEC_ENABLED={0x5, 0x29, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000004}, 0x20000004) 1.996836865s ago: executing program 4 (id=1497): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1}) 1.951536529s ago: executing program 7 (id=1498): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="8800000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1414bb0c0002800500010000000000080007400000000024000e8014000180080001000a01010208000200"], 0x88}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 1.707726573s ago: executing program 1 (id=1499): ioperm(0x2003, 0x1, 0x400) syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0) landlock_create_ruleset(0x0, 0x0, 0x0) ioperm(0x2, 0xe120, 0x0) 1.47614302s ago: executing program 4 (id=1500): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000300)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_freezer_state(r1, &(0x7f0000000200)='THAWED\x00', 0x7) 1.268849971s ago: executing program 7 (id=1501): socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0xfffffffe}) r0 = socket$rxrpc(0x21, 0x2, 0xa) ioctl(r0, 0x8b21, &(0x7f0000000040)) 1.07931487s ago: executing program 1 (id=1502): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000001080)='X', 0x1, 0x4048800, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000000080)=""/4065, &(0x7f0000001200)=0xfe1) 1.050088285s ago: executing program 4 (id=1503): syz_open_procfs$pagemap(0x0, &(0x7f0000000140)) r0 = socket$inet_dccp(0x2, 0x6, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) getsockopt$inet_int(r0, 0x10d, 0x11, 0x0, &(0x7f0000000140)) 1.013926971s ago: executing program 8 (id=1406): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000003c0)={0x0, 0xfff, 0x3}) 800.782954ms ago: executing program 7 (id=1504): r0 = syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./file0\x00', 0x10, &(0x7f0000000c00)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000100c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e0500001e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b100000000000000001be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b866aa339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f6688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba0", @ANYRESHEX=0x0], 0x0, 0x11e2, &(0x7f0000002480)="$eJzs3MFrHFUcB/BfYm1rarNRa7UF8aEXvQzdHLzoZZEUpAtK2xVaQZiaWV123A2ZJbAiVk9e/TvEozdBvOklF/8Gb7l4zCE44m5iElkPQZOF8Plc5gfvfee9x8DADPNm561vPu13q6ybj2JxYSEWNyLSbooUi3Hgy3j9zZ9/eeneg4d3Wu322t2UbrfuN99IKS2//OMHn3/3yk+jK+9/v/zDpdhe+XDn99Xftq9v39j54/4nvSr1qjQYjlKeHg2Ho/xRWaT1XtXPUnqvLPKqSL1BVWwea++Ww42NccoH6wsRUVRVygfj1C/GaTRMo81xyj/Oe4OUZVm6uhT8F51vd+u6jqjrJ+Ni1HVdPxVLcSWejquxHI1YiWfi2XgursXzcT1eiBfjxqTXvOcNAAAAAAAAAAAAAAAAAAAA54v9/wAAAAAAAAAAAAAAAAAAADB/9x48vNNqt9fupnQ5ovx6q7PVmR6n7a1u9KKMIm5FI/Zisvt/alrffqe9ditNrMRX5eP9/OOtzhPH883J7wRm5pvTfDqevxRLR/Or0Yhrs/OrM/OX47VXj+SzaMSvH8UwyliPv7KH+S+aKb39bvsf+ZuTfgAAAHAeZOlvM5/fs+zf2qf5E7wfqPaH3M9fiJsX5rdupqrxZ/28LIvNUysuxqkPoVAoDoq9uq7/h/PM+87EWTi86POeCQAAAAAAAAAAACdxFp8lznuNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzJDhwLAAAAAAjzt06jYwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//9N2dOT") fchdir(r0) chdir(&(0x7f0000000240)='./file0\x00') rmdir(&(0x7f0000000080)='./file0\x00') 666.253275ms ago: executing program 5 (id=1505): syz_open_dev$media(&(0x7f00000006c0), 0x2, 0x40b02) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 591.836246ms ago: executing program 4 (id=1506): syz_mount_image$bfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x4, &(0x7f0000000000)=ANY=[@ANYRES16, @ANYRESDEC=0x0, @ANYRESHEX, @ANYRES32=0x0], 0x8, 0xad, &(0x7f0000000040)="$eJzs0btpA0EUBdC7H/xJ7ALcg3tw6twVbOjQkY3BjlSGOlArKmE7ULCpkhHLrkChEAhJcA7MzA3mwYW33q5e8pSUv6SUUu6SPGbKX98/nx/v490kyTJt7jPZv9y4ej4P486fp7x5y+L/4E8//HZ9la4fyuyChQEAgJPVeZ1TdfxQm6Q5VyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA67ILAAD//1vZIlc=") r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000dc0)='\\$#[\\/\x00\xd5\xd4^\xa7\xe4\xd4\x1f\x17yh\x18\xb8s\xe6\f\xaf*4\xe1\xa1e\x04%f\x8f\xde\x91\x04\xbb\xc8\x17\x15\xa4\xf0\x00\x15w\x00\x00\xde\n\xbe\x91\xc4\xc5\xe6\xd3o\xaau\xf34\t\x9d\x80rg\xbc\xee\x96p\x18\x9e(h\xeb\xd9\xde\xa6\xfc\x8e\xe3,\xae\xa8\xf0\x82y\x91\x1c{\x85 \xc7P\xa3\x9c\x06\xc1\xd3\x92\xcd\xcc\x17\xb2}\x13:\xbbh\"%;\b\x7f\x91\x8a\xa5Z\x92~<\xfe3\x19\xdcVJ\f\xd1\x89d\xf9N\xbd\x92\x86\xa2\xa8\xc0:\x1f\n\xc9\x8eUO\x8e\xea\x99\xe1\xbe%Y\x9eH#\xa4\x9d5\xa88m6\x89kE\xce\xc3\aBW\xec_\xea_\x81\xbe\x86~\x84F\xa9\xcd\xba\xfb\xd8\x8f\x01\x81~\x9c#\r\x87\xcf\x19\xb9\xbd \xcb\xff\x88io\xb0\xb1\xa0B\x8cI\x82+\xc4\xcf\xf4!+\x16v\xb6\x8a\xb7k}\x1d\xf2\x1c\x00\x8f\xd7\x84R\x12\xed){SM[\xe6g6\xfeF\x1dJ\x83\x1b\xbf\xf8_OORH\x0e\x0fc\xdc\xe8\xcf\xb3\x97J\x92\x93\xfe\b\xdd\bE\xcb\xedo\x9c\x959\xb6\xda\a\xa2%\xc1\xfa\xe5W\xad\xa5\xd1\xee\x00uP\xac\x9a\xcd\xd4|\xc1\x90\xbbqS\x96\x13B8 N\xa6F\"5\xd4\xc9Fu\xb8\x8c5\x05j\xf3\xa0k,\xf3\x0e*Q\x91Q\x9e5+m/\xa1\r_u\xe78\x06RS\x8b\xe3\x99\x99>\xa3q=0}_\xf0?\xb0\xa1\xda\x00\x00\x00\x00\x00\x00', &(0x7f0000000cc0)='\xbd\x10\xe2\n\xc4\xa8\xa8?\a\x9e@O<\xf4s\x85~X\x85\xdc\x11\x04a\xf8\xa6f\x96nB\x02\x10+C$\f\xb3\xcc\xed\"M\xb6 V\xc5\x9a\x11o^\xda\xc8\xf2\f\xca(\xc3V\xfe+R\x80\x1c\xf7&v\x06\x1a\xc9vU]\xc7\xa1\xba\x00\xe5\xa6Z\xfc2\xfam\x926<\xc6\xc6\x84\r\x18*\x0f\xaej\xfcg\x1c\xdd[`\vVN\xec7a\\d\xa6\xdbpP\x11\x86I\x85)\x04\x11\xc5\xde\xfe\xc3\x19\x8f\x0f\x87Y\x8d\xbb\xa6\xdcMf\x93\x8cz1\x83J?\xc0\xa0\xb1\xe89\\@\xb6\xc8\x85\x85h\xbfN\x05\xed\xe1\xbb~nb\xbf\xf1\xde\xb6\xfc<\x82*A\xd9d\x17\x00\x00\x00\x00', 0x0) 455.499699ms ago: executing program 8 (id=1507): r0 = epoll_create1(0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/cpuinfo\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0xd}, 0x0, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0x9}) 316.397205ms ago: executing program 1 (id=1508): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x881, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) pwritev2(r1, &(0x7f0000000100)=[{&(0x7f0000003440)="ff", 0x1}], 0x1, 0x22bd, 0x0, 0x2) sendfile(r0, r1, 0x0, 0x20000000000) 127.881501ms ago: executing program 5 (id=1509): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=""/5, 0x5}, 0x56c2}], 0x1, 0x10002, 0x0) 0s ago: executing program 4 (id=1510): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000000580)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0xc}, 0x5}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000340)="f2", 0x1}], 0x1}}, {{&(0x7f0000000180)={0xa, 0x4e24, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}, 0x1c, &(0x7f0000000400)=[{&(0x7f00000001c0)="17", 0x1}], 0x1}}], 0x2, 0x44040) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000200)={0x0, 0x5, 0xff}, 0x8) kernel console output (not intermixed with test programs): a256 (sha256-generic) checksum algorithm [ 377.756271][ T7302] BTRFS info (device loop4): using free-space-tree [ 377.821254][ T5889] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 378.090881][ T5889] usb 6-1: Using ep0 maxpacket: 32 [ 378.120583][ T5889] usb 6-1: config 2 has an invalid interface number: 66 but max is 0 [ 378.129245][ T5889] usb 6-1: config 2 has no interface number 0 [ 378.135579][ T5889] usb 6-1: config 2 interface 66 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7 [ 378.244509][ T5796] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 378.245500][ T5889] usb 6-1: New USB device found, idVendor=046d, idProduct=08c6, bcdDevice= b.5d [ 378.269499][ T5889] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 378.277784][ T5889] usb 6-1: Product: syz [ 378.284041][ T5889] usb 6-1: Manufacturer: syz [ 378.289068][ T5889] usb 6-1: SerialNumber: syz [ 378.346295][ T5889] usb 6-1: Found UVC 0.00 device syz (046d:08c6) [ 378.353345][ T5889] usb 6-1: No valid video chain found. [ 378.630562][ T5889] usb 6-1: USB disconnect, device number 3 [ 378.826191][ T7332] loop6: detected capacity change from 0 to 164 [ 378.857458][ T7336] loop3: detected capacity change from 0 to 512 [ 378.906369][ T7336] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 378.924195][ T7332] rock: directory entry would overflow storage [ 378.930943][ T7332] rock: sig=0x4f50, size=4, remaining=3 [ 378.936718][ T7332] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 379.044128][ T7336] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.497: invalid indirect mapped block 4294967295 (level 0) [ 379.128837][ T7336] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.497: invalid indirect mapped block 4294967295 (level 1) [ 379.205907][ T7336] EXT4-fs (loop3): 1 orphan inode deleted [ 379.212134][ T7336] EXT4-fs (loop3): 1 truncate cleaned up [ 379.220255][ T7336] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 379.624803][ T5797] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 380.564790][ T7344] loop1: detected capacity change from 0 to 32768 [ 380.904697][ T7344] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0 [ 380.956376][ T7344] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 380.956376][ T7344] allowing incompatible features above 0.0: (unknown version) [ 380.986336][ T7344] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 380.995781][ T7344] bcachefs (loop1): Version upgrade required: [ 380.995781][ T7344] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 380.995781][ T7344] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags [ 380.995781][ T7344] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 381.073172][ T7344] bcachefs (loop1): dropping and reconstructing all alloc info [ 381.102036][ T7353] loop5: detected capacity change from 0 to 32768 [ 381.226684][ T7344] bcachefs (loop1): accounting_read... [ 381.248880][ T7353] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0 [ 381.266143][ T7353] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 381.276099][ T7353] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 381.289892][ T7344] done [ 381.292861][ T7344] bcachefs (loop1): alloc_read... done [ 381.299078][ T7344] bcachefs (loop1): snapshots_read... done [ 381.307634][ T7344] bcachefs (loop1): done starting filesystem [ 381.581399][ T5805] bcachefs (loop1): shutting down [ 381.813132][ T7353] bcachefs: bch2_fs_get_tree() error: EINVAL [ 381.923934][ T5805] bcachefs (loop1): shutdown complete [ 383.337153][ T7387] loop4: detected capacity change from 0 to 1024 [ 383.352741][ T7388] netlink: 4 bytes leftover after parsing attributes in process `syz.6.512'. [ 383.378419][ T5889] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 383.599803][ T5889] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 383.608754][ T5889] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 383.617893][ T5889] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 383.628868][ T5889] usb 4-1: config 220 has no interface number 2 [ 383.635455][ T5889] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 383.649331][ T5889] usb 4-1: config 220 interface 0 has no altsetting 0 [ 383.656380][ T5889] usb 4-1: config 220 interface 76 has no altsetting 0 [ 383.663730][ T5889] usb 4-1: config 220 interface 1 has no altsetting 0 [ 383.808727][ T5889] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 383.818415][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.826698][ T5889] usb 4-1: Product: syz [ 383.831336][ T5889] usb 4-1: Manufacturer: syz [ 383.836218][ T5889] usb 4-1: SerialNumber: syz [ 384.171441][ T5889] uvcvideo 4-1:220.1: Unknown video format 05090800-0381-0200-5805-7f0904010000 [ 384.181170][ T5889] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 384.187828][ T5889] usb 4-1: No valid video chain found. [ 384.193906][ T5889] usb 4-1: selecting invalid altsetting 0 [ 384.344529][ T5889] usb 4-1: selecting invalid altsetting 0 [ 384.351393][ T5889] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 384.440169][ T5889] usb 4-1: USB disconnect, device number 5 [ 385.613583][ T7407] loop5: detected capacity change from 0 to 64 [ 386.116746][ T7411] loop4: detected capacity change from 0 to 1024 [ 386.170922][ T7415] netlink: 36 bytes leftover after parsing attributes in process `syz.1.505'. [ 387.157359][ T7417] loop5: detected capacity change from 0 to 32768 [ 387.242190][ T7417] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 387.490285][ T7417] XFS (loop5): Ending clean mount [ 387.505220][ T7417] XFS (loop5): Quotacheck needed: Please wait. [ 387.572931][ T7417] XFS (loop5): Quotacheck: Done. [ 387.595937][ T7417] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 388.463323][ T7441] loop1: detected capacity change from 0 to 2048 [ 388.518240][ T7440] loop4: detected capacity change from 0 to 2048 [ 388.591704][ T7441] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 388.666061][ T7447] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 388.692178][ T7441] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 389.298926][ T7453] loop5: detected capacity change from 0 to 256 [ 389.683962][ T7453] FAT-fs (loop5): Directory bread(block 64) failed [ 389.691299][ T7453] FAT-fs (loop5): Directory bread(block 65) failed [ 389.698604][ T7453] FAT-fs (loop5): Directory bread(block 66) failed [ 389.705415][ T7453] FAT-fs (loop5): Directory bread(block 67) failed [ 389.712565][ T7453] FAT-fs (loop5): Directory bread(block 68) failed [ 389.719527][ T7453] FAT-fs (loop5): Directory bread(block 69) failed [ 389.726414][ T7453] FAT-fs (loop5): Directory bread(block 70) failed [ 389.737272][ T7453] FAT-fs (loop5): Directory bread(block 71) failed [ 389.745566][ T7453] FAT-fs (loop5): Directory bread(block 72) failed [ 389.752561][ T7453] FAT-fs (loop5): Directory bread(block 73) failed [ 390.236335][ T7454] loop6: detected capacity change from 0 to 32768 [ 390.446459][ T7454] XFS (loop6): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 390.868639][ T7454] XFS (loop6): Ending clean mount [ 390.885158][ T7454] XFS (loop6): Quotacheck needed: Please wait. [ 390.924758][ T7474] loop4: detected capacity change from 0 to 512 [ 390.993687][ T7454] XFS (loop6): Quotacheck: Done. [ 391.004446][ T7474] EXT4-fs: Ignoring removed i_version option [ 391.046031][ T7474] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 391.128554][ T7474] EXT4-fs (loop4): 1 truncate cleaned up [ 391.136789][ T7474] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 391.198721][ T7478] loop3: detected capacity change from 0 to 512 [ 391.265587][ T6840] XFS (loop6): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 391.368540][ T7478] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 391.381653][ T7478] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 391.400639][ T7478] System zones: 0-1, 15-15, 18-18, 34-34 [ 391.407745][ T7478] EXT4-fs (loop3): orphan cleanup on readonly fs [ 391.414822][ T7478] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 391.424669][ T7478] EXT4-fs warning (device loop3): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 391.439842][ T7478] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 391.494847][ T7478] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.545: bg 0: block 40: padding at end of block bitmap is not set [ 391.539108][ T7478] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 391.559881][ T7478] EXT4-fs (loop3): 1 truncate cleaned up [ 391.567666][ T7478] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 391.600981][ T5796] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 391.716825][ T7489] loop5: detected capacity change from 0 to 2048 [ 391.740591][ T7478] EXT4-fs error (device loop3): ext4_encrypted_get_link:46: inode #16: comm syz.3.545: bad symlink. [ 391.903379][ T7489] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 392.055107][ T5797] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 395.253828][ T7521] loop5: detected capacity change from 0 to 32768 [ 395.307364][ T7521] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 395.319291][ T7525] loop4: detected capacity change from 0 to 2048 [ 395.387019][ T7525] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 395.423405][ T7539] loop3: detected capacity change from 0 to 65 [ 395.496831][ T7539] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway [ 395.597616][ T7521] XFS (loop5): Ending clean mount [ 395.710616][ T6436] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 396.897937][ T7544] loop6: detected capacity change from 0 to 32768 [ 396.949274][ T7544] ERROR: (device loop6): dbAlloc: the hint is outside the map [ 396.949274][ T7544] [ 396.960086][ T7544] ERROR: (device loop6): remounting filesystem as read-only [ 398.116809][ T7565] netlink: 52 bytes leftover after parsing attributes in process `syz.3.578'. [ 399.210413][ T7573] loop1: detected capacity change from 0 to 4096 [ 400.005180][ T7589] loop4: detected capacity change from 0 to 256 [ 400.041020][ T7589] exfat: Deprecated parameter 'utf8' [ 400.047451][ T7589] exfat: Bad value for 'dmask' [ 400.164676][ T7587] loop3: detected capacity change from 0 to 4096 [ 400.242041][ T7587] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 400.448548][ T5856] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 400.716179][ T5856] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 400.726981][ T5856] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x7E, changing to 0xE [ 400.738948][ T5856] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 400.788877][ T5797] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 400.844388][ T5856] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 400.854417][ T5856] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.862898][ T5856] usb 6-1: Product: syz [ 400.867333][ T5856] usb 6-1: Manufacturer: syz [ 400.872988][ T5856] usb 6-1: SerialNumber: syz [ 401.861228][ T5856] cdc_ncm 6-1:1.0: SET_CRC_MODE failed [ 401.888611][ T5856] cdc_ncm 6-1:1.0: SET_NTB_FORMAT failed [ 401.909515][ T5856] cdc_ncm 6-1:1.0: bind() failure [ 401.932904][ T5856] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 401.940126][ T5856] cdc_ncm 6-1:1.1: bind() failure [ 402.003735][ T5856] usb 6-1: USB disconnect, device number 4 [ 402.055483][ T7617] loop4: detected capacity change from 0 to 256 [ 402.422926][ T7617] FAT-fs (loop4): Directory bread(block 64) failed [ 402.436682][ T7617] FAT-fs (loop4): Directory bread(block 65) failed [ 402.445618][ T7617] FAT-fs (loop4): Directory bread(block 66) failed [ 402.452684][ T7617] FAT-fs (loop4): Directory bread(block 67) failed [ 402.459805][ T7617] FAT-fs (loop4): Directory bread(block 68) failed [ 402.466580][ T7617] FAT-fs (loop4): Directory bread(block 69) failed [ 402.473867][ T7617] FAT-fs (loop4): Directory bread(block 70) failed [ 402.480877][ T7617] FAT-fs (loop4): Directory bread(block 71) failed [ 402.487810][ T7617] FAT-fs (loop4): Directory bread(block 72) failed [ 402.495113][ T7617] FAT-fs (loop4): Directory bread(block 73) failed [ 402.529117][ T5889] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 402.780409][ T5889] usb 7-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 402.790969][ T5889] usb 7-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 21 [ 402.804576][ T5889] usb 7-1: config 0 interface 0 has no altsetting 0 [ 402.811903][ T5889] usb 7-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 402.821844][ T5889] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.909720][ T7617] bio_check_eod: 13 callbacks suppressed [ 402.909795][ T7617] syz.4.599: attempt to access beyond end of device [ 402.909795][ T7617] loop4: rw=524288, sector=1192, nr_sectors = 4 limit=256 [ 402.930571][ T7617] syz.4.599: attempt to access beyond end of device [ 402.930571][ T7617] loop4: rw=0, sector=1192, nr_sectors = 4 limit=256 [ 402.951001][ T30] audit: type=1800 audit(1748014620.315:30): pid=7617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.599" name="file1" dev="loop4" ino=1048653 res=0 errno=0 [ 403.000837][ T5889] usb 7-1: config 0 descriptor?? [ 403.007394][ T7617] syz.4.599: attempt to access beyond end of device [ 403.007394][ T7617] loop4: rw=0, sector=1192, nr_sectors = 4 limit=256 [ 403.021633][ T7617] syz.4.599: attempt to access beyond end of device [ 403.021633][ T7617] loop4: rw=0, sector=1192, nr_sectors = 4 limit=256 [ 404.086711][ T5889] corsair-cpro 0003:1B1C:1D00.0005: hidraw0: USB HID v0.00 Device [HID 1b1c:1d00] on usb-dummy_hcd.6-1/input0 [ 404.499569][ T5889] corsair-cpro 0003:1B1C:1D00.0005: probe with driver corsair-cpro failed with error -110 [ 404.502515][ T7638] loop4: detected capacity change from 0 to 4096 [ 404.544813][ T5889] usb 7-1: USB disconnect, device number 2 [ 404.711377][ T7642] loop5: detected capacity change from 0 to 4096 [ 404.878563][ T7648] netlink: 'syz.3.613': attribute type 2 has an invalid length. [ 404.929513][ T7638] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 405.030624][ T7638] ntfs3(loop4): ino=0, "file0" ni_find_attr [ 405.671217][ T7655] netlink: 28 bytes leftover after parsing attributes in process `syz.6.616'. [ 405.680899][ T7655] netlink: 8 bytes leftover after parsing attributes in process `syz.6.616'. [ 405.720408][ T7657] loop4: detected capacity change from 0 to 64 [ 405.819470][ T30] audit: type=1326 audit(1748014623.215:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.1.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5547b8e969 code=0x7fc00000 [ 406.406937][ T7665] loop1: detected capacity change from 0 to 1024 [ 406.443948][ T7664] loop3: detected capacity change from 0 to 1024 [ 406.491133][ T7665] EXT4-fs: Ignoring removed orlov option [ 406.497526][ T7665] EXT4-fs: Ignoring removed i_version option [ 406.558531][ T7665] EXT4-fs (loop1): Test dummy encryption mode enabled [ 406.579085][ T7665] EXT4-fs (loop1): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 406.751457][ T7665] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 406.761471][ T5078] hfsplus: b-tree write err: -5, ino 4 [ 407.174537][ T5805] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 407.556444][ T7685] netlink: 'syz.3.632': attribute type 11 has an invalid length. [ 407.563665][ T7690] loop1: detected capacity change from 0 to 128 [ 407.661920][ T7690] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 407.823888][ T7690] ext4 filesystem being mounted at /129/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 407.921054][ T7695] loop6: detected capacity change from 0 to 1024 [ 407.934614][ T7695] EXT4-fs (loop6): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 408.127631][ T7695] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 408.216050][ T5805] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 408.242581][ T7701] loop3: detected capacity change from 0 to 128 [ 408.332907][ T7704] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 408.342124][ T7704] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 408.351341][ T7704] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 408.360517][ T7704] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 408.466588][ T7702] EXT4-fs error (device loop6): ext4_clear_blocks:876: inode #14: comm syz.6.634: attempt to clear invalid blocks 1886221359 len 1 [ 408.548874][ T7702] EXT4-fs (loop6): Remounting filesystem read-only [ 408.651016][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 408.875921][ T6840] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 408.956890][ T7710] netlink: 8 bytes leftover after parsing attributes in process `syz.3.640'. [ 409.207072][ T7715] netlink: 28 bytes leftover after parsing attributes in process `syz.1.643'. [ 410.870422][ T7735] loop1: detected capacity change from 0 to 4096 [ 411.796110][ T7755] loop4: detected capacity change from 0 to 128 [ 411.978313][ T30] audit: type=1800 audit(1748014629.375:32): pid=7755 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.660" name="file2" dev="loop4" ino=1048656 res=0 errno=0 [ 412.003039][ T7755] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 412.011450][ T7755] FAT-fs (loop4): Filesystem has been set read-only [ 412.018934][ T7755] syz.4.660: attempt to access beyond end of device [ 412.018934][ T7755] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 412.035598][ T7755] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 412.043812][ T7755] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 413.293587][ T7776] loop4: detected capacity change from 0 to 256 [ 413.400437][ T7779] netlink: 'syz.1.674': attribute type 1 has an invalid length. [ 413.508734][ T7776] FAT-fs (loop4): Directory bread(block 64) failed [ 413.515640][ T7776] FAT-fs (loop4): Directory bread(block 65) failed [ 413.522789][ T7776] FAT-fs (loop4): Directory bread(block 66) failed [ 413.529874][ T7776] FAT-fs (loop4): Directory bread(block 67) failed [ 413.539380][ T7776] FAT-fs (loop4): Directory bread(block 68) failed [ 413.546155][ T7776] FAT-fs (loop4): Directory bread(block 69) failed [ 413.553370][ T7776] FAT-fs (loop4): Directory bread(block 70) failed [ 413.560235][ T7776] FAT-fs (loop4): Directory bread(block 71) failed [ 413.567107][ T7776] FAT-fs (loop4): Directory bread(block 72) failed [ 413.574080][ T7776] FAT-fs (loop4): Directory bread(block 73) failed [ 415.270478][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804f196400: rx timeout, send abort [ 415.779241][ C0] vcan0: j1939_tp_rxtimer: 0xffff88804f196400: abort rx timeout. Force session deactivation [ 416.390317][ T7828] loop1: detected capacity change from 0 to 1024 [ 416.442047][ T7828] EXT4-fs: Ignoring removed orlov option [ 416.586063][ T7828] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 416.815636][ T30] audit: type=1800 audit(1748014634.225:33): pid=7828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.696" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 416.944864][ T7842] loop5: detected capacity change from 0 to 128 [ 416.992351][ T7842] EXT4-fs: Ignoring removed nobh option [ 417.023493][ T7844] loop6: detected capacity change from 0 to 512 [ 417.068430][ T7844] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 417.086946][ T7842] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 417.103113][ T7842] ext4 filesystem being mounted at /80/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 417.172049][ T5805] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 417.286076][ T7844] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 417.299427][ T7844] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 417.943477][ T6436] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 418.124250][ T7849] loop3: detected capacity change from 0 to 32768 [ 418.146424][ T7849] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.702 (7849) [ 418.190263][ T7849] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 418.205716][ T7849] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 418.215584][ T7849] BTRFS info (device loop3): using free-space-tree [ 418.542077][ T7849] BTRFS info (device loop3): rebuilding free space tree [ 418.695435][ T6840] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 418.795277][ T7849] BTRFS info (device loop3): balance: start -f -sprofiles=data|system|metadata|raid0|raid10|raid5|raid6|0x3800,usage=12582909,devid=0,limit=10376293541461622786,stripes=3..4 [ 418.818499][ T7849] BTRFS info (device loop3): balance: ended with status: 0 [ 418.961070][ T5797] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 419.304554][ T30] audit: type=1326 audit(1748014636.705:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 419.331819][ T30] audit: type=1326 audit(1748014636.715:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 419.355566][ T30] audit: type=1326 audit(1748014636.755:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=301 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 419.378468][ T30] audit: type=1326 audit(1748014636.755:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 419.401047][ T30] audit: type=1326 audit(1748014636.755:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 419.423744][ T30] audit: type=1326 audit(1748014636.765:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 419.449325][ T30] audit: type=1326 audit(1748014636.765:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 419.473062][ T30] audit: type=1326 audit(1748014636.765:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 419.495638][ T30] audit: type=1326 audit(1748014636.765:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 420.637320][ T7888] loop1: detected capacity change from 0 to 512 [ 420.648687][ T5857] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 420.695277][ T7888] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 420.828559][ T7888] EXT4-fs (loop1): 1 truncate cleaned up [ 420.836545][ T7888] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 420.870432][ T5857] usb 5-1: Using ep0 maxpacket: 8 [ 420.990939][ T5857] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 421.000647][ T5857] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 421.009413][ T5857] usb 5-1: Product: syz [ 421.013910][ T5857] usb 5-1: Manufacturer: syz [ 421.019004][ T5857] usb 5-1: SerialNumber: syz [ 421.101376][ T5857] usb 5-1: config 0 descriptor?? [ 421.123575][ T5857] gspca_main: se401-2.14.0 probing 047d:5003 [ 421.410478][ T5805] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 421.543024][ T5857] gspca_se401: Frame size: 31091x12922 bayer [ 421.550071][ T5857] gspca_se401: Frame size: 0x0 1/16th janggu [ 421.556330][ T5857] gspca_se401: Frame size: 20x0 bayer [ 421.772197][ T5857] input: se401 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input7 [ 421.856282][ T5857] usb 5-1: USB disconnect, device number 6 [ 422.437265][ T7909] program syz.6.721 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 423.553103][ T7927] loop1: detected capacity change from 0 to 1024 [ 423.772082][ T7927] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 423.903256][ T7927] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: inode #11: comm syz.1.730: missing EA_INODE flag [ 423.968563][ T7927] EXT4-fs (loop1): Remounting filesystem read-only [ 423.975720][ T7927] EXT4-fs warning (device loop1): ext4_xattr_inode_dec_ref_all:1221: inode #18: comm syz.1.730: ea_inode dec ref err=-30 [ 423.993296][ T7927] EXT4-fs warning (device loop1): ext4_evict_inode:279: xattr delete (err -30) [ 424.022930][ T7934] ALSA: mixer_oss: invalid OSS volume 'u' [ 424.029371][ T7934] ALSA: mixer_oss: invalid OSS volume '¯S}“B.Ò/¦YÎÚY9Ï9†2¢W«¿hÔ…NE,ë' [ 424.041971][ T7934] ALSA: mixer_oss: invalid OSS volume 'cOF8߀Ò!}þsdÜ"Ž§Ÿtæx³8S‘èÁàA' [ 424.052369][ T7934] ALSA: mixer_oss: invalid OSS volume 'H­}Ç!ïÙ¾äR¤Í©úZ' [ 424.060791][ T7934] ALSA: mixer_oss: invalid OSS volume ';½pšoƒ^´3Ž#±/YïÐþj}Žl@Ö;´69§' [ 424.069702][ T7934] ALSA: mixer_oss: invalid OSS volume '‡YÕ¥›\&—Äaá}„X±=ȉ5¸x÷—Ôi$¼„q' [ 424.079012][ T7934] ALSA: mixer_oss: invalid OSS volume '–Ò?Ù­ü«áqoêIyïMtúÜoÕ>lgÄë 9' [ 424.087664][ T7934] ALSA: mixer_oss: invalid OSS volume ')ùÖ­I;»M¥ýð®ôñoõ™°ÜB0ªø{žø•?Š' [ 424.096668][ T7934] ALSA: mixer_oss: invalid OSS volume 'S7sŽŸÙW{·•ëZ‰¤îN++í_Æ[¡ï¹ˆž' [ 424.106399][ T7934] ALSA: mixer_oss: invalid OSS volume '' [ 424.113116][ T7934] ALSA: mixer_oss: invalid OSS volume 'c¢¼¤sÏ‘=ZOÒ‰Ñy/Æ“Ä¥øS&î¼R™J4áj' [ 424.122035][ T7934] ALSA: mixer_oss: invalid OSS volume 'cå :3Ù£ã/D@·aÑI¨×tÕ°á’fx„™¡' [ 424.130777][ T7934] ALSA: mixer_oss: invalid OSS volume 'T{¡‘¼¢Ê’w4M{£ ‚j%€åítôä±' [ 424.143294][ T7934] ALSA: mixer_oss: invalid OSS volume 'ð™6oÅ?ŒtoðnÄ]iÓÄ' [ 424.152519][ T7934] ALSA: mixer_oss: invalid OSS volume 'ÙΦÝuLœ?ëÎ…v÷†4À+C' [ 424.160743][ T7934] ALSA: mixer_oss: invalid OSS volume 'yÐÅÊû3gÕ˜F8JñýK`˜ËV µe¯>ÀÓM' [ 424.169682][ T7934] ALSA: mixer_oss: invalid OSS volume '«¤–ž' [ 424.176033][ T7934] ALSA: mixer_oss: invalid OSS volume 'C4ò›3‘ïKðóJDÖž47Ë=Ë8qÄçÞPK^P' [ 424.184792][ T7934] ALSA: mixer_oss: invalid OSS volume '}ß„µcÀ¿ÌLu©rbÝìzI{ÕŽª«%»' [ 424.193540][ T7934] ALSA: mixer_oss: invalid OSS volume 'Teë»À¬0¸R+Ù!€Ø˜s1Në2ð¾+Oq«' [ 424.202580][ T7934] ALSA: mixer_oss: invalid OSS volume 'x'ÒYbã’ÖÀe:x•^¾' [ 424.210452][ T7934] ALSA: mixer_oss: invalid OSS volume 'ª?2ÀÓÎo”ºÏZÝ“X„¾œáŠ^Æ–ã7' [ 424.219335][ T7934] ALSA: mixer_oss: invalid OSS volume 'œz€zvúavg­ê‹w4‚-©=“––A©*Ò¯cPÎîT' [ 424.228241][ T7934] ALSA: mixer_oss: invalid OSS volume 'Ž-ĉ¸ýÛùÔ±ÉïKUˆˆ$Fù²Z„Y˜"2' [ 424.236924][ T7934] ALSA: mixer_oss: invalid OSS volume '-«/ã9òM=+ih’ÜÔ£èòê­ÜxâÐ|¹ß/ç' [ 424.249284][ T7934] ALSA: mixer_oss: invalid OSS volume 'Ã…’£¾~³SAd–ègاL~¹EV±bA“]qÔ4bþ' [ 424.257905][ T7934] ALSA: mixer_oss: invalid OSS volume 'Ç´ñTrçz3")?„žç\‘]ódÉiTbà”' [ 424.268393][ T7934] ALSA: mixer_oss: invalid OSS volume 'hJøüÝKÍõu+?ªsˆ†nè¦d…' [ 424.276236][ T7934] ALSA: mixer_oss: invalid OSS volume 'ü>Ü(v[.zPýïW[élÑÙªHÁþñ²v9I˜*' [ 424.284957][ T7934] ALSA: mixer_oss: invalid OSS volume 'IâMŒ}' [ 424.291653][ T7934] ALSA: mixer_oss: invalid OSS volume '„‘Þš‹½]í¸ßëZX€ÚWÇK¸áý‹ÓÂ' [ 424.299841][ T7934] ALSA: mixer_oss: invalid OSS volume '›gl »f' [ 424.306551][ T7934] ALSA: mixer_oss: invalid OSS volume 'põÇ­-áÿ–gl>ÊÍ•?Ò5…b(Um²•¸ÕH·' [ 424.315616][ T7934] ALSA: mixer_oss: invalid OSS volume ' HD-É5«„Gëì¹:øy¦»‚«_$RtØsµ¾C…o' [ 424.324405][ T7934] ALSA: mixer_oss: invalid OSS volume 'O±øS®ãl¬¥R›­‘$‚X`ÀDòEÍÿâä' [ 424.333167][ T7934] ALSA: mixer_oss: invalid OSS volume 'j©bhœOS¼{eå}棕íYªyA!"L' [ 424.345379][ T7934] ALSA: mixer_oss: invalid OSS volume 'œªÛï'Ööc²+øÓ™bènRÙ«ÕbŽ2pBMŠ§‘' [ 424.355444][ T7934] ALSA: mixer_oss: invalid OSS volume '])Ù@:Tµ1U2c‡ên§&C·Ì[÷g7xD' [ 424.364384][ T7934] ALSA: mixer_oss: invalid OSS volume 'w¥¯ì—Uoàî‡Ãs›ÙÿL!ÝNζWæKôÖË' [ 424.373481][ T7934] ALSA: mixer_oss: invalid OSS volume '¯Þ­1Ðؽ‹F„&‡¶' [ 424.544561][ T5805] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 425.003244][ T7943] loop1: detected capacity change from 0 to 64 [ 425.136632][ T7947] loop4: detected capacity change from 0 to 512 [ 425.229174][ T7947] EXT4-fs (loop4): blocks per group (34) and clusters per group (32768) inconsistent [ 425.432603][ T7951] loop3: detected capacity change from 0 to 256 [ 425.800534][ T7951] FAT-fs (loop3): Directory bread(block 64) failed [ 425.807543][ T7951] FAT-fs (loop3): Directory bread(block 65) failed [ 425.814609][ T7951] FAT-fs (loop3): Directory bread(block 66) failed [ 425.821990][ T7951] FAT-fs (loop3): Directory bread(block 67) failed [ 425.829732][ T7951] FAT-fs (loop3): Directory bread(block 68) failed [ 425.836516][ T7951] FAT-fs (loop3): Directory bread(block 69) failed [ 425.843587][ T7951] FAT-fs (loop3): Directory bread(block 70) failed [ 425.850518][ T7951] FAT-fs (loop3): Directory bread(block 71) failed [ 425.857449][ T7951] FAT-fs (loop3): Directory bread(block 72) failed [ 425.864473][ T7951] FAT-fs (loop3): Directory bread(block 73) failed [ 425.968911][ T7958] loop4: detected capacity change from 0 to 512 [ 426.071019][ T5808] Bluetooth: hci4: command 0x0406 tx timeout [ 426.295208][ T7958] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 426.308640][ T7958] ext4 filesystem being mounted at /168/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 426.806517][ T5796] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 428.241985][ T5856] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 428.456681][ T5856] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 428.466234][ T5856] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.516164][ T5856] usb 2-1: config 0 descriptor?? [ 428.536567][ T5856] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 428.552936][ T7999] netem: unknown loss type 0 [ 429.608514][ T5856] gspca_cpia1: usb_control_msg 05, error -110 [ 429.617136][ T7995] loop1: detected capacity change from 0 to 4096 [ 429.642440][ T5856] gspca_cpia1: usb_control_msg 01, error -32 [ 429.662121][ T7995] ntfs3: Unknown parameter 'dmask000000010' [ 429.698691][ T5856] gspca_cpia1: usb_control_msg 01, error -32 [ 429.728556][ T5856] gspca_cpia1: usb_control_msg 01, error -32 [ 429.747235][ T5856] gspca_cpia1: usb_control_msg 01, error -32 [ 429.753620][ T5856] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0) [ 429.942213][ T8009] netlink: 'syz.5.764': attribute type 1 has an invalid length. [ 429.950777][ T8009] netlink: 'syz.5.764': attribute type 2 has an invalid length. [ 430.024439][ T8011] netlink: 'syz.5.764': attribute type 1 has an invalid length. [ 430.032652][ T8011] netlink: 'syz.5.764': attribute type 2 has an invalid length. [ 430.148527][ T7995] loop1: detected capacity change from 0 to 512 [ 430.203993][ T7995] EXT4-fs (loop1): external journal device major/minor numbers have changed [ 430.213621][ T7995] EXT4-fs (loop1): failed to open journal device unknown-block(7,45) -6 [ 430.373280][ T5889] usb 2-1: USB disconnect, device number 4 [ 430.873067][ T8020] loop4: detected capacity change from 0 to 128 [ 431.046073][ T8020] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 431.141562][ T8020] ext4 filesystem being mounted at /171/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 431.452610][ T5796] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 431.684902][ T8028] loop1: detected capacity change from 0 to 2048 [ 431.933545][ T8028] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 432.605079][ T8035] loop5: detected capacity change from 0 to 4096 [ 432.628296][ T8035] ntfs3(loop5): Primary boot: unsupported bytes per index 8192. [ 432.676220][ T8035] ntfs3(loop5): try to read out of volume at offset 0x1ffe00 [ 433.700244][ T8055] batadv_slave_1: entered promiscuous mode [ 433.720684][ T5857] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 433.745351][ T8055] batadv_slave_1: left promiscuous mode [ 433.774343][ T8057] loop1: detected capacity change from 0 to 64 [ 433.854399][ T8057] hfs: unable to locate alternate MDB [ 433.860483][ T8057] hfs: continuing without an alternate MDB [ 433.898310][ T8049] loop4: detected capacity change from 0 to 32768 [ 433.954420][ T5857] usb 4-1: Using ep0 maxpacket: 16 [ 433.996436][ T5857] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 434.006954][ T5857] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 170, changing to 11 [ 434.019014][ T5857] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 34661, setting to 1024 [ 434.030680][ T5857] usb 4-1: config 0 interface 0 has no altsetting 0 [ 434.064422][ T8049] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 434.105877][ T30] audit: type=1800 audit(1748014651.515:43): pid=8057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.784" name="file1" dev="loop1" ino=18 res=0 errno=0 [ 434.111012][ T5857] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 434.135966][ T5857] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.144380][ T5857] usb 4-1: Product: syz [ 434.149000][ T5857] usb 4-1: Manufacturer: syz [ 434.153809][ T5857] usb 4-1: SerialNumber: syz [ 434.163846][ T5857] usb 4-1: config 0 descriptor?? [ 434.181597][ T8053] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 434.414934][ T8049] XFS (loop4): Ending clean mount [ 434.442308][ T8049] XFS (loop4): Quotacheck needed: Please wait. [ 434.463541][ T8053] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 434.513210][ T5857] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input8 [ 434.539886][ T5889] kernel write not supported for file /media6 (pid: 5889 comm: kworker/0:6) [ 434.613799][ T8049] XFS (loop4): Quotacheck: Done. [ 434.722967][ T5796] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 434.801362][ T8071] loop1: detected capacity change from 0 to 64 [ 434.824048][ T5850] usb 4-1: USB disconnect, device number 6 [ 436.151691][ T8087] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 436.199948][ T8085] netlink: 4 bytes leftover after parsing attributes in process `syz.5.795'. [ 436.306565][ T8091] loop3: detected capacity change from 0 to 64 [ 436.988833][ T8101] netlink: 28 bytes leftover after parsing attributes in process `syz.4.801'. [ 437.129696][ T8102] loop6: detected capacity change from 0 to 1024 [ 437.205789][ T8097] loop5: detected capacity change from 0 to 4096 [ 437.269563][ T8097] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512). [ 437.285920][ T8102] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 437.298941][ T8102] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 437.576571][ T8097] ntfs3(loop5): ino=19, mi_enum_attr [ 437.582481][ T8097] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 437.715973][ T6840] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 438.162772][ T8127] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.810'. [ 438.190573][ T8126] netlink: 24 bytes leftover after parsing attributes in process `syz.1.811'. [ 438.661995][ T8134] loop6: detected capacity change from 0 to 256 [ 438.853497][ T8134] exFAT-fs (loop6): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 439.761982][ T8154] loop4: detected capacity change from 0 to 1024 [ 439.844226][ T8156] netlink: 'syz.1.824': attribute type 3 has an invalid length. [ 439.885572][ T8154] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 440.103649][ T8165] netlink: 'syz.5.826': attribute type 1 has an invalid length. [ 440.234239][ T5796] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 440.585999][ T8174] loop5: detected capacity change from 0 to 128 [ 440.643449][ T30] audit: type=1800 audit(1748014658.055:44): pid=8174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.832" name="bus" dev="loop5" ino=1048658 res=0 errno=0 [ 440.809138][ T5850] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 440.988564][ T5850] usb 4-1: Using ep0 maxpacket: 32 [ 441.014139][ T5850] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 441.024399][ T5850] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.058780][ T8181] loop4: detected capacity change from 0 to 128 [ 441.075170][ T5850] usb 4-1: config 0 descriptor?? [ 441.090527][ T8181] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 441.160501][ T8181] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 441.305008][ T5850] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 441.369953][ T5850] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 441.384030][ T5850] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 441.392321][ T5850] usb 4-1: media controller created [ 441.456818][ T3732] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 441.463115][ T5850] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 441.706803][ T5850] az6027: usb out operation failed. (-71) [ 441.713934][ T5850] az6027: usb out operation failed. (-71) [ 441.720526][ T5850] stb0899_attach: Driver disabled by Kconfig [ 441.726810][ T5850] az6027: no front-end attached [ 441.726810][ T5850] [ 441.744773][ T5850] az6027: usb out operation failed. (-71) [ 441.756369][ T5850] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 441.767708][ T5850] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input9 [ 441.872250][ T5850] dvb-usb: schedule remote query interval to 400 msecs. [ 441.879790][ T5850] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 441.917031][ T5850] usb 4-1: USB disconnect, device number 7 [ 442.149042][ T5803] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 442.157918][ T5803] Bluetooth: hci2: Injecting HCI hardware error event [ 442.170190][ T5803] Bluetooth: hci2: hardware error 0x00 [ 442.217460][ T5850] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 442.760065][ T8200] loop6: detected capacity change from 0 to 524288000 [ 443.296561][ T8199] loop1: detected capacity change from 0 to 8192 [ 443.563052][ T5850] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 443.718996][ T8213] netlink: 8 bytes leftover after parsing attributes in process `syz.4.849'. [ 443.821101][ T5850] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 443.831895][ T5850] usb 6-1: config 0 interface 0 has no altsetting 0 [ 443.895600][ T5850] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 443.908953][ T5850] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 443.918620][ T5850] usb 6-1: Product: syz [ 443.923032][ T5850] usb 6-1: Manufacturer: syz [ 443.927885][ T5850] usb 6-1: SerialNumber: syz [ 443.954855][ T5850] usb 6-1: config 0 descriptor?? [ 444.038369][ T5850] usb 6-1: selecting invalid altsetting 0 [ 444.238419][ T5803] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 444.484024][ T5857] usb 6-1: USB disconnect, device number 5 [ 445.004912][ T8220] loop4: detected capacity change from 0 to 32768 [ 445.021148][ T8220] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.853 (8220) [ 445.059175][ T8220] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 445.072288][ T8220] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 445.082729][ T8220] BTRFS info (device loop4): using free-space-tree [ 445.089620][ T8220] workqueue: max_active -2147483648 requested for btrfs-worker is out of range, clamping between 1 and 2048 [ 445.109482][ T8220] workqueue: max_active -2147483648 requested for btrfs-delalloc is out of range, clamping between 1 and 2048 [ 445.134302][ T8220] workqueue: max_active -2147483648 requested for btrfs-endio is out of range, clamping between 1 and 2048 [ 445.157835][ T8220] workqueue: max_active -2147483648 requested for btrfs-endio-meta is out of range, clamping between 1 and 2048 [ 445.182191][ T8220] workqueue: max_active -2147483648 requested for btrfs-rmw is out of range, clamping between 1 and 2048 [ 445.206232][ T8220] workqueue: max_active -2147483648 requested for btrfs-endio-write is out of range, clamping between 1 and 2048 [ 445.223098][ T8220] workqueue: max_active -2147483648 requested for btrfs-compressed-write is out of range, clamping between 1 and 2048 [ 445.284448][ T4460] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0x324c5e2d0cac2dc8f61cbfdfc8cd69d9816061b1498b9e1bff7d10a59610160b found 0xf8bb6bdef03b64ff3b11a2a87ba7a2aeacfdb41cc49a87adad5cc1644d216b29 level 0 [ 445.325463][ T4460] BTRFS warning (device loop4): checksum verify failed on logical 5341184 mirror 1 wanted 0xc53d3c5bb04ba5dfc01f4c277f0b81815915cb99da5074f609a3f7f617cf284a found 0xd34891a64d32c06b063fbbf3d26e09cb4d5acf5ade8dc51c4cd532bb53f895d0 level 0 [ 445.365079][ T4460] BTRFS warning (device loop4): checksum verify failed on logical 5287936 mirror 1 wanted 0x31987782e3a542b4b1826f4a60605b79838e23bf27075900db4b92202c72b2fd found 0xceda3bc49047826ec4468b88ec74a14d6cd3232f25b2c41331ed48993507590e level 0 [ 445.405975][ T4460] BTRFS warning (device loop4): checksum verify failed on logical 5292032 mirror 1 wanted 0xcbbb23d5b53a3b4892a5068ee5011732ffcd94742b434497e3f11d7ca86a6d23 found 0x6ab87e71a537053373402d980abd70276b583e303a68e0dd0a46bb41cfc306c8 level 0 [ 445.565154][ T8220] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 445.994274][ T8252] netlink: 44 bytes leftover after parsing attributes in process `syz.5.858'. [ 446.128546][ T5850] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 446.326573][ T5850] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 446.340276][ T5850] usb 7-1: config 0 interface 0 has no altsetting 0 [ 446.400570][ T5850] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 446.410130][ T5850] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 446.420061][ T5850] usb 7-1: Product: syz [ 446.424497][ T5850] usb 7-1: Manufacturer: syz [ 446.433373][ T5850] usb 7-1: SerialNumber: syz [ 446.520520][ T5850] usb 7-1: config 0 descriptor?? [ 446.550329][ T5850] usb 7-1: selecting invalid altsetting 0 [ 446.829790][ T5850] usb 7-1: USB disconnect, device number 3 [ 447.959097][ T5857] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 448.133548][ T8275] loop3: detected capacity change from 0 to 4096 [ 448.145981][ T8275] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 448.178737][ T5857] usb 2-1: Using ep0 maxpacket: 32 [ 448.197009][ T5857] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 448.214811][ T5857] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.260819][ T5857] usb 2-1: config 0 descriptor?? [ 448.332869][ T8284] @: renamed from vlan0 (while UP) [ 448.580159][ T5857] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 448.631017][ T5857] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 448.681315][ T5857] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 448.689165][ T5857] usb 2-1: media controller created [ 448.738411][ T8286] loop4: detected capacity change from 0 to 512 [ 448.794782][ T5857] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 448.909981][ T8286] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 448.978982][ T8282] loop5: detected capacity change from 0 to 32768 [ 448.988422][ T8282] btrfs: Deprecated parameter 'usebackuproot' [ 448.996927][ T8282] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 449.043620][ T8282] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.874 (8282) [ 449.080000][ T8282] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 449.090602][ T8282] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm [ 449.099918][ T8282] BTRFS info (device loop5): using free-space-tree [ 449.149999][ T8286] EXT4-fs (loop4): 1 truncate cleaned up [ 449.158970][ T8286] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 449.174198][ T8275] ntfs3(loop3): ino=19, mi_enum_attr [ 449.179995][ T8275] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 449.221246][ T8275] ntfs3(loop3): ino=18, mi_enum_attr [ 449.260814][ T3545] BTRFS warning (device loop5): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xb6fb6650 level 0 [ 449.275070][ T8282] BTRFS warning (device loop5): couldn't read tree root [ 449.284170][ T5857] az6027: usb out operation failed. (-71) [ 449.284158][ T8282] BTRFS warning (device loop5): try to load backup roots slot 1 [ 449.295004][ T3732] BTRFS warning (device loop5): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x7a216cc0 level 0 [ 449.312988][ T8282] BTRFS warning (device loop5): couldn't read tree root [ 449.320452][ T8282] BTRFS warning (device loop5): try to load backup roots slot 2 [ 449.340903][ T3732] BTRFS error (device loop5): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 449.352115][ T8282] BTRFS warning (device loop5): couldn't read tree root [ 449.359525][ T8282] BTRFS warning (device loop5): try to load backup roots slot 3 [ 449.443299][ T5857] az6027: usb out operation failed. (-71) [ 449.449499][ T5857] stb0899_attach: Driver disabled by Kconfig [ 449.455931][ T5857] az6027: no front-end attached [ 449.455931][ T5857] [ 449.481142][ T8282] BTRFS info (device loop5): rebuilding free space tree [ 449.516495][ T8282] BTRFS info (device loop5): checking UUID tree [ 449.551634][ T5857] az6027: usb out operation failed. (-71) [ 449.557596][ T5857] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 449.567917][ T5857] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input10 [ 449.735981][ T8308] loop6: detected capacity change from 0 to 64 [ 449.759826][ T6436] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 449.789992][ T5857] dvb-usb: schedule remote query interval to 400 msecs. [ 449.797345][ T5857] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 449.876072][ T5857] usb 2-1: USB disconnect, device number 5 [ 449.913548][ T5796] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 450.131893][ T5857] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 450.318011][ T8310] loop1: detected capacity change from 0 to 2048 [ 450.472156][ T8310] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 450.604759][ T30] audit: type=1800 audit(1748014668.015:45): pid=8310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.880" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 450.656183][ T5857] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 450.838476][ T5857] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 450.850352][ T5857] usb 5-1: config 0 interface 0 has no altsetting 0 [ 450.857254][ T5857] usb 5-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.00 [ 450.871795][ T5857] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.161243][ T5857] usb 5-1: config 0 descriptor?? [ 451.169581][ T8314] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 451.503835][ T8314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 451.514183][ T8314] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 451.824404][ T5857] hid (null): unknown global tag 0xd [ 451.830223][ T5857] hid (null): unknown global tag 0xe [ 452.066477][ T5857] uclogic 0003:28BD:0078.0006: interface is invalid, ignoring [ 452.150702][ T5857] usb 5-1: USB disconnect, device number 7 [ 452.471124][ T8293] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 452.633537][ T5805] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 454.065119][ T8353] loop5: detected capacity change from 0 to 1024 [ 454.182989][ T8349] loop1: detected capacity change from 0 to 40427 [ 454.204402][ T8349] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 454.212691][ T8349] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 454.278431][ T8349] F2FS-fs (loop1): invalid crc value [ 454.668000][ T8349] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 454.681868][ T8349] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 454.981932][ T8367] netlink: 36 bytes leftover after parsing attributes in process `syz.3.902'. [ 455.020557][ T8367] vlan2: entered promiscuous mode [ 455.025885][ T8367] bridge0: entered promiscuous mode [ 455.717207][ T8377] loop5: detected capacity change from 0 to 128 [ 456.479564][ T5850] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 456.709402][ T5850] usb 4-1: Using ep0 maxpacket: 16 [ 456.743646][ T5850] usb 4-1: config 0 has an invalid interface number: 26 but max is 0 [ 456.752643][ T5850] usb 4-1: config 0 has no interface number 0 [ 456.759291][ T5850] usb 4-1: config 0 interface 26 has no altsetting 0 [ 456.848506][ T5850] usb 4-1: New USB device found, idVendor=12d1, idProduct=7d1e, bcdDevice=e8.4a [ 456.857866][ T5850] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.866278][ T5850] usb 4-1: Product: syz [ 456.870936][ T5850] usb 4-1: Manufacturer: syz [ 456.875762][ T5850] usb 4-1: SerialNumber: syz [ 456.941408][ T5850] usb 4-1: config 0 descriptor?? [ 457.084629][ T8393] netlink: 48 bytes leftover after parsing attributes in process `syz.5.913'. [ 457.094626][ T8393] netlink: 1 bytes leftover after parsing attributes in process `syz.5.913'. [ 457.193905][ T5850] option 4-1:0.26: GSM modem (1-port) converter detected [ 457.249576][ T5850] usb 4-1: USB disconnect, device number 8 [ 457.257604][ T5850] option 4-1:0.26: device disconnected [ 458.037234][ T8400] loop6: detected capacity change from 0 to 2048 [ 458.116914][ T8400] EXT4-fs: Ignoring removed nobh option [ 458.270378][ T8400] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 458.283673][ T8400] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 458.394974][ T8398] loop5: detected capacity change from 0 to 40427 [ 458.409008][ T8398] F2FS-fs (loop5): Invalid gid value -1 [ 459.081879][ T6840] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 459.431883][ T8418] loop1: detected capacity change from 0 to 512 [ 459.554930][ T8418] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 459.557170][ T8422] netlink: 24 bytes leftover after parsing attributes in process `syz.4.925'. [ 459.563604][ T8418] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 459.636881][ T8418] EXT4-fs (loop1): 1 truncate cleaned up [ 459.645007][ T8418] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 459.974416][ T8431] loop3: detected capacity change from 0 to 256 [ 460.139203][ T5805] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 460.508643][ T8435] vlan0: entered promiscuous mode [ 460.513967][ T8435] bridge0: entered promiscuous mode [ 460.520442][ T8435] vlan0: entered allmulticast mode [ 460.529016][ T8435] bridge0: entered allmulticast mode [ 460.620901][ T5800] block nbd0: Wrong magic (0x200b9bb) [ 460.647900][ T8438] xt_CT: You must specify a L4 protocol and not use inversions on it [ 461.866432][ T8461] netlink: 40 bytes leftover after parsing attributes in process `syz.6.941'. [ 462.299571][ T8466] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 462.299571][ T8466] The task syz.4.942 (8466) triggered the difference, watch for misbehavior. [ 462.535332][ T8459] loop5: detected capacity change from 0 to 32768 [ 462.597509][ T8459] find_entry called with index = 0 [ 462.603524][ T8459] read_mapping_page failed! [ 462.608459][ T8459] ERROR: (device loop5): txAbort: [ 462.608459][ T8459] [ 462.679932][ T8468] loop3: detected capacity change from 0 to 256 [ 462.701752][ T6436] ERROR: (device loop5): diFree: numfree > numinos [ 462.701752][ T6436] [ 462.973950][ T8468] FAT-fs (loop3): Directory bread(block 64) failed [ 462.981528][ T8468] FAT-fs (loop3): Directory bread(block 65) failed [ 462.993581][ T8468] FAT-fs (loop3): Directory bread(block 66) failed [ 463.000649][ T8468] FAT-fs (loop3): Directory bread(block 67) failed [ 463.007688][ T8468] FAT-fs (loop3): Directory bread(block 68) failed [ 463.014861][ T8468] FAT-fs (loop3): Directory bread(block 69) failed [ 463.022074][ T8468] FAT-fs (loop3): Directory bread(block 70) failed [ 463.029047][ T8468] FAT-fs (loop3): Directory bread(block 71) failed [ 463.035929][ T8468] FAT-fs (loop3): Directory bread(block 72) failed [ 463.043052][ T8468] FAT-fs (loop3): Directory bread(block 73) failed [ 463.385788][ T8468] syz.3.943: attempt to access beyond end of device [ 463.385788][ T8468] loop3: rw=2051, sector=1224, nr_sectors = 64 limit=256 [ 463.707961][ T8481] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 464.298810][ T5857] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 464.334721][ T8491] netlink: 'syz.5.945': attribute type 5 has an invalid length. [ 464.474194][ T8495] loop6: detected capacity change from 0 to 512 [ 464.512847][ T5857] usb 4-1: Using ep0 maxpacket: 32 [ 464.539058][ T8495] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 464.553462][ T5857] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 464.553639][ T5857] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 464.553840][ T5857] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 464.553991][ T5857] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 464.559840][ T5857] usb 4-1: config 0 descriptor?? [ 464.653076][ T8495] EXT4-fs (loop6): 1 truncate cleaned up [ 464.661676][ T8495] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 464.696594][ T5857] hub 4-1:0.0: USB hub found [ 464.878625][ T5857] hub 4-1:0.0: 1 port detected [ 465.180996][ T6840] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 465.320817][ T5857] usb 4-1: USB disconnect, device number 9 [ 465.430522][ T8506] tap0: tun_chr_ioctl cmd 1074025677 [ 465.436583][ T8506] tap0: linktype set to 804 [ 465.823986][ T8515] dlm: no local IP address has been set [ 465.830129][ T8515] dlm: cannot start dlm midcomms -107 [ 465.839181][ T8513] netlink: 8 bytes leftover after parsing attributes in process `syz.4.961'. [ 466.413896][ T30] audit: type=1326 audit(1748014683.805:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm="syz.4.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec2e98e969 code=0x7ffc0000 [ 466.564552][ T30] audit: type=1326 audit(1748014683.875:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm="syz.4.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fec2e98e969 code=0x7ffc0000 [ 466.588674][ T30] audit: type=1326 audit(1748014683.875:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm=08 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec2e98e969 code=0x7ffc0000 [ 466.613355][ T30] audit: type=1326 audit(1748014683.875:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm=08 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec2e98e969 code=0x7ffc0000 [ 466.640042][ T30] audit: type=1326 audit(1748014683.885:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm=08 exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7fec2e98e969 code=0x7ffc0000 [ 466.664614][ T30] audit: type=1326 audit(1748014683.885:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm=08 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec2e98e969 code=0x7ffc0000 [ 466.687210][ T30] audit: type=1326 audit(1748014683.885:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8524 comm=08 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec2e98e969 code=0x7ffc0000 [ 467.119981][ T8522] loop3: detected capacity change from 0 to 32768 [ 467.357035][ T8522] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode. [ 467.398470][ T4460] (kworker/u8:23,4460,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len is smaller than minimal - offset=0, inode=348545186005064, rec_len=0, name_len=1 [ 467.433799][ T8522] OCFS2: ERROR (device loop3): int __ocfs2_find_path(struct ocfs2_caching_info *, struct ocfs2_extent_list *, u32, path_insert_t *, void *): Owner 65 has invalid tree depth 312 in extent list [ 467.459625][ T8522] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 467.471950][ T8522] OCFS2: Returning error to the calling process. [ 467.478727][ T8522] (syz.3.965,8522,0):ocfs2_find_leaf:1948 ERROR: status = -30 [ 467.486500][ T8522] (syz.3.965,8522,0):ocfs2_get_clusters_nocache:421 ERROR: status = -30 [ 467.495467][ T8522] (syz.3.965,8522,0):ocfs2_get_clusters:634 ERROR: status = -30 [ 467.503652][ T8522] (syz.3.965,8522,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -30 [ 467.512756][ T8522] (syz.3.965,8522,0):ocfs2_read_virt_blocks:997 ERROR: status = -30 [ 467.521226][ T8522] (syz.3.965,8522,0):ocfs2_read_dir_block:511 ERROR: status = -30 [ 467.529537][ T8522] (syz.3.965,8522,0):ocfs2_find_dir_space_el:3503 ERROR: status = -5 [ 467.537926][ T8522] (syz.3.965,8522,0):ocfs2_prepare_dir_for_insert:4294 ERROR: status = -5 [ 467.547001][ T8522] (syz.3.965,8522,0):ocfs2_mknod:298 ERROR: status = -5 [ 467.559836][ T8522] (syz.3.965,8522,0):ocfs2_mknod:502 ERROR: status = -5 [ 467.567091][ T8522] (syz.3.965,8522,0):ocfs2_create:675 ERROR: status = -5 [ 467.723115][ T8540] netlink: 40 bytes leftover after parsing attributes in process `syz.6.972'. [ 467.744892][ T5797] ocfs2: Unmounting device (7,3) on (node local) [ 468.006196][ T8548] ucma_write: process 469 (syz.4.976) changed security contexts after opening file descriptor, this is not allowed. [ 469.104296][ T8558] loop1: detected capacity change from 0 to 128 [ 469.179053][ T8558] EXT4-fs (loop1): Test dummy encryption mode enabled [ 469.251220][ T8558] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 469.267819][ T8561] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 469.269513][ T8558] ext4 filesystem being mounted at /194/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 469.657772][ T5805] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 469.877667][ T8570] loop6: detected capacity change from 0 to 2048 [ 469.990334][ T8572] batman_adv: batadv0: Adding interface: dummy0 [ 469.996845][ T8572] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 470.028810][ T8572] batman_adv: batadv0: Interface activated: dummy0 [ 470.053262][ T8570] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 470.091181][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 470.632810][ T8576] loop3: detected capacity change from 0 to 4096 [ 470.671100][ T8576] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 471.094938][ T8576] ntfs3(loop3): ino=1a, mi_enum_attr [ 471.100796][ T8576] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 471.157102][ T8576] ntfs3(loop3): Failed to initialize $Extend/$ObjId. [ 471.167783][ T8587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.994'. [ 471.178717][ T8587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.994'. [ 471.784894][ T8596] loop1: detected capacity change from 0 to 1024 [ 471.815569][ T8598] loop6: detected capacity change from 0 to 128 [ 473.460970][ T8626] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1012'. [ 474.264927][ T8643] loop6: detected capacity change from 0 to 128 [ 474.365598][ T8643] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 474.401901][ T8643] ext4 filesystem being mounted at /115/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 474.808710][ T5857] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 474.865396][ T6840] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 475.157913][ T5857] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 475.169021][ T5857] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 475.273621][ T5857] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 475.283391][ T5857] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 475.291932][ T5857] usb 6-1: Product: syz [ 475.296326][ T5857] usb 6-1: Manufacturer: syz [ 475.301392][ T5857] usb 6-1: SerialNumber: syz [ 475.619542][ T5857] usb 6-1: 0:2 : does not exist [ 475.693128][ T5857] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 475.819659][ T5857] usb 6-1: USB disconnect, device number 6 [ 475.840503][ T8666] loop6: detected capacity change from 0 to 128 [ 475.946867][ T8666] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 475.989963][ T8666] ext4 filesystem being mounted at /118/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 476.022049][ C0] vkms_vblank_simulate: vblank timer overrun [ 476.115749][ T8672] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 476.123483][ T8672] IPv6: NLM_F_CREATE should be set when creating new route [ 476.218365][ T5889] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 476.432545][ T5889] usb 4-1: config 0 has no interfaces? [ 476.444554][ T5889] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de [ 476.444910][ T6840] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 476.454025][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.490819][ T5889] usb 4-1: config 0 descriptor?? [ 476.765276][ T5889] usb 4-1: USB disconnect, device number 10 [ 476.777333][ T8682] overlayfs: upper fs does not support tmpfile. [ 476.920161][ T8684] capability: warning: `syz.5.1038' uses 32-bit capabilities (legacy support in use) [ 477.247344][ T8690] loop5: detected capacity change from 0 to 128 [ 477.260388][ T8690] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 477.345424][ T8690] openvswitch: netlink: Message has 1255 unknown bytes. [ 477.353124][ T8690] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 477.804707][ T8700] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 478.146678][ T8694] loop1: detected capacity change from 0 to 4096 [ 478.244248][ T8694] NILFS (loop1): invalid segment: Checksum error in segment payload [ 478.252860][ T8694] NILFS (loop1): trying rollback from an earlier position [ 478.341699][ T8694] NILFS (loop1): recovery complete [ 478.359779][ T8707] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 478.621788][ T8704] loop4: detected capacity change from 0 to 4096 [ 478.671330][ T8704] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 479.086769][ T8704] ntfs3(loop4): failed to convert "c46c" to macceltic [ 479.107291][ T8704] ntfs3(loop4): ino=20, mi_enum_attr [ 479.113054][ T8704] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 479.347659][ T8716] loop3: detected capacity change from 0 to 2048 [ 479.513790][ T8721] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1055'. [ 479.523113][ T8721] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1055'. [ 479.555674][ T8716] iocharset maccenteuƒo not found [ 480.790876][ T8736] loop5: detected capacity change from 0 to 4096 [ 480.922038][ T8742] loop6: detected capacity change from 0 to 256 [ 480.985398][ T8742] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 480.996686][ T8742] exFAT-fs (loop6): Medium has reported failures. Some data may be lost. [ 481.027108][ T8736] ntfs3(loop5): Failed to initialize $Extend/$ObjId. [ 481.069717][ T8742] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 481.117236][ T8736] ntfs3(loop5): failed to convert "0000" to maccroatian [ 481.160692][ T8736] ntfs3(loop5): ino=1f, mi_enum_attr [ 481.166685][ T8736] ntfs3(loop5): ino=1f, mi_enum_attr [ 481.215097][ T8742] exFAT-fs (loop6): error, bogus directory size (clus : ondisk(12) != counted(1)) [ 481.225025][ T8742] exFAT-fs (loop6): Filesystem has been set read-only [ 481.256103][ T8745] loop4: detected capacity change from 0 to 1024 [ 481.407603][ T8745] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 481.435328][ T8750] sp0: Synchronizing with TNC [ 481.850666][ T5796] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 482.128553][ T5850] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 482.229008][ T5856] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 482.352062][ T5850] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 482.364163][ T5850] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 482.375518][ T5850] usb 6-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00 [ 482.384973][ T5850] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.443677][ T5850] usb 6-1: config 0 descriptor?? [ 482.449786][ T5856] usb 4-1: Using ep0 maxpacket: 32 [ 482.463994][ T8757] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 482.491684][ T8767] loop1: detected capacity change from 0 to 256 [ 482.492997][ T5856] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 482.509891][ T5856] usb 4-1: config 0 has no interface number 0 [ 482.539106][ T5856] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 482.548826][ T5856] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.557223][ T5856] usb 4-1: Product: syz [ 482.561986][ T5856] usb 4-1: Manufacturer: syz [ 482.567030][ T5856] usb 4-1: SerialNumber: syz [ 482.583873][ T5856] usb 4-1: config 0 descriptor?? [ 482.604336][ T5856] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 482.743854][ T8767] exFAT-fs (loop1): start_clu is invalid cluster(0x400) [ 482.833564][ T5856] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 482.900262][ T5856] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 482.961769][ T5850] kye 0003:0458:0087.0007: hidraw0: USB HID v0.04 Device [HID 0458:0087] on usb-dummy_hcd.5-1/input0 [ 483.057836][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - change_port message too short [ 483.153148][ T5850] usb 6-1: USB disconnect, device number 7 [ 483.274377][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 483.277970][ T5889] usb 4-1: USB disconnect, device number 11 [ 483.339918][ T5889] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 483.402080][ T5889] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 483.415639][ T5889] quatech2 4-1:0.51: device disconnected [ 484.635141][ T8783] loop4: detected capacity change from 0 to 32768 [ 484.647041][ T8783] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1083 (8783) [ 484.675287][ T8783] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 484.685911][ T8783] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 484.696944][ T8783] BTRFS info (device loop4): using free-space-tree [ 484.994649][ T5796] BTRFS info (device loop4): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 485.800588][ T8818] program syz.5.1093 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 486.789731][ T5800] Bluetooth: hci4: unexpected subevent 0x0c length: 25 > 5 [ 487.110258][ T8842] loop6: detected capacity change from 0 to 1024 [ 487.323319][ T5889] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 487.412596][ T8835] loop3: detected capacity change from 0 to 32768 [ 487.450981][ T8835] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 487.481507][ T8835] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 487.500062][ T6840] hfsplus: bad catalog entry type [ 487.518444][ T5889] usb 2-1: Using ep0 maxpacket: 32 [ 487.538394][ T8835] (syz.3.1098,8835,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=296, inode=0, rec_len=0, name_len=0 [ 487.554840][ T8835] (syz.3.1098,8835,1):ocfs2_prepare_dir_for_insert:4294 ERROR: status = -2 [ 487.563924][ T8835] (syz.3.1098,8835,1):ocfs2_symlink:1876 ERROR: status = -2 [ 487.571596][ T8835] (syz.3.1098,8835,1):ocfs2_symlink:2077 ERROR: status = -2 [ 487.598895][ T5889] usb 2-1: config index 0 descriptor too short (expected 164, got 36) [ 487.607625][ T5889] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 487.619388][ T5889] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 487.635073][ T5889] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 487.644646][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.707252][ T5797] ocfs2: Unmounting device (7,3) on (node local) [ 487.777326][ T5889] usb 2-1: config 0 descriptor?? [ 487.901515][ T8850] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1106'. [ 488.016998][ T4226] hfsplus: b-tree write err: -5, ino 4 [ 488.063387][ T3646] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.205952][ T5889] logitech 0003:046D:C29C.0008: reserved main item tag 0xe [ 488.260665][ T5889] logitech 0003:046D:C29C.0008: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.1-1/input0 [ 488.322785][ T3646] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.406639][ T5889] logitech 0003:046D:C29C.0008: no inputs found [ 488.466605][ T3646] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.501855][ T5889] usb 2-1: USB disconnect, device number 6 [ 488.615265][ T3646] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.811372][ T8854] loop4: detected capacity change from 0 to 4096 [ 488.935282][ T3646] bridge_slave_1: left allmulticast mode [ 488.941933][ T3646] bridge_slave_1: left promiscuous mode [ 488.948785][ T3646] bridge0: port 2(bridge_slave_1) entered disabled state [ 488.975870][ T3646] bridge_slave_0: left allmulticast mode [ 488.982213][ T3646] bridge_slave_0: left promiscuous mode [ 488.989144][ T3646] bridge0: port 1(bridge_slave_0) entered disabled state [ 489.030739][ T8855] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 489.591217][ T3646] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 489.619172][ T3646] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 489.655379][ T3646] bond0 (unregistering): Released all slaves [ 490.166660][ T3646] hsr_slave_0: left promiscuous mode [ 490.177287][ T3646] hsr_slave_1: left promiscuous mode [ 490.193486][ T3646] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 490.202419][ T3646] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 490.234448][ T3646] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 490.242581][ T3646] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 490.379302][ T3646] veth1_macvtap: left promiscuous mode [ 490.385223][ T3646] veth0_macvtap: left promiscuous mode [ 490.396857][ T3646] veth1_vlan: left promiscuous mode [ 490.402925][ T3646] veth0_vlan: left promiscuous mode [ 491.431204][ T5803] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 491.446044][ T5803] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 491.457486][ T5803] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 491.507187][ T5803] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 491.531955][ T5803] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 491.566081][ T3646] team0 (unregistering): Port device team_slave_1 removed [ 491.639312][ T3646] team0 (unregistering): Port device team_slave_0 removed [ 492.069654][ T8873] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1116'. [ 492.901419][ T8887] program syz.1.1121 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 493.402535][ T8875] chnl_net:caif_netlink_parms(): no params data found [ 493.684428][ T8905] vlan2: entered allmulticast mode [ 493.690085][ T8905] vlan0: entered allmulticast mode [ 493.695413][ T8905] veth0_vlan: entered allmulticast mode [ 493.711416][ T5803] Bluetooth: hci2: command tx timeout [ 494.283864][ T5850] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 494.417273][ T8917] loop4: detected capacity change from 0 to 1024 [ 494.448797][ T8917] EXT4-fs: Ignoring removed nobh option [ 494.454654][ T8917] EXT4-fs: Ignoring removed bh option [ 494.489721][ T5850] usb 4-1: Using ep0 maxpacket: 16 [ 494.507312][ T5850] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 494.516777][ T5850] usb 4-1: config 0 has no interface number 0 [ 494.523322][ T5850] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 494.534584][ T5850] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 494.544737][ T5850] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 494.554260][ T5850] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.579436][ T8875] bridge0: port 1(bridge_slave_0) entered blocking state [ 494.586970][ T8875] bridge0: port 1(bridge_slave_0) entered disabled state [ 494.598444][ T8875] bridge_slave_0: entered allmulticast mode [ 494.607580][ T8875] bridge_slave_0: entered promiscuous mode [ 494.635272][ T8875] bridge0: port 2(bridge_slave_1) entered blocking state [ 494.643463][ T8875] bridge0: port 2(bridge_slave_1) entered disabled state [ 494.652456][ T8875] bridge_slave_1: entered allmulticast mode [ 494.662089][ T8875] bridge_slave_1: entered promiscuous mode [ 494.665715][ T8917] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 494.675990][ T5850] usb 4-1: config 0 descriptor?? [ 494.822695][ T8917] EXT4-fs (loop4): shut down requested (1) [ 494.849197][ T8875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 494.882357][ T8875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 495.066156][ T8875] team0: Port device team_slave_0 added [ 495.119995][ T8875] team0: Port device team_slave_1 added [ 495.236811][ T5796] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 495.395647][ T5850] uclogic 0003:28BD:0071.0009: pen parameters not found [ 495.405235][ T5850] uclogic 0003:28BD:0071.0009: interface is invalid, ignoring [ 495.463450][ T8875] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 495.471854][ T8875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 495.499757][ T8875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 495.528685][ T5850] usb 4-1: USB disconnect, device number 12 [ 495.576109][ T8875] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 495.583414][ T8875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 495.610287][ T8875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 495.768771][ T5803] Bluetooth: hci2: command tx timeout [ 495.833681][ T8875] hsr_slave_0: entered promiscuous mode [ 495.843844][ T8875] hsr_slave_1: entered promiscuous mode [ 495.852876][ T8875] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 495.861355][ T8875] Cannot create hsr debugfs directory [ 495.868339][ T5856] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 495.938787][ T5858] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 496.043448][ T5856] usb 5-1: Using ep0 maxpacket: 32 [ 496.051737][ T8936] netlink: 'syz.5.1141': attribute type 32 has an invalid length. [ 496.078489][ T5856] usb 5-1: config 0 interface 0 has no altsetting 0 [ 496.111806][ T5858] usb 2-1: Using ep0 maxpacket: 16 [ 496.134310][ T5856] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 496.144635][ T5856] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.153694][ T5856] usb 5-1: Product: syz [ 496.158961][ T5856] usb 5-1: Manufacturer: syz [ 496.163813][ T5856] usb 5-1: SerialNumber: syz [ 496.190979][ T5858] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 496.202363][ T5858] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 496.212628][ T5858] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 496.222272][ T5858] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.280647][ T5856] usb 5-1: config 0 descriptor?? [ 496.351982][ T5858] usb 2-1: config 0 descriptor?? [ 496.751003][ T5856] gs_usb 5-1:0.0: Configuring for 1 interfaces [ 496.979854][ T5858] corsair 0003:1B1C:1B02.000A: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.1-1/input0 [ 497.000883][ T8875] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 497.056047][ T8875] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 497.107227][ T8875] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 497.152730][ T8875] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 497.162486][ T5857] usb 5-1: USB disconnect, device number 8 [ 497.373567][ T5888] usb 2-1: USB disconnect, device number 7 [ 497.580147][ T8950] netlink: 'syz.3.1145': attribute type 2 has an invalid length. [ 497.829059][ T5803] Bluetooth: hci2: command tx timeout [ 497.912609][ T8952] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1146'. [ 498.035379][ T8875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 498.180966][ T8875] 8021q: adding VLAN 0 to HW filter on device team0 [ 498.268564][ T3646] bridge0: port 1(bridge_slave_0) entered blocking state [ 498.276175][ T3646] bridge0: port 1(bridge_slave_0) entered forwarding state [ 498.355108][ T5803] Bluetooth: hci1: unexpected event for opcode 0x2002 [ 498.395256][ T3646] bridge0: port 2(bridge_slave_1) entered blocking state [ 498.403015][ T3646] bridge0: port 2(bridge_slave_1) entered forwarding state [ 498.524268][ T8958] loop3: detected capacity change from 0 to 512 [ 498.625096][ T8958] EXT4-fs (loop3): Test dummy encryption mode enabled [ 498.636702][ T8958] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 498.724824][ T8962] loop1: detected capacity change from 0 to 256 [ 498.753648][ T8958] EXT4-fs (loop3): 1 truncate cleaned up [ 498.761943][ T8958] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 498.817169][ T8962] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 498.828562][ T8962] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 499.043400][ T8962] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 499.104358][ T5797] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 499.539516][ T8978] loop3: detected capacity change from 0 to 256 [ 499.571863][ T8978] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 499.583572][ T8978] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 499.656423][ T8978] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 499.910653][ T5803] Bluetooth: hci2: command tx timeout [ 499.967627][ T8875] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 500.055428][ T8982] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1158'. [ 501.129553][ T30] audit: type=1326 audit(1748014718.535:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9001 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 501.155755][ T30] audit: type=1326 audit(1748014718.545:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9001 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 501.182989][ T30] audit: type=1326 audit(1748014718.565:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9001 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 501.206207][ T30] audit: type=1326 audit(1748014718.585:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9001 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 501.230320][ T30] audit: type=1326 audit(1748014718.585:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9001 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 501.406713][ T30] audit: type=1326 audit(1748014718.695:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9001 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5547b85927 code=0x7ffc0000 [ 501.431061][ T30] audit: type=1326 audit(1748014718.695:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9001 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5547b2ab39 code=0x7ffc0000 [ 501.456542][ T30] audit: type=1326 audit(1748014718.715:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9001 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5547b8e969 code=0x7ffc0000 [ 501.481948][ T30] audit: type=1326 audit(1748014718.755:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9001 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5547b85927 code=0x7ffc0000 [ 501.507782][ T30] audit: type=1326 audit(1748014718.755:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9001 comm="syz.1.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5547b2ab39 code=0x7ffc0000 [ 502.077769][ T8875] veth0_vlan: entered promiscuous mode [ 502.119302][ T5857] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 502.159736][ T8875] veth1_vlan: entered promiscuous mode [ 502.337504][ T5857] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 502.349118][ T5857] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 502.350208][ T8875] veth0_macvtap: entered promiscuous mode [ 502.359376][ T5857] usb 2-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00 [ 502.379211][ T5857] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.416914][ T5803] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 502.425960][ T5803] Bluetooth: hci1: Injecting HCI hardware error event [ 502.436111][ T8875] veth1_macvtap: entered promiscuous mode [ 502.438235][ T5803] Bluetooth: hci1: hardware error 0x00 [ 502.451419][ T5857] usb 2-1: config 0 descriptor?? [ 503.026276][ T5857] hid_mf 0003:0079:1846.000B: unknown main item tag 0x0 [ 503.043679][ T5857] hid_mf 0003:0079:1846.000B: unknown main item tag 0x0 [ 503.051963][ T5857] hid_mf 0003:0079:1846.000B: unknown main item tag 0x0 [ 503.059331][ T5857] hid_mf 0003:0079:1846.000B: unknown main item tag 0x0 [ 503.066555][ T5857] hid_mf 0003:0079:1846.000B: unknown main item tag 0x0 [ 503.074035][ T5857] hid_mf 0003:0079:1846.000B: unknown main item tag 0x0 [ 503.081459][ T5857] hid_mf 0003:0079:1846.000B: unknown main item tag 0x0 [ 503.095771][ T5857] hid_mf 0003:0079:1846.000B: unknown main item tag 0x0 [ 503.105061][ T5857] hid_mf 0003:0079:1846.000B: unknown main item tag 0x0 [ 503.112514][ T5857] hid_mf 0003:0079:1846.000B: unknown main item tag 0x0 [ 503.119877][ T5857] hid_mf 0003:0079:1846.000B: item fetching failed at offset 10/11 [ 503.274115][ T9019] loop4: detected capacity change from 0 to 32768 [ 503.353027][ T5857] hid_mf 0003:0079:1846.000B: HID parse failed. [ 503.360240][ T5857] hid_mf 0003:0079:1846.000B: probe with driver hid_mf failed with error -22 [ 503.376026][ T5857] usb 2-1: USB disconnect, device number 8 [ 503.413199][ T8875] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 503.474102][ T9019] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 503.484710][ T8875] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 503.539870][ T8875] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.541205][ T9030] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 503.548973][ T8875] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.568378][ T8875] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.577435][ T8875] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.892464][ T9019] XFS (loop4): Ending clean mount [ 503.921732][ T9019] XFS (loop4): Quotacheck needed: Please wait. [ 503.964772][ T9019] XFS (loop4): Quotacheck: Done. [ 504.149388][ T5796] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 504.469596][ T5803] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 505.139492][ T9052] loop5: detected capacity change from 0 to 1024 [ 505.321909][ T5857] kernel write not supported for file /binder/transactions (pid: 5857 comm: kworker/0:4) [ 506.244248][ T9068] loop4: detected capacity change from 0 to 256 [ 506.283768][ T9069] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1187'. [ 506.293210][ T9069] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1187'. [ 507.336773][ T9088] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1196'. [ 507.368227][ T9090] UHID_CREATE from different security context by process 568 (syz.4.1195), this is not allowed. [ 507.384958][ T5856] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 507.459339][ T5856] hid-generic 0000:0000:0000.000C: hidraw0: HID v0.00 Device [syz1] on syz0 [ 507.940219][ T9099] loop5: detected capacity change from 0 to 128 [ 507.949185][ T9099] EXT4-fs: Ignoring removed nobh option [ 508.031768][ T9099] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 508.134391][ T9099] ext4 filesystem being mounted at /191/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 508.321315][ T9099] fscrypt (loop5, inode 12): Can't use IV_INO_LBLK_64 policy on filesystem 'loop5' because it doesn't have stable inode numbers [ 508.655894][ T6436] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 508.669383][ T3646] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 508.677474][ T3646] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 508.861172][ T9118] loop1: detected capacity change from 0 to 1024 [ 508.934554][ T5078] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 508.942832][ T5078] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 509.005408][ T9120] loop5: detected capacity change from 0 to 256 [ 509.015115][ T9118] syz.1.1208: attempt to access beyond end of device [ 509.015115][ T9118] loop1: rw=2049, sector=5778, nr_sectors = 2 limit=1024 [ 509.035490][ T9118] Buffer I/O error on dev loop1, logical block 2889, lost async page write [ 509.095139][ T9120] exfat: Deprecated parameter 'utf8' [ 509.263156][ T9122] dccp_invalid_packet: P.Data Offset(10) too large [ 509.416558][ T9124] loop4: detected capacity change from 0 to 1024 [ 510.327050][ T9141] loop4: detected capacity change from 0 to 2048 [ 511.063161][ T9153] loop5: detected capacity change from 0 to 256 [ 511.244693][ T9150] loop7: detected capacity change from 0 to 2048 [ 511.328819][ T9150] EXT4-fs: Ignoring removed mblk_io_submit option [ 511.516990][ T9150] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 512.060767][ T8875] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 512.639736][ T9174] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1229'. [ 512.983718][ T9179] loop1: detected capacity change from 0 to 2048 [ 513.090615][ T9179] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 513.390090][ T9185] loop3: detected capacity change from 0 to 1024 [ 513.487796][ T9185] hfsplus: failed to load root directory [ 513.792740][ T9189] loop4: detected capacity change from 0 to 2048 [ 513.856006][ T9189] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 513.864057][ T9189] UDF-fs: Scanning with blocksize 512 failed [ 513.981403][ T9189] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 515.836355][ T9232] netlink: 'syz.7.1254': attribute type 21 has an invalid length. [ 515.844894][ T9232] netlink: 164 bytes leftover after parsing attributes in process `syz.7.1254'. [ 516.490548][ T5803] block nbd1: Receive control failed (result -32) [ 516.655009][ T9246] loop5: detected capacity change from 0 to 128 [ 516.670177][ T9246] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1) [ 516.697950][ T9246] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 516.710245][ T9246] FAT-fs (loop5): Filesystem has been set read-only [ 516.808394][ T6436] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 516.881687][ T9250] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1263'. [ 517.207831][ T9253] loop4: detected capacity change from 0 to 2048 [ 517.285348][ T9253] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 517.548546][ T9262] loop3: detected capacity change from 0 to 16 [ 517.611474][ T9262] erofs (device loop3): mounted with root inode @ nid 36. [ 517.669810][ T9262] erofs (device loop3): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 517.689758][ T9262] erofs (device loop3): failed to decompress -29 in[58, 4038] out[1851] [ 517.698555][ T9262] erofs (device loop3): read error -117 @ 43 of nid 36 [ 517.785856][ T9262] erofs (device loop3): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 517.794941][ T9262] erofs (device loop3): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 517.803916][ T9262] erofs (device loop3): readahead error at folio 42 @ nid 36 [ 517.811932][ T9262] erofs (device loop3): bogus lookback distance 774 @ lcn 40 of nid 36 [ 517.820640][ T9262] erofs (device loop3): readahead error at folio 41 @ nid 36 [ 517.828582][ T9262] erofs (device loop3): bogus lookback distance 774 @ lcn 40 of nid 36 [ 517.840662][ T9262] erofs (device loop3): readahead error at folio 40 @ nid 36 [ 517.849966][ T9262] erofs (device loop3): readahead error at folio 39 @ nid 36 [ 517.857695][ T9262] erofs (device loop3): readahead error at folio 38 @ nid 36 [ 517.866082][ T9262] erofs (device loop3): readahead error at folio 36 @ nid 36 [ 517.875133][ T9262] erofs (device loop3): bogus lookback distance 1468 @ lcn 31 of nid 36 [ 517.889395][ T9262] erofs (device loop3): readahead error at folio 31 @ nid 36 [ 517.897653][ T9262] erofs (device loop3): readahead error at folio 25 @ nid 36 [ 517.905670][ T9262] erofs (device loop3): readahead error at folio 24 @ nid 36 [ 517.913807][ T9262] erofs (device loop3): readahead error at folio 19 @ nid 36 [ 517.922893][ T9262] syz.3.1268: attempt to access beyond end of device [ 517.922893][ T9262] loop3: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 517.942323][ T9262] syz.3.1268: attempt to access beyond end of device [ 517.942323][ T9262] loop3: rw=524288, sector=13478624080, nr_sectors = 24 limit=16 [ 517.957388][ T9262] syz.3.1268: attempt to access beyond end of device [ 517.957388][ T9262] loop3: rw=524288, sector=13478624032, nr_sectors = 48 limit=16 [ 517.974379][ T9262] erofs (device loop3): failed to decompress -29 in[58, 4038] out[2639] [ 517.983775][ T9262] erofs (device loop3): bogus lookback distance 1586 @ lcn 46 of nid 36 [ 517.992588][ T9262] erofs (device loop3): readahead error at folio 47 @ nid 36 [ 518.000406][ T9262] erofs (device loop3): bogus lookback distance 1586 @ lcn 46 of nid 36 [ 518.009207][ T9262] erofs (device loop3): readahead error at folio 46 @ nid 36 [ 518.017128][ T9262] erofs (device loop3): readahead error at folio 45 @ nid 36 [ 518.031085][ T9262] syz.3.1268: attempt to access beyond end of device [ 518.031085][ T9262] loop3: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 518.049454][ T9262] erofs (device loop3): failed to decompress -29 in[58, 4038] out[3537] [ 518.077548][ T9267] loop7: detected capacity change from 0 to 1024 [ 518.115982][ T9267] EXT4-fs: Ignoring removed orlov option [ 518.122793][ T9267] EXT4-fs: Ignoring removed nobh option [ 518.129011][ T9267] EXT4-fs: Ignoring removed bh option [ 518.360315][ T9267] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 518.485572][ T9277] input: syz0 as /devices/virtual/input/input11 [ 518.825849][ T8875] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 519.308221][ T9290] loop7: detected capacity change from 0 to 512 [ 519.696787][ T9290] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 519.711445][ T9290] ext4 filesystem being mounted at /13/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 519.822603][ T9290] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 520.200378][ T8875] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 520.352248][ T9307] loop1: detected capacity change from 0 to 256 [ 520.629151][ T9307] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 521.265069][ T9321] loop5: detected capacity change from 0 to 64 [ 521.535566][ T9315] loop7: detected capacity change from 0 to 40427 [ 521.584458][ T9315] F2FS-fs (loop7): invalid crc value [ 521.921662][ T9315] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 523.933877][ T9352] loop5: detected capacity change from 0 to 512 [ 524.110530][ T9352] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 524.124016][ T9352] ext4 filesystem being mounted at /212/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 524.148699][ T9356] netlink: 95 bytes leftover after parsing attributes in process `syz.4.1306'. [ 524.238846][ T9352] EXT4-fs error (device loop5): ext4_do_update_inode:5211: inode #4: comm syz.5.1304: corrupted inode contents [ 524.265674][ T9352] EXT4-fs error (device loop5): ext4_dirty_inode:6103: inode #4: comm syz.5.1304: mark_inode_dirty error [ 524.301433][ T9352] EXT4-fs error (device loop5): ext4_do_update_inode:5211: inode #4: comm syz.5.1304: corrupted inode contents [ 524.363430][ T9352] EXT4-fs error (device loop5): __ext4_ext_dirty:207: inode #4: comm syz.5.1304: mark_inode_dirty error [ 524.435345][ T9352] __quota_error: 4 callbacks suppressed [ 524.435429][ T9352] Quota error (device loop5): write_blk: dquota write failed [ 524.450024][ T9352] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 524.460701][ T9352] EXT4-fs error (device loop5): ext4_acquire_dquot:6935: comm syz.5.1304: Failed to acquire dquot type 1 [ 524.461521][ T9360] EXT4-fs error (device loop5): ext4_do_update_inode:5211: inode #4: comm syz.5.1304: corrupted inode contents [ 524.547111][ T9360] EXT4-fs error (device loop5): ext4_dirty_inode:6103: inode #4: comm syz.5.1304: mark_inode_dirty error [ 524.560740][ T9360] EXT4-fs error (device loop5): ext4_do_update_inode:5211: inode #4: comm syz.5.1304: corrupted inode contents [ 524.574293][ T9360] EXT4-fs error (device loop5): __ext4_ext_dirty:207: inode #4: comm syz.5.1304: mark_inode_dirty error [ 524.598224][ T9360] Quota error (device loop5): write_blk: dquota write failed [ 524.605843][ T9360] Quota error (device loop5): find_free_dqentry: Can't write quota data block 5 [ 524.615822][ T9360] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 524.626280][ T9360] EXT4-fs error (device loop5): ext4_acquire_dquot:6935: comm syz.5.1304: Failed to acquire dquot type 1 [ 524.655156][ T9361] Quota error (device loop5): do_insert_tree: Inserting already present quota entry (block 7) [ 524.666308][ T9361] Quota error (device loop5): qtree_write_dquot: Error -5 occurred while creating quota [ 524.700159][ T9369] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1310'. [ 524.961156][ T6436] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 527.608388][ T9414] loop3: detected capacity change from 0 to 1024 [ 527.950554][ T9422] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1334'. [ 528.369247][ T3980] hfsplus: b-tree write err: -5, ino 4 [ 528.528456][ T5856] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 528.751345][ T5856] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 528.762790][ T5856] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 528.773778][ T5856] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 528.783339][ T5856] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.890561][ T5856] usb 6-1: config 0 descriptor?? [ 529.335828][ T5856] pyra 0003:1E7D:2CF6.000D: unknown main item tag 0x0 [ 529.343098][ T5856] pyra 0003:1E7D:2CF6.000D: unknown main item tag 0x0 [ 529.421067][ T5856] pyra 0003:1E7D:2CF6.000D: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.5-1/input0 [ 529.737092][ T5856] pyra 0003:1E7D:2CF6.000D: couldn't init struct pyra_device [ 529.745734][ T5856] pyra 0003:1E7D:2CF6.000D: couldn't install mouse [ 529.826398][ T5856] pyra 0003:1E7D:2CF6.000D: probe with driver pyra failed with error -71 [ 529.896497][ T5856] usb 6-1: USB disconnect, device number 8 [ 530.112250][ T9446] loop1: detected capacity change from 0 to 32768 [ 530.128481][ T9446] btrfs: Deprecated parameter 'usebackuproot' [ 530.134831][ T9446] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 530.150853][ T9446] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1345 (9446) [ 530.178385][ T9446] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 530.189336][ T9446] BTRFS info (device loop1): using crc32c (crc32c-x86_64) checksum algorithm [ 530.198758][ T9446] BTRFS info (device loop1): using free-space-tree [ 530.280308][ T5857] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 530.383805][ T9446] BTRFS info (device loop1): rebuilding free space tree [ 530.424186][ T9446] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 530.469669][ T5857] usb 8-1: Using ep0 maxpacket: 16 [ 531.000052][ T5857] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 531.010640][ T5857] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 531.094151][ T5857] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 531.103865][ T5857] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 531.112462][ T5857] usb 8-1: Product: syz [ 531.116878][ T5857] usb 8-1: Manufacturer: syz [ 531.121924][ T5857] usb 8-1: SerialNumber: syz [ 531.536085][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 531.572976][ T5857] usb 8-1: 0:2 : does not exist [ 531.637124][ T5857] usb 8-1: USB disconnect, device number 2 [ 533.588688][ T9512] tap0: tun_chr_ioctl cmd 1074025680 [ 533.772770][ T9514] netlink: 124 bytes leftover after parsing attributes in process `syz.1.1370'. [ 536.108710][ T5857] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 536.285859][ T9558] loop3: detected capacity change from 0 to 1024 [ 536.293628][ T5857] usb 2-1: Using ep0 maxpacket: 16 [ 536.319102][ T5857] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 536.327626][ T5857] usb 2-1: config 0 has no interface number 0 [ 536.334429][ T5857] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 536.345721][ T5857] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 536.395203][ T5857] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 536.404901][ T5857] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 536.413461][ T5857] usb 2-1: Product: syz [ 536.417850][ T5857] usb 2-1: SerialNumber: syz [ 536.441595][ T5857] usb 2-1: config 0 descriptor?? [ 536.459402][ T5857] cm109 2-1:0.8: invalid payload size 0, expected 4 [ 536.462794][ T9558] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 536.478578][ T5857] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input13 [ 536.534801][ T5856] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 536.673347][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 536.685971][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 536.696213][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 536.704524][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 536.712382][ T5857] usb 2-1: USB disconnect, device number 9 [ 536.718591][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 536.718718][ C0] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 536.753086][ T5857] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 536.806887][ T5856] usb 6-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 536.819970][ T5856] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 536.828518][ T5856] usb 6-1: Product: syz [ 536.832949][ T5856] usb 6-1: Manufacturer: syz [ 536.837879][ T5856] usb 6-1: SerialNumber: syz [ 536.897731][ T5856] usb 6-1: config 0 descriptor?? [ 536.931757][ T5856] gspca_main: sq930x-2.14.0 probing 2770:930c [ 536.933771][ T9570] loop4: detected capacity change from 0 to 128 [ 536.974068][ T9570] EXT4-fs: Ignoring removed nobh option [ 537.036089][ T9570] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 537.056858][ T5797] EXT4-fs error (device loop3): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size [ 537.080800][ T9570] ext4 filesystem being mounted at /299/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 537.102847][ T5797] EXT4-fs error (device loop3): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size [ 537.120409][ T5797] EXT4-fs error (device loop3): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size [ 537.139160][ T5797] EXT4-fs error (device loop3): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size [ 537.154519][ T5797] EXT4-fs error (device loop3): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size [ 537.175272][ T5797] EXT4-fs error (device loop3): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size [ 537.204945][ T5797] EXT4-fs error (device loop3): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size [ 537.221179][ T5797] EXT4-fs error (device loop3): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size [ 537.239321][ T5797] EXT4-fs error (device loop3): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size [ 537.275061][ T5797] EXT4-fs error (device loop3): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size [ 537.309309][ T9570] fscrypt (loop4, inode 12): Unsupported log2_data_unit_size in encryption policy: 215 [ 537.486588][ T5796] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 537.783378][ T5856] gspca_sq930x: ucbus_write failed -71 [ 537.978699][ T5857] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 538.021956][ T5856] gspca_sq930x: Sensor ov9630 not yet treated [ 538.028737][ T5856] sq930x 6-1:0.0: probe with driver sq930x failed with error -22 [ 538.293409][ T5857] usb 2-1: New USB device found, idVendor=05ac, idProduct=b301, bcdDevice=e4.00 [ 538.303238][ T5857] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.311852][ T5857] usb 2-1: Product: syz [ 538.321028][ T5857] usb 2-1: Manufacturer: syz [ 538.325873][ T5857] usb 2-1: SerialNumber: syz [ 538.535665][ T5857] usb 2-1: config 0 descriptor?? [ 538.894054][ T5857] usb 2-1: USB disconnect, device number 10 [ 538.952987][ T9579] loop7: detected capacity change from 0 to 32768 [ 538.973388][ T5856] usb 6-1: USB disconnect, device number 9 [ 538.998117][ T9579] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 539.177450][ T9594] loop5: detected capacity change from 0 to 64 [ 539.453496][ T3646] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 539.467001][ T3646] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.481673][ T9592] loop4: detected capacity change from 0 to 4096 [ 539.518367][ T6875] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 539.533850][ T9592] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512). [ 539.588333][ T3646] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 539.601877][ T3646] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.669176][ T9579] XFS (loop7): Ending clean mount [ 539.829736][ T8875] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 539.877693][ T3646] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 539.888783][ T3646] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.033417][ T3646] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 540.045350][ T3646] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.804639][ T3646] bridge_slave_1: left allmulticast mode [ 540.810929][ T3646] bridge_slave_1: left promiscuous mode [ 540.817569][ T3646] bridge0: port 2(bridge_slave_1) entered disabled state [ 540.889877][ T3646] bridge_slave_0: left allmulticast mode [ 540.895794][ T3646] bridge_slave_0: left promiscuous mode [ 540.902891][ T3646] bridge0: port 1(bridge_slave_0) entered disabled state [ 541.844321][ T3646] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 541.917425][ T3646] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 541.953785][ T3646] bond0 (unregistering): Released all slaves [ 542.531147][ T3646] hsr_slave_0: left promiscuous mode [ 542.558393][ T3646] hsr_slave_1: left promiscuous mode [ 542.566253][ T3646] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 542.574241][ T3646] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 542.609688][ T3646] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 542.621776][ T3646] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 542.742209][ T3646] veth1_macvtap: left promiscuous mode [ 542.749704][ T3646] veth0_macvtap: left promiscuous mode [ 542.755598][ T3646] veth1_vlan: left promiscuous mode [ 542.761507][ T3646] veth0_vlan: left promiscuous mode [ 543.472024][ T5800] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 543.655802][ T5800] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 543.677037][ T5800] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 543.700950][ T5800] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 543.723332][ T5800] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 544.011857][ T9616] loop7: detected capacity change from 0 to 64 [ 544.273893][ T9612] loop5: detected capacity change from 0 to 32768 [ 544.449684][ T9612] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 544.503578][ T9612] OCFS2: ERROR (device loop5): int ocfs2_validate_dx_root(struct super_block *, struct buffer_head *): Dir Index Root # 28549323745621536 has bad signature  [ 544.523778][ T9612] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 544.534006][ T9612] OCFS2: File system is now read-only. [ 544.539902][ T9612] (syz.5.1410,9612,1):ocfs2_find_entry_dx:1029 ERROR: status = -30 [ 544.558765][ T9612] OCFS2: ERROR (device loop5): int ocfs2_validate_dx_root(struct super_block *, struct buffer_head *): Dir Index Root # 28549323745621536 has bad signature  [ 544.571851][ T3646] team0 (unregistering): Port device team_slave_1 removed [ 544.584177][ T9612] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 544.598650][ T9612] (syz.5.1410,9612,1):ocfs2_find_entry_dx:1029 ERROR: status = -30 [ 544.606928][ T9612] (syz.5.1410,9612,1):ocfs2_mknod:502 ERROR: status = -30 [ 544.617183][ T9612] (syz.5.1410,9612,1):ocfs2_create:675 ERROR: status = -30 [ 544.704259][ T3646] team0 (unregistering): Port device team_slave_0 removed [ 544.767894][ T6436] ocfs2: Unmounting device (7,5) on (node local) [ 545.101838][ T9607] veth1_to_hsr: default FDB implementation only supports local addresses [ 545.853744][ T5803] Bluetooth: hci1: command tx timeout [ 546.261246][ T9613] chnl_net:caif_netlink_parms(): no params data found [ 547.916062][ T9652] loop7: detected capacity change from 0 to 32768 [ 547.929820][ T5803] Bluetooth: hci1: command tx timeout [ 547.943110][ T1707] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 547.964269][ T9613] bridge0: port 1(bridge_slave_0) entered blocking state [ 547.972185][ T9613] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.981247][ T9613] bridge_slave_0: entered allmulticast mode [ 547.990860][ T9613] bridge_slave_0: entered promiscuous mode [ 548.098412][ T1707] usb 2-1: Using ep0 maxpacket: 8 [ 548.130170][ T1707] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 548.130921][ T9652] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0 [ 548.139611][ T1707] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.139740][ T1707] usb 2-1: Product: syz [ 548.168603][ T1707] usb 2-1: Manufacturer: syz [ 548.172088][ T9613] bridge0: port 2(bridge_slave_1) entered blocking state [ 548.173347][ T1707] usb 2-1: SerialNumber: syz [ 548.183502][ T9613] bridge0: port 2(bridge_slave_1) entered disabled state [ 548.193285][ T9613] bridge_slave_1: entered allmulticast mode [ 548.203091][ T9613] bridge_slave_1: entered promiscuous mode [ 548.244159][ T9652] bcachefs (loop7): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid device 255,noinodes_use_key_cache,nocow [ 548.244159][ T9652] allowing incompatible features above 0.0: (unknown version) [ 548.271483][ C1] vkms_vblank_simulate: vblank timer overrun [ 548.282929][ T9652] bcachefs (loop7): initializing new filesystem [ 548.294299][ T9652] bcachefs (loop7): going read-write [ 548.313019][ T9668] loop4: detected capacity change from 0 to 1024 [ 548.344285][ T1707] usb 2-1: config 0 descriptor?? [ 548.381821][ T9652] bcachefs (loop7): marking superblocks [ 548.445790][ T9652] bcachefs (loop7): initializing freespace [ 548.467460][ T9652] bcachefs (loop7): done initializing freespace [ 548.488425][ T9652] bcachefs (loop7): reading snapshots table [ 548.494828][ T9652] bcachefs (loop7): reading snapshots done [ 548.547384][ T9613] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 548.580588][ T9613] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 548.641423][ T9652] bcachefs (loop7): done starting filesystem [ 548.687521][ T1707] usb 2-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 548.890299][ T9613] team0: Port device team_slave_0 added [ 548.987370][ T9613] team0: Port device team_slave_1 added [ 549.005447][ T3646] hfsplus: b-tree write err: -5, ino 4 [ 549.014151][ T8875] bcachefs (loop7): shutting down [ 549.019785][ T8875] bcachefs (loop7): going read-only [ 549.025480][ T8875] bcachefs (loop7): finished waiting for writes to stop [ 549.052705][ T8875] bcachefs (loop7): flushing journal and stopping allocators, journal seq 2 [ 549.296292][ T1707] usb write operation failed. (-71) [ 549.317663][ T9613] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 549.325010][ T9613] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 549.353147][ T9613] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 549.413656][ T1707] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 549.425437][ T1707] dvbdev: DVB: registering new adapter (Terratec H7) [ 549.434144][ T1707] usb 2-1: media controller created [ 549.451106][ T9613] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 549.453280][ T1707] usb read operation failed. (-71) [ 549.458619][ T9613] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 549.487531][ T1707] usb write operation failed. (-71) [ 549.489531][ C1] vkms_vblank_simulate: vblank timer overrun [ 549.494006][ T9613] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 549.511725][ T1707] dvb_usb_az6007 2-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 549.563493][ T8875] bcachefs (loop7): flushing journal and stopping allocators complete, journal seq 3 [ 549.591520][ T1707] usb 2-1: USB disconnect, device number 11 [ 549.619412][ T8875] bcachefs (loop7): clean shutdown complete, journal seq 4 [ 549.663819][ T8875] bcachefs (loop7): marking filesystem clean [ 549.805734][ T9613] hsr_slave_0: entered promiscuous mode [ 549.815847][ T9613] hsr_slave_1: entered promiscuous mode [ 549.854893][ T8875] bcachefs (loop7): shutdown complete [ 549.994852][ T5803] Bluetooth: hci1: command tx timeout [ 551.264641][ T9688] loop1: detected capacity change from 0 to 32768 [ 551.374951][ T9688] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 551.652257][ T9688] XFS (loop1): Ending clean mount [ 551.664918][ T9688] XFS (loop1): Quotacheck needed: Please wait. [ 551.722109][ T9688] XFS (loop1): Quotacheck: Done. [ 551.754344][ T9613] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 551.828181][ T9613] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 551.866974][ T9613] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 551.895486][ T5805] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 551.920887][ T9613] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 552.079016][ T5803] Bluetooth: hci1: command tx timeout [ 552.255455][ T9706] loop5: detected capacity change from 0 to 256 [ 552.300508][ T9706] exfat: Unknown parameter 'namecascard' [ 552.430315][ T9708] loop4: detected capacity change from 0 to 1024 [ 552.500343][ T9708] EXT4-fs: Ignoring removed nobh option [ 552.506314][ T9708] EXT4-fs: Ignoring removed bh option [ 552.694442][ T9708] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 553.093485][ T9613] 8021q: adding VLAN 0 to HW filter on device bond0 [ 553.255413][ T9714] loop5: detected capacity change from 0 to 2048 [ 553.308303][ T9613] 8021q: adding VLAN 0 to HW filter on device team0 [ 553.373351][ T9714] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 553.405536][ T4460] bridge0: port 1(bridge_slave_0) entered blocking state [ 553.413220][ T4460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 553.487836][ T4460] bridge0: port 2(bridge_slave_1) entered blocking state [ 553.495482][ T4460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 553.530969][ T5796] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 553.560665][ T9715] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 554.656482][ T9727] loop4: detected capacity change from 0 to 2048 [ 554.737941][ T9727] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 554.824448][ T9733] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 555.160084][ T9613] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 556.162332][ T9756] loop7: detected capacity change from 0 to 512 [ 556.205044][ T9756] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 556.277369][ T9756] EXT4-fs (loop7): 1 truncate cleaned up [ 556.285906][ T9756] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 556.873412][ T8875] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 556.939771][ T9770] loop1: detected capacity change from 0 to 164 [ 557.017391][ T9770] syz.1.1458: attempt to access beyond end of device [ 557.017391][ T9770] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 557.032296][ T9770] syz.1.1458: attempt to access beyond end of device [ 557.032296][ T9770] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 557.124680][ T9613] veth0_vlan: entered promiscuous mode [ 557.243127][ T9613] veth1_vlan: entered promiscuous mode [ 557.444193][ T9613] veth0_macvtap: entered promiscuous mode [ 557.487735][ T9775] smc: net device bond0 applied user defined pnetid SYZ2 [ 557.514131][ T9613] veth1_macvtap: entered promiscuous mode [ 557.580673][ T9777] smc: net device bond0 erased user defined pnetid SYZ2 [ 557.676611][ T9613] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 557.791933][ T9613] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 557.865464][ T9613] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.879409][ T9613] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.889736][ T9613] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.898864][ T9613] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.167527][ T9785] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1466'. [ 560.409410][ T9825] loop7: detected capacity change from 0 to 256 [ 561.318858][ T5078] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting [ 561.377523][ T5078] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 562.027409][ T9849] loop4: detected capacity change from 0 to 1024 [ 562.243708][ T9849] syz.4.1486: attempt to access beyond end of device [ 562.243708][ T9849] loop4: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 562.295885][ T9857] syz.4.1486: attempt to access beyond end of device [ 562.295885][ T9857] loop4: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 562.401007][ T9857] syz.4.1486: attempt to access beyond end of device [ 562.401007][ T9857] loop4: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 563.731142][ T3732] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 563.740201][ T3732] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 563.856074][ T9878] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1498'. [ 563.988486][ T4226] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 563.996778][ T4226] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 564.710314][ T9891] program syz.8.1406 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 565.016536][ T5856] kernel write not supported for file /media2 (pid: 5856 comm: kworker/1:4) [ 565.071261][ T9899] loop4: detected capacity change from 0 to 64 [ 565.454514][ T4226] ===================================================== [ 565.462112][ T4226] BUG: KMSAN: uninit-value in n_tty_receive_buf_closing+0xfe/0x9a0 [ 565.470472][ T4226] n_tty_receive_buf_closing+0xfe/0x9a0 [ 565.476229][ T4226] n_tty_receive_buf_common+0x19d5/0x2540 [ 565.482357][ T4226] n_tty_receive_buf2+0x4c/0x60 [ 565.487580][ T4226] tty_ldisc_receive_buf+0xc3/0x2c0 [ 565.493191][ T4226] tty_port_default_receive_buf+0xd7/0x1a0 [ 565.499359][ T4226] flush_to_ldisc+0x44f/0xdb0 [ 565.504536][ T4226] process_scheduled_works+0xb9a/0x1d90 [ 565.510856][ T4226] worker_thread+0xedf/0x1590 [ 565.515778][ T4226] kthread+0xd5c/0xf00 [ 565.520877][ T4226] ret_from_fork+0x71/0x90 [ 565.525563][ T4226] ret_from_fork_asm+0x1a/0x30 [ 565.530654][ T4226] [ 565.533092][ T4226] Uninit was stored to memory at: [ 565.538526][ T4226] n_tty_receive_buf_closing+0xf7/0x9a0 [ 565.544286][ T4226] n_tty_receive_buf_common+0x19d5/0x2540 [ 565.550374][ T4226] n_tty_receive_buf2+0x4c/0x60 [ 565.560452][ T4226] tty_ldisc_receive_buf+0xc3/0x2c0 [ 565.565899][ T4226] tty_port_default_receive_buf+0xd7/0x1a0 [ 565.575171][ T4226] flush_to_ldisc+0x44f/0xdb0 [ 565.580711][ T4226] process_scheduled_works+0xb9a/0x1d90 [ 565.586567][ T4226] worker_thread+0xedf/0x1590 [ 565.591599][ T4226] kthread+0xd5c/0xf00 [ 565.595936][ T4226] ret_from_fork+0x71/0x90 [ 565.600655][ T4226] ret_from_fork_asm+0x1a/0x30 [ 565.605693][ T4226] [ 565.608380][ T4226] Uninit was created at: [ 565.612927][ T4226] __kmalloc_noprof+0x95f/0x1310 [ 565.618174][ T4226] __tty_buffer_request_room+0x3d4/0x7a0 [ 565.624119][ T4226] __tty_insert_flip_string_flags+0x157/0x6f0 [ 565.631368][ T4226] uart_insert_char+0x368/0x930 [ 565.636475][ T4226] serial8250_read_char+0x1ba/0x670 [ 565.641997][ T4226] serial8250_handle_irq+0x930/0x1110 [ 565.647577][ T4226] serial8250_default_handle_irq+0x116/0x2b0 [ 565.659776][ T4226] serial8250_interrupt+0xc8/0x400 [ 565.665168][ T4226] __handle_irq_event_percpu+0x11c/0xbf0 [ 565.673261][ T4226] handle_irq_event+0xe0/0x2a0 [ 565.678345][ T4226] handle_edge_irq+0x450/0xfd0 [ 565.683352][ T4226] __common_interrupt+0xa2/0x220 [ 565.688622][ T4226] common_interrupt+0x94/0xb0 [ 565.693491][ T4226] asm_common_interrupt+0x2b/0x40 [ 565.698958][ T4226] [ 565.701431][ T4226] CPU: 1 UID: 0 PID: 4226 Comm: kworker/u8:21 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(undef) [ 565.714122][ T4226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 565.724526][ T4226] Workqueue: events_unbound flush_to_ldisc [ 565.730700][ T4226] ===================================================== [ 565.737857][ T4226] Disabling lock debugging due to kernel taint [ 565.744265][ T4226] Kernel panic - not syncing: kmsan.panic set ... [ 565.750838][ T4226] CPU: 1 UID: 0 PID: 4226 Comm: kworker/u8:21 Tainted: G B 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(undef) [ 565.765007][ T4226] Tainted: [B]=BAD_PAGE [ 565.769279][ T4226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 565.779505][ T4226] Workqueue: events_unbound flush_to_ldisc [ 565.785553][ T4226] Call Trace: [ 565.788965][ T4226] [ 565.792023][ T4226] __dump_stack+0x26/0x30 [ 565.796582][ T4226] dump_stack_lvl+0x53/0x270 [ 565.801399][ T4226] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 565.807518][ T4226] dump_stack+0x1e/0x25 [ 565.811940][ T4226] panic+0x4bd/0xd50 [ 565.816108][ T4226] kmsan_report+0x29d/0x2a0 [ 565.820843][ T4226] ? remove_rmap_item_from_tree+0x317/0x8e0 [ 565.826979][ T4226] ? __msan_warning+0x96/0x120 [ 565.831995][ T4226] ? n_tty_receive_buf_closing+0xfe/0x9a0 [ 565.837921][ T4226] ? n_tty_receive_buf_common+0x19d5/0x2540 [ 565.843989][ T4226] ? n_tty_receive_buf2+0x4c/0x60 [ 565.849253][ T4226] ? tty_ldisc_receive_buf+0xc3/0x2c0 [ 565.854861][ T4226] ? tty_port_default_receive_buf+0xd7/0x1a0 [ 565.861086][ T4226] ? flush_to_ldisc+0x44f/0xdb0 [ 565.866144][ T4226] ? process_scheduled_works+0xb9a/0x1d90 [ 565.872075][ T4226] ? worker_thread+0xedf/0x1590 [ 565.877205][ T4226] ? kthread+0xd5c/0xf00 [ 565.881624][ T4226] ? ret_from_fork+0x71/0x90 [ 565.886450][ T4226] ? ret_from_fork_asm+0x1a/0x30 [ 565.891582][ T4226] ? ret_from_fork_asm+0x1a/0x30 [ 565.896758][ T4226] ? __update_load_avg_cfs_rq+0xc30/0x1010 [ 565.902903][ T4226] ? update_curr_dl_se+0x1d7/0xb40 [ 565.908222][ T4226] ? kmsan_get_metadata+0x105/0x1b0 [ 565.913647][ T4226] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 565.919659][ T4226] ? kmsan_get_metadata+0x105/0x1b0 [ 565.925058][ T4226] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 565.931074][ T4226] ? kmsan_get_metadata+0x105/0x1b0 [ 565.936478][ T4226] __msan_warning+0x96/0x120 [ 565.941242][ T4226] n_tty_receive_buf_closing+0xfe/0x9a0 [ 565.946982][ T4226] n_tty_receive_buf_common+0x19d5/0x2540 [ 565.952891][ T4226] ? _raw_spin_trylock_bh+0x81/0xc0 [ 565.958304][ T4226] ? stack_depot_save_flags+0x35/0x7c0 [ 565.964015][ T4226] n_tty_receive_buf2+0x4c/0x60 [ 565.969216][ T4226] ? __pfx_n_tty_receive_buf2+0x10/0x10 [ 565.974991][ T4226] tty_ldisc_receive_buf+0xc3/0x2c0 [ 565.980380][ T4226] tty_port_default_receive_buf+0xd7/0x1a0 [ 565.986392][ T4226] flush_to_ldisc+0x44f/0xdb0 [ 565.991285][ T4226] ? __pfx_tty_port_default_receive_buf+0x10/0x10 [ 565.997947][ T4226] ? __pfx_flush_to_ldisc+0x10/0x10 [ 566.003364][ T4226] process_scheduled_works+0xb9a/0x1d90 [ 566.009205][ T4226] worker_thread+0xedf/0x1590 [ 566.014121][ T4226] kthread+0xd5c/0xf00 [ 566.018397][ T4226] ? __pfx_worker_thread+0x10/0x10 [ 566.023731][ T4226] ? __pfx_kthread+0x10/0x10 [ 566.028510][ T4226] ret_from_fork+0x71/0x90 [ 566.033139][ T4226] ? __pfx_kthread+0x10/0x10 [ 566.037931][ T4226] ret_from_fork_asm+0x1a/0x30 [ 566.042935][ T4226] [ 566.046371][ T4226] Kernel Offset: disabled [ 566.050795][ T4226] Rebooting in 86400 seconds..