last executing test programs: 2m54.924264059s ago: executing program 1 (id=1698): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, 0x0, 0x6e6bb5}}, 0xb8}}, 0x0) 2m54.074673272s ago: executing program 1 (id=1701): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "0a1fb0699d46dac48f29d158dbe8cfb1979e12979688dc039b90627d7b60f0d5ca47f33eed46409b7c8722ce020df6b24c2e6ac7b97dc04d01be2092874115214b1ebb764511f69cd1e9f6263346363d2c639c7667ce67af25166c2f0f8502000000000000002a6f1f892e31dea982c5ab0348d560eae59ea49ef95d73202a6e3b5e1ebb8244e694e7410d33bc92794ad27031f2a19698b51424df36e2a8bf12a84f1d4d132f5bb7edcf2d08d677e6a7268e106b6ced3c7f53df24092ddb9e0fac6a1153c3fc88bfd1404fef22cf3e825a6e19c6a48a5444eabb459af0ec9a278df4011773d2f2e652b442ddf54b47ec67522477f979360b76d100"}, @TCA_RED_PARMS={0x14, 0x1, {0x5, 0x100, 0x10000, 0x9, 0x9c, 0xd, 0x4}}]}}]}, 0x148}, 0x1, 0x0, 0x0, 0x20044801}, 0x4000010) 2m53.485595886s ago: executing program 1 (id=1705): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=@mpls_getroute={0x28, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x8001, 0x12, 0x6}}]}, 0x28}}, 0x0) 2m53.04967266s ago: executing program 1 (id=1709): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20044e, &(0x7f0000000340)={[{@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x1002, 0x0, 0x9, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 2m51.860712568s ago: executing program 1 (id=1714): r0 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x5e5, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0xc, 0x4, @fd_index=0x2, 0x9, 0x0, 0x0, 0x2, 0x1}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) 2m50.820968019s ago: executing program 1 (id=1719): rt_sigaction(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f00000002c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00') preadv(r0, &(0x7f0000000340)=[{&(0x7f0000000180)=""/109, 0x6d}], 0x1, 0x0, 0x0) 2m48.900035439s ago: executing program 32 (id=1719): rt_sigaction(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f00000002c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00') preadv(r0, &(0x7f0000000340)=[{&(0x7f0000000180)=""/109, 0x6d}], 0x1, 0x0, 0x0) 6.497665692s ago: executing program 0 (id=2810): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0xfffffff8}, 0x10) write(r0, &(0x7f00000000c0)="240000001e005f0214fffffffffffff807000000b800"/36, 0x24) 5.993565424s ago: executing program 0 (id=2812): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000840)={0x18, 0x42, 0x601, 0x0, 0x0, "", [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}]}, 0x18}], 0x1}, 0x800) 5.581300753s ago: executing program 0 (id=2816): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2c, r1, 0x1, 0x70bd27, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24040000}, 0x4000040) 5.369812898s ago: executing program 4 (id=2817): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f00000000c0)={0x80000043, 0x0, 0x0, 0x3}, 0x10) recvmmsg(r0, &(0x7f0000002a80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/72, 0x48}], 0x1}, 0x100}], 0x1, 0x40010000, 0x0) 5.206913549s ago: executing program 5 (id=2818): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001880)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 5.101349351s ago: executing program 0 (id=2820): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) mlock(&(0x7f0000ffb000/0x1000)=nil, 0xffffffffdf004fff) 5.075083347s ago: executing program 4 (id=2822): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$sock(r0, &(0x7f00000044c0), 0x4000000000001c0, 0x0) recvfrom(r1, &(0x7f0000000600)=""/55, 0x37, 0x2040, 0x0, 0x0) 4.549638941s ago: executing program 2 (id=2823): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000840)=@delchain={0x24, 0x5f, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x5, 0x2}, {0x0, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) 4.117174388s ago: executing program 4 (id=2825): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000001300)=ANY=[@ANYBLOB="0015f700000004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000940)={0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB="40073a08000084044c47ebd36fb5a0a6b0a599"], 0x0, 0x0, 0x0, 0x0}) 3.952011946s ago: executing program 2 (id=2826): capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)) r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0258ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100090810000000000007040000", 0x58}], 0x1) 3.649758312s ago: executing program 3 (id=2827): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x2010004, &(0x7f00000001c0)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c756e695f786c6174653d312c696f636861727365743d63703836352c73686f72746e616d653d77696e39352c636f6465706167653d3836392c726f6469722c616c6c6f775f7574696d653d30303030303030303030303030303030303137373737372c73686f72746e616d653d6d697865642c757466383d312c636865636b3d7374726963742c73686f72746e616d653d6c6f7765722c696f636861727365743d6d61636761656c69632c009fe7a64148646d78b2352fb82c3564f8d2296b6f8512835d329176768472a65dd4d0804d842d71bb377c"], 0x25, 0x34c, &(0x7f0000001740)="$eJzs3T9oJGUUAPC3mU12EziTQji0Wu0EOS4RC21MOE44TKEni/8aFy7nn+wqZHEhFtlLo1gqNoJWdldoebVYiNhZ2HqCnIqN1x3c4cjuTHY3mcn9EbOn3u9XhJf3fW++byZDdhKSt6+uxua52Th/9eqVqNcrUV09tRrXKrEUM5FE5kIAAP8n19I0/kgzw8RTN5v90ULMZtHcVHYHAByF4ev/a8fGidrd3A0AMA2Fn//LPVuaffvItgUAHKHC6//D+4YP/Jq/OvqbAADgv+v5l15+Zm094myjUY/ovN9r9prx5Hh87Xy8Ee3YiJOxGDcisgeF7Glh8PHpM+unTzYGflmK5qCi14zo9HvN7ElhLRnW12I5FmMpr09H9cmgfnlY34iIC/3h+tGp9JqzsZCv/+NCbMRKLMb9hfqIM+unVxr5AZqdvfp+xG7U905isP8TsRjfzww/OReD2uxYg8zOcqNxKl3fV9+7WBvOAwAAAAAAAAAAAAAAAAAAAACAo3BiPvLuOY2lUf+btNPvvXc2n9Aojg/7+2TDeX+g3aw/UFrb687zQXKwP9D+/jy9ZjVm7uqZAwAAAAAAAAAAAAAAAAAAwL9Hd3suWu32xlZ3+93NcTDX7k9k3vr2i6/n4+CcN5NxJqrZ4fbNyXMxUZXEqDwdlafJvjl5kETkkyvRunhptOPJObXRWRTKB0GtMFTJ99Rqt4899POnZVV/jjNJjIbqpUtU8vUnhjr3Zamy/dw8qHS3V24x53KapoeV73xSrIp6RLXwhfsngm+uvP7AY93jj3cr1c3WV3nTh0ceXXzh8sef/7bZakd+adrtua3ujfRvr5VM3D+V/DpXSu6E8mB3nNnd6m63kh9+f/HBD787MDkpv3/Sycw7h6/15cHMXBYMtnk7ZzpbcvOXB69cH929d34xj3+22rq089OvexfzVlUT3yQ06gAAAAAAAAAAAAAAAAAAgKmY+F/xO/DEc0e3IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYvvH7/08Eu4XM7QTX+1Ecqm1sdQ9dfH6qpwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD3srwAAAP//JT9zjQ==") ftruncate(0xffffffffffffffff, 0xc17d) lchown(&(0x7f0000000040)='./file0\x00', 0x0, 0xee01) 2.960137063s ago: executing program 2 (id=2828): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSPASS(r0, 0x40087447, &(0x7f0000000040)={0xfffffeb0, 0x0}) 2.805979641s ago: executing program 0 (id=2829): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x1010010, &(0x7f0000000180)={[{@iocharset={'iocharset', 0x3d, 'cp864'}}, {@shortname_mixed}, {@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@iocharset={'iocharset', 0x3d, 'cp437'}}, {@utf8}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'default'}}, {@uni_xlateno}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'cp864'}}, {@fat=@codepage={'codepage', 0x3d, '1251'}}, {@utf8no}, {@uni_xlate}, {@utf8no}, {@shortname_winnt}, {@numtail}]}, 0x1, 0x377, &(0x7f0000000880)="$eJzs3U9om2UYAPAn/dKkm2hzEwUhehO0bLvpxQ3pYFgEleCfgxhcp9JUocXidlhWD4pHwaOevCnowYN4UwRFBA8evKogU/Gguw0cvpJ835ekSZp1YivF3w+WvHvf93nf5/vT5Gv48vaZk7F2dj7OXblyORYWKlE9+eDJuFqJRmRRuhSTalPqAIDD4WpK8UfKjbctTA+pHEBaAMA+6r//PxcRzWjkNa9+Mat/8u4PAIde8fv/kVl9dvkcIOKlfUkJANhnE5//37Wjudb/Vy3/Wx25KwAAOKwee/Kph06tRDzabC5ErL++1dpqxf3D9lPn4oXoxGoci8W4FpFfKPQeKv3H02dWlo81m81u/NyIVkTMFYGt/ErhVNaPr8fxWIxGEV9cbaSUstMfrSwfb/ZFxKVuf/5Yr2y15uNoMf/3R2N1eOFRDtJ/ijizsnyiWQzQWi/juxHbwxsVevkvxWJ8++xgmJTKOxhXli8eL5Mexm+16nF2sBd2/QQEAAAAAAAAAAAAAAAAAAAAAAD+kaXmQGOwfk7qPecr5SwtTWnvr4+TxxfrA23n6wOleoqUfn/l3tYbWexYH2h8fZ4tCwkCAAAAAAAAAAAAAAAAAADAwOb5WrQ7ndWNzfMX1kYL3Y3N83MR0at58asPPj8Sk32uU6jmU9QjBlM0i2kvrLVTVnZOWcRkeNabvKx57+NBxqN96oOtmJpGffemTufmO396e1hzR1aO/NewTxbTNzAbSeOBsZHXb8lTupEdNSicGK2pT8z+aUSkkZrXRsMvPj05YFQiqjMO3MPf7NI0F7unmnqFLy8/f1u599ufpdzd9yw+/sNb7/661u70Zo7+EaxtbF5La+1K2XkPe6MYLvUPwfDcqEReqIyeCdVZA27vrGln3/32xO1vfr23g5JGa17unc9jfbJ8cz4cD6/lhV6aY01HhuHzxUZ0VuennPzXK9z4D+OFW9/55P2Ufvxlz1MMzU28bBSHoPEvvAIBAAAAAAAAAAAAAAAAAAClke+KF1+67uYN87Oi7nvkgNIDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAMx/Pv/I4Xtm4rWyaYZhT+7MdlUX93YjKj9x1sJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/3d8BAAD//2VTYTw=") r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 2.681160481s ago: executing program 5 (id=2830): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@remote, @in6=@empty, 0x8000, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {0xfffffffffffffffc}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0xa00, &(0x7f0000000080)={&(0x7f0000000040)=@flushpolicy={0x1c, 0x1d, 0x1, 0x0, 0x10000000, "", [@policy_type={0xa, 0x10, {0x1}}]}, 0x1c}}, 0x0) 2.427716588s ago: executing program 2 (id=2831): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x24, 0x29, 0xa19702d202eff97b, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r1, {0xfff1}, {0x9, 0xffff}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0xdc}, 0x4000080) 2.22184143s ago: executing program 2 (id=2832): syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000a00)=ANY=[], 0x1, 0x1b1, &(0x7f0000000440)="$eJzs2zFrE2EYB/DnahrTOiSDkzjc6BSafoIGqSAGBCWDgqDYBqQnBQsBHWw3B7+EH8bBVT+JYwfhpLk0aUKEGpocJL/fkodc/rnnfcMleQJ5ff/90cHxSe9V70fUkiQ29iKN8yQasRGXzgIAWCXneR6/8zzPb5/F1rfI87zsjgCARfP5DwDr5/mLl0/anc7+szStRWRf+t1+t7gtjrd78S6yOIydqMefuPiCMFTUjx539nfSgUZ8zU6H+dN+99ZkvhX1aMzOt4p8OpnfjO2r+d2ox93Z+d2Z+Wo8qI7ymxFRj19v4ziyOIiL7Dj/uZWmD592pvJ3Bo8DAACAVdBMRwbzezUm5/dmc/L4eD4u8u3k2r8PTM3XlbhXKXftALCuTj5+OnqTZYcf5ihqw+eYM3694ud2cZIFnuKGisstHd2zt4z9+d+ierXDqWJrwa1Wlr7kJCLK2vDvEVH6yz3XRT0oSngzApZqfPWX3QkAAAAAAAAAAAAAAPAvy/hfUdlrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD9/A0AAP//W1+CbQ==") acct(&(0x7f0000000280)='./file1\x00') mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) 2.054200537s ago: executing program 5 (id=2833): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000b40)={0x4c, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x20, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, 'dont_appraise'}]}]}]}]}, 0x4c}}, 0x0) 2.054017133s ago: executing program 3 (id=2834): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r0, 0x5) 1.758581261s ago: executing program 2 (id=2835): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="6a0e6435", 0x4) 1.730518478s ago: executing program 0 (id=2836): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 1.60169822s ago: executing program 3 (id=2837): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f00000045c0)=ANY=[@ANYBLOB="40100000", @ANYRES16=r1, @ANYBLOB="010000000000000000000c0000001410038004100400fc654c187d6eb5f0ca15095cc8787b50b96435ad3147dd10e867248d37187c2a131a62d105462ce34d5cf8ded36159aea612a3460534d8c298556e91590238f40dd2c7148d365ab6cdd5f2a7f74bac8d59f731c655a46917f18b28ed05e58b70287d26677601258a5c0ab9f679e2e520228c3a1f1aede04c6ba82cc38cc2ab6b35a24fb20e032dedf6f6caf4bfea5435f746f746fd46ca192e3744eb6908b358c10833bf484237ba654641e6186a45957c6345e61ea620fdc74383ce1df4a24e7044bae596f018736424a5bfa438865044e7026fa37a3540fadd0e89d87aecd3bc127e0cb10274991d6127224a0f2a4ef19e2c4dedbe45f2471abcc38c584ead0e3df3f9211022b2421fb6b327361e8f58f2b73134fc5444b350ede95ecef5bbbf9950e75c9f772a3ff0180d2cfac287228709726a6abbab2971982de7f1a9149d71dcbfd212e89ff17cf284b7f8ad82a469cb1c1e3d9d1d3689271c8dad0ba89dda651d4242062ac0bc5877e397236fa9476ac5fac7c2c896babca09d74720004cd0e634327de4fd87ed72ae069c095d2c70caed52e3335478c1c3719925e24f2fd7755baebd5cde385727a0f0440dd3b662248c43ff5afc4f186ff0051ba8eaa07623b79c4bb6985f14c5ac15041a6ff7584f921982e5414481d4db4c76798d70a59b5aeccb6e7882aefe70993758b55b4dc4039c2b1c98452113aaf23ccdf68cb6eff6e048f9da6f39a2def3caaf80cdcbadb83b029b8738391f02fec90c8a8b6f036aae8ceaff5dca7d3e0098423fedc676c6774ab0e6a72bd246c0b3004d1988f802b846d62ca59e9a63ce12814176ec4380e1cf29d27e7b2f7e7eadcaae8f182498ad32e67323fe6ef9508fec40dd38897652053ef92e44a909060c237890c196f0c26ab10248f999001f6231813a81313971bea77a5470f312d9e5957899adc99e430e4010a3a341482c51fb71c23c3cdf92303c7580c73775f9a74685a61ce9849eaca52b97ee7ffe2e672dc1be5267c285a102711b1b5d81d6dbb76494f2892fd4f85244ade3cdd3809fd5fdfce5157fc1658f0bceb379489732583707c170fc6392aa4f5b94843aeb18da58e0156e029c2b722918b1b3dc7c151cb9c248ddd18423629b53cd4b0ab2693b0df29c88c04657f4eccdc41357de8186fdc0ec86f92950734975921a2fde57c3e7176b57c871d76ff8a8f36520b67e64930cf34bcde9ad92d057a359ca022b646df18e2b7202845bd8ac4be5e5ebae436dc4b93dfaaf2778a53e7e4be937e83dac7d1d481bdbd8081ab0ac08af067e62580bbdbf397cbc629db9b023734b6fad7824d1a8b3257c1c18d6ebc928140060f004ec484b183560f830a1eb0c527c8600bb2600d761e847454e677aa29486aa407a9e9a5e9dc9542de038e3e55fdfec13184cdb16716556f972eef5c56230c43d146c86a9147265c309a279db6d138647920410896c5397c5f83634fa5e92b5161f786482d84830864388b91c2c1e3e9f9f038d5fa66f7fe904e14df0a60d46066c6b1f37cec6e13c35832f512be21da21a5921b81cc452b0076c2ec10fd5481cd0e1ca917b40cb3aa839b120ce6eb9773e942b74ececac6bdcd22eb8dd6cd9f148e0ebe5ef3094f42adc39bc5ca2259e1eab5059ccf5e82bb57b97d4d13a90747299b2e6b64f962aabf222e4f287503181de3c3a68fb2b0068583f3b97e40ce06e9805a7121eccac0527b8f1b18a62762efe0a9ce4114b7d1ba942bc93533ee0b1bd7f0a607207b976dfa1fbe3ce0868e7f4e31b41a0aada0ac6b291aefe22ea5338f07e57b981b8e4e4a121f231d2f46989fd5dd09a7c1d198f5886b4f1a222eccdabff096a81fef3c9e497621128562880938fe05a1f1c4da81daba55bf326f1e3a1712d79f01fbef2ee230615d4e454be67f0ad4dc2bfffaecbb683742925738b45854ab713ae548b9709e9ea2e28224ef466bced79e3ec6c163d45db187bc01c75afa85f78003927dcd122086acc8dd1b1224de41d62b83e34083dd39fe68aa5a479ba403f5dbddf9b763ca521b7efca6234be16484f1e0112d963672a6d24cdac15e80bcb82b3b22231670c41fe7e8a0a083b6df768e7fb0d94a004f8372f5cf8b9b45cc679eb67828a94d0ffabfe09d95ad2789cb8657f7ea86a46260416a72e6fc7b44e549a2e39fe015c7647cc0bec15fa63d26894be1cc5326331e7e0b1c505934182accf049bab033b026d48fda51de740afc0666e6c891e0c5192f4b2df21493477ff45319d7d8b816f0b73ccfa12d6846362feb4b85063ca42e950eb577c630300dc52698a38ca19cbbb398404a1e8e27d0be49985e59caef03da096d1ccbeed73bd7c9588325b747ab77f4d7c1c1f18388ce1771882ee680ed737ad197ff92f1052e5e79f6ffa5b85ba3fac5db13e0d0046c9dca0ab4b74b20299ba6bdd758940e088df31e1382cee6901503299028467a864d27affae30fd9aef5a6ff948c052124511a75a46d5a316e28fb6c5bfac787be5833c63c535557235b0e09f9a78a338aa8864613fca77a7e252d1975af2c4a6bcc969d1e20e3cd4dfc1b2fe34b70fd7804dbfde4fa4d950e5fb4eb926dece9e4601b12efe322bb42ac808158fef0a26900000000726654987e7de20d1e41e82c607c33c6bae7bb234744b51dc683d5857afd6ba8246cebc734e393806ef102a6baaf04f3a7c3cb888d5830e1c6ae170c5c920e806b4f518be4416b216cdf9b1658a412d9e4eab6c9b20ce99960f27e77fdf9a2e98b35c63859f9db6bdcbef1001a19e12e41370f9358531987851ab64c250e68a8569ace4418e2118caff7d3d4caf1c87bc50a8ae75770fdae88a8490c041b39d08190d8b7c908caddd66331a508929d53dd6bc2dbc86f97115ff0a364b70f96918e6ed354c97e59ea5e2c7b149cd51d7c85a27ac658e78b99326857858df0ac0ee240cbb6ee9d9ee6c2c2ff7c29dd25fd337dc08bddeb50305ed48b9f5d89c55ffedde29ce0412ea8e2c976f961eb0c4966d2a8be0b657a5e51048a8a10005c488e1f637ce208a35b5aed0c2067465191dc42ebf6e4853cc89998bdf2ef755f38a3cd985b62df36a5ebc3b47df32423ee46857f9db9d756ff69ecd4ef2f307dcaefd4a1f399543952df972269c28200df8ebacad4eed1c00b9ce9841799bea583cafdeaa8d4a371a8ae55d8ffe4846833985975d8b234adff63eace9d2c4d1680c370827ebe1831ef311077607e8c4920506e03528861085dcfdb918f1efe91420c390fbca0a38377e1635c402ec1c34eddae986ffa8756b27f6c340907bae99f4a6b328fca8177b4dfaceea5ad3ceb901dbcefc15ded322bece4e750969e81935764ebe88749464af7e692e3d324c519b456013daae93bd63215540380a7fe08f0e050cdeb25db2a8b9b6f5720ad1e7d2c5b6d609712eccd321d6211fb642a4cdf72504aabd017a9b4827d1e0e0264435a5e1045dbe33834968d2db503972995559b1efe1b9ce475405118346b63f637b1abf8e8374e7100d6b41c9c672d2b244c7a82ffb882522efd9e903fc69db14c469685780005843856c6623591f305d383eae55a1a1d5619dfff0027413f26fa6a793a348ba8b192e1b088745a2175d55517a75d4b63cce41cc0dcaca9002cd37a1ccc6710ba2a099297b0824f976919e8abf3b1510b1305a95241fefbd036afa9d4538affc82f005d29b9f2c0e60d6c20f673b8ca28cb088e1e89efe334f25ffe1a3fb3581e5aa63b9a4a49f269b5538788aacbbc04d49902ae2af1f59d2484ab6ba7a9b477be0d92e221fc48cdbc00bef7125bfe36f9afb1cbd58fef21625ec99ffd2e35fb00767e3f22dba7d36163203cfaf1860a8b1afe0d878ea00fe08f68fd592a6395fb357acbdc2834c8ac85571527dbf1dbaaccede3d583e2b9bf076737716785f44aebc7ba917fb426d5541adff1e75836ab70fb0b43565ab5e24c5902879f31701cc006b4ee2f57be0916cf0b6cd489c4fa9129031a4af75a00048f20eb962f0c6f68cda0d7756a4e83f7d065c4a00b8263d95f6b979507b7ca01735e83a5e5ff0b76f077ef6e4c1150f9202b5311a231b76111d48a387e09075edb2448fb19d2869ae420ada8ee7577fe980ed7e057dc963c0a98db790bb5b7920220f8a55213b6530637b832abdf3c6fefdefb712a2c2c9eba8087ce39335ddabdadb86f493061e593981c6b2d70b4bac3b58885787c46f85c1022f5ff6cec16ba227aa5dac2e0be30522c08369f18d170b9cb454f3ebf86d1e923fdd65245d8e0c476bfedddcb772453f4d0e70d059e79b8811c379c9eff6e45d99f81186930b32b24cdcb906a41fe29c147ed834b37e77800a33c15e65d121ee85a924ef6bbc1c8f4a423fbc5d14645a08178227f4c7f111fa318823a6c075ddf9e131c9bca8d56dec4a68fbab9a0c1a128880d8b4dec59b89ec33c19eb76f09f31ad730cba735b60deba54c399119949e45af4de5c758281945fe6b6a25ac1cd57a81b48f11a6575e79b82e529d4ba1b2a1175cfa03ef6d149b165195fa64736b302e28ee6444368fb395a2d89c8747348b546a07ed0306682971539f0031d88ffa020d0b3d40369e0a3d2238293a75a155eb5c0749f64ed37a9af5be26d5a4322a55a23c33d176280bd0e4c5168f2e66bca925304d0f32074f5e68d7c43f9e2e3f14a6bcf3e77e6b71737131c3e90208072e37c8a6cad1cabd756aa694e85b86256ce13b43541a26438374b6029ee461d223ed34ed1e9a3e580cec7b2b41bc9823b3729e683f079a498636d022799dd94c5e870b6aa7f3d36fb51ffb6c5e317fcde6b5ae45073f8e90ee0fc1fa0641ff6f0b789dcc6df2fe9a3b5e6ed9d2be3403f5af96e7c6019b0a0ce4f8342323638a52c121956de068069fe5c44946b5023e1db7742fec29cb749bcdc09d795b683c553dbae1298540b2cf1bc3e5e52adf252bca47ba2182c80541daf1d11b1c67675171e69c1abe3c0bc3a0f2d1a6e2165ca1647c394970a404a6002621a258cef01e2ca12a138888dace9ad06d2f0c0209f286c11b289626aa557cc201560651054a6042e84c6fc5e345e2f702d61851fed5ffa36ade652f76db815dabb7b8eee016ea0836d0086f2a2f7bd1c4a4ceb1d706817b41347a891c34b45eb06a9ecb19041d5a39f050cb0413662dc4700385fac2e1823e1ce4d08c66692fde0862a057f2aa2425d511735fff53d0e3d88bfb245e7724ba4ba8452e469862d333dad5c63bfa778809c043132db3a57e122d0495441f7a07034a3ac1024b8fc063694d8316c29639cb6605ff362a853f976c763f6d10e4e0972760e60f08acdd8a73607e7311819fe24ad8b670bbf0adede086f91bd0839ce37927f43a263e3e8369932db9ab786ba66e1bba664bfa8aa50d98ed18fc90e560933c2e8da72757a4539756740a73c41180cf97fde47cf3e9e6005302459d831eea7a03157e0c3178776e4d4add3999b9a1efca7c99b8234ff9d33492431dd9bd0814301ee49260e30b8b6afc46ce8a733bc9d7850c789e5e98cdefbfb11131a85bc24e75453a16c6780ab4229b985d1fe7a255f71cfe18398e881d493ded88300b54f6c4a5567fd84a6e1f11835433448a00420ab1b3a49fcc0e9938da52b68f9409c94a0de61f0beb69532c4f7a11fae6a9ffd10db7de01e3272448b517ad795a06f3fef8148b7196cb81a80aed42e395c1ac346dd27f9bce87661e19f957a17d54d59b68e023c1516ae9ba4d75f18d4b8fc7e9fe6f74e38597b0e52000000000008000200fd7f00000400010018000180140002007665746830"], 0x1040}}, 0x0) 1.601470836s ago: executing program 4 (id=2838): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) sendmsg$netlink(r0, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000140)={0x18, 0x2e, 0x333, 0x70bd2d, 0x25dfdbff, "", [@typed={0x8, 0xd, 0x0, 0x0, @fd}]}, 0x18}], 0x1, 0x0, 0x0, 0x20000000}, 0x0) 1.546138569s ago: executing program 5 (id=2839): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40086412, &(0x7f0000000040)) 1.301919392s ago: executing program 3 (id=2840): r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0xc1105511, &(0x7f0000000040)={0x8, 0x3, 0x2, 0x4, 'syz1\x00', 0x2}) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0xc1105511, &(0x7f0000000040)) 1.040728508s ago: executing program 5 (id=2841): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x68, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4a, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x9}, @device_a, @device_b, @initial, {0x2, 0x10}, @value=@ver_80211n={0x0, 0x88, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1}}, 0x0, @default, 0x10, @val={0x0, 0x6, @default_ap_ssid}, @val, @val={0x3, 0x1, 0xb7}, @val={0x4, 0x6, {0xd, 0xb, 0x5, 0x1}}, @val={0x6, 0x2}, @void, @val={0x25, 0x3, {0x0, 0xb1, 0xf2}}, @void, @void, @void, @void, @void, @void}}]]}, 0x68}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) 1.040452471s ago: executing program 4 (id=2842): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x2, 0xfffffffc}}, 0x10) bind$tipc(r0, &(0x7f0000000140)=@name={0x1e, 0x2, 0xfffffffffffffffe, {{0x42, 0x2}}}, 0x10) 670.402285ms ago: executing program 3 (id=2843): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x0, @local}], 0x20) sendto$inet(r0, &(0x7f0000000080)="d3", 0x1, 0x20000050, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) 426.483859ms ago: executing program 4 (id=2844): syz_mount_image$ext4(&(0x7f0000000140)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000000), 0xfd, 0x46e, &(0x7f0000000400)="$eJzs3M9vFFUcAPDvbH8gv2xF/AGioGgkGltaUDl4AKOJB01M9IDH2haCLNTQaoQQXT3g0ZB4Nx5N/As86cWoJxOvejckxHAB9TJmdmfa3WV3bcvWAffzSbb73sxs3/v2zdt9b15nAxhY+7IfScS2iPg1IsYa2dYD9jWebly7OPvntYuzSaTpG38k9eOuX7s4WxxavG5rkam1bm+2eP7C6Zlqdf5cnp9cOvPu5OL5C8+cOjNzcv7k/NnpI0cOH5p6/rnpZ/sSZ1an67s/XNiz65W3Lr82e/zy2z9+nRTxt8Txfl/Ka/rVzYaKxBP9KuU2sb0pnQyXWBHWJDshs+Yaqff/sRiKlcYbi5c/KbVywIZK0zTd1H13LQX+x5IouwZAOfLP+SSiNpvNgZvn84Pg6rHGBCiL+0b+aOwZjkp+zEjb/LafstnW8dpfX2SPaLueAgCwEb491nguxn4r449Ky1X8o/na0HhE3BMROyLi3ojYGRH3RcT9EfFARDzY9JpO6z7t2hdJbh7/VK6sK7BVysZ/L+RrW63jv2L0F+NDeW57Pf6R5MSp6vzBiLg7Ig7EyKYsP9WjjO9e+uWzbvv2NY3/skdWfjEWzOtxZbjtAt3czNLMrcTc7OrHEbuHO8WfLK8EZO24KyJ2711fGaee+mpPt33/Hn8PfVhnSr+MeLLR/rVoi7+Q9F6fnLwrqvMHJ4uz4mY//Xzp9W7l31L8fZC1/5aO5/9y/ONJ83rt4trLuPTbp13nNKs8/0ebX5Od/6PJm/V0seODmaWlc1MRo8mr+faj+fbW8urHTa8cn8V/YH/n/r8jVv4SD0VEdhI/HBGPRMTevO6PRsRjEbG/R/w/vPj4O+uPf2Nl8c+tqf27Joq17Zt2DZ3+/pv6nqKxxnvEn0SH9j9cTx3It6zm/a9nTc/dytkMAAAAd55KRGyLpDKxnK5UJiYa/y+/M7ZUqguLS0+fWHjv7FzjHoHxGKkUV7rGlq+HRm0qn9YX10en2/KH8uvGnw9trucnZheqc2UHDwNua5f+n/l9qOzaARvO/VowuNbb/9M0/ajPVQH+Yz7/YXDp/zC4OvT/zW35Ht8RANzJOn3+m9jDYDD+h8Gl/8Pg0v9hcOn/MJDyO+GHV3OD/4Ylsvef8kpfeyJNSyp9tPzYlxNRKa30KDv2NSb+zr9s83apz6oSZb8zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Mc/AQAA//+4C+Qb") chdir(&(0x7f0000000200)='./file0\x00') creat(&(0x7f0000000240)='./file2\x00', 0xe0) 285.201866ms ago: executing program 5 (id=2845): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000003640), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x54, r1, 0x1, 0x70bd29, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xffffffffffffffe5, 0xb, 0x5}, {0x6, 0x11, 0x1ff}, {0x8, 0x13, 0x9}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x891}, 0x0) 0s ago: executing program 3 (id=2846): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {0x4, 0x872c, 0x61, 0x3}, 0x4f, [0x1ff, 0x0, 0x2, 0x8, 0x10, 0xc000000, 0x6, 0x4, 0x9, 0x1, 0x7, 0xd18d, 0x200, 0xfffffff9, 0x7, 0x3, 0x7f, 0xffff, 0xe, 0x7, 0x35b0ea56, 0x912, 0x5, 0xc2d, 0x927, 0x7, 0x117, 0x1, 0x0, 0x5c09, 0x7fffffff, 0x5, 0x80, 0x999, 0x1, 0x6, 0x846, 0x755007a6, 0x9, 0xa7, 0x0, 0x7, 0xfffffffa, 0x6, 0x9d8, 0xb, 0x10001, 0x6, 0x9d2, 0x3, 0x1, 0x0, 0x2, 0x7, 0xff, 0x8, 0x0, 0x8, 0x1, 0x6b4c, 0x6, 0x4, 0x800, 0x9], [0x7, 0x4, 0x4, 0x7, 0x6, 0x1, 0x5, 0xffff, 0x4f1, 0xd5a, 0x4, 0x80000001, 0xf40, 0x1000, 0x100, 0x5, 0xff, 0x5b5fe47f, 0x0, 0x4, 0x0, 0x5, 0xb2, 0xb4b, 0x3, 0x4, 0x10001, 0x5, 0x3, 0x0, 0x7, 0x3, 0x9, 0xc, 0x5, 0x7, 0x6, 0x4, 0x9, 0x10, 0x4, 0x6, 0x7, 0x2e, 0x10000, 0xffffffcb, 0xff, 0x1, 0x9, 0xff, 0xffff, 0x17, 0x10, 0x3, 0xc9e0, 0x9, 0x7, 0x1, 0x4, 0x6, 0x2aeb, 0x7, 0x1, 0xffffffff], [0x0, 0x0, 0x10001, 0x5, 0x7, 0x7, 0x3, 0xf, 0x9, 0x97c, 0x8, 0x1, 0x1000, 0x6, 0x5c5a, 0xab, 0xfffffff9, 0x0, 0x9, 0x3ff, 0x7, 0x9, 0xff, 0xfffff3d1, 0x51, 0x206, 0xe, 0x3, 0x8, 0x6, 0x100, 0x4, 0x0, 0x101, 0x2f, 0xa3, 0x8, 0x5, 0x3, 0x4, 0x29, 0xfff, 0x6b466d63, 0x1b0, 0xa3cc, 0xfffffffd, 0x9, 0x1, 0x80000001, 0x9, 0x5, 0x49, 0x401, 0x59fd, 0xbd29, 0xd, 0x6, 0x100, 0x6, 0xc1, 0xb6f, 0x6, 0x40, 0x5], [0x400, 0xfff, 0x2, 0x80, 0x1, 0x6, 0x8000, 0xfff, 0xcf768b0, 0x6, 0x1000, 0x1000, 0xa1, 0x1bf1, 0xffffffef, 0x4, 0xffff, 0x4, 0x6, 0x5, 0xa, 0x836, 0x6f, 0x9, 0x0, 0x80000000, 0x4, 0x80000001, 0x7e, 0x0, 0xfffffe01, 0x5, 0x9, 0x32cc0, 0x5, 0x6, 0x7, 0x8, 0x5, 0x4, 0x7, 0x52, 0x5, 0x3ff, 0x5, 0x81, 0x2ecf, 0x2, 0x9, 0x8, 0x6, 0x8, 0xa, 0x9, 0x101, 0x5, 0x7, 0xffffff93, 0x1, 0x2, 0xb5, 0x7, 0x9, 0xc]}, 0x45c) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f00000005c0)={0x8, {0x7fff, 0x7, 0x7, 0xa18, 0xffffff4c, 0x8}}) kernel console output (not intermixed with test programs): ip=0xf7f35539 code=0x7ffc0000 [ 423.456509][ T9213] netlink: 'syz.1.1443': attribute type 3 has an invalid length. [ 423.948871][ T9220] sp0: Synchronizing with TNC [ 424.019467][ T9219] [U] è [ 424.552647][ T9229] loop0: detected capacity change from 0 to 64 [ 425.916229][ T9249] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1462'. [ 425.925959][ T9249] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1462'. [ 426.225403][ T9253] tipc: Started in network mode [ 426.230644][ T9253] tipc: Node identity 4, cluster identity 4711 [ 426.237048][ T9253] tipc: Node number set to 4 [ 426.738303][ T9261] genirq: Flags mismatch irq 4. 00200000 (das16m1) vs. 00200080 (ttyS0) [ 427.408209][ T9274] loop1: detected capacity change from 0 to 128 [ 427.426024][ T9276] devtmpfs: Too few inodes for current use [ 427.478997][ T9274] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 427.608036][ T9274] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 428.669695][ T9297] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1486'. [ 428.857238][ T9299] loop1: detected capacity change from 0 to 512 [ 428.939556][ T9299] EXT4-fs: Ignoring removed orlov option [ 428.971597][ T9299] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 429.107869][ T9299] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 429.222176][ T9299] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.1487: corrupted in-inode xattr: e_value size too large [ 429.301379][ T9299] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.1487: couldn't read orphan inode 15 (err -117) [ 429.439130][ T9299] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 429.444670][ T9311] loop4: detected capacity change from 0 to 764 [ 429.619750][ T9313] loop2: detected capacity change from 0 to 8 [ 429.670949][ T9311] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 429.803725][ T9313] SQUASHFS error: Unable to read directory block [629:46] [ 430.037542][ T5822] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 430.391635][ T9319] netlink: 'syz.4.1497': attribute type 30 has an invalid length. [ 431.327676][ T9336] loop2: detected capacity change from 0 to 64 [ 431.399014][ T9337] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1505'. [ 431.660625][ T9340] sp0: Synchronizing with TNC [ 431.855516][ T9344] loop1: detected capacity change from 0 to 256 [ 431.917264][ T9344] exfat: Deprecated parameter 'utf8' [ 431.924086][ T9344] exfat: Deprecated parameter 'utf8' [ 431.930771][ T9344] exfat: Deprecated parameter 'namecase' [ 432.145647][ T9344] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 432.980961][ T30] audit: type=1326 audit(1756433475.847:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9359 comm="syz.1.1514" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 433.006203][ T30] audit: type=1326 audit(1756433475.857:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9359 comm="syz.1.1514" exe="/root/syz-executor" sig=0 arch=40000003 syscall=333 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 433.029661][ T30] audit: type=1326 audit(1756433475.857:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9359 comm="syz.1.1514" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 433.119837][ T9362] loop3: detected capacity change from 0 to 2048 [ 433.362256][ T9362] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 433.568967][ T30] audit: type=1800 audit(1756433476.447:94): pid=9362 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1515" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 433.656087][ T30] audit: type=1800 audit(1756433476.487:95): pid=9362 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1515" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 433.814251][ T5816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 434.197618][ T9382] loop3: detected capacity change from 0 to 64 [ 434.391250][ T9382] Trying to free block not in datazone [ 434.803819][ T9391] loop1: detected capacity change from 0 to 1024 [ 434.921153][ T9391] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 435.477543][ T9404] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1534'. [ 436.144043][ T9418] loop3: detected capacity change from 0 to 256 [ 436.187117][ T9418] exfat: Deprecated parameter 'namecase' [ 436.394055][ T9418] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 437.950631][ T9440] loop2: detected capacity change from 0 to 256 [ 437.973858][ T9444] random: crng reseeded on system resumption [ 438.048914][ T9440] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 438.060629][ T9440] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 438.159196][ T9440] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 438.300952][ T30] audit: type=1800 audit(1756433481.167:96): pid=9440 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1550" name="file1" dev="loop2" ino=1048753 res=0 errno=0 [ 439.241000][ T5876] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 439.341567][ T9454] loop1: detected capacity change from 0 to 4096 [ 439.467452][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.477794][ T5876] usb 5-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00 [ 439.487500][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.576426][ T5876] usb 5-1: config 0 descriptor?? [ 440.127348][ T5876] itetech 0003:258A:6A88.0011: ignoring exceeding usage max [ 440.144174][ T1100] ntfs3(loop1): ino=5, mi_enum_attr [ 440.145282][ T5876] itetech 0003:258A:6A88.0011: unbalanced collection at end of report description [ 440.385001][ T5876] itetech 0003:258A:6A88.0011: probe with driver itetech failed with error -22 [ 440.467606][ T5876] usb 5-1: USB disconnect, device number 14 [ 440.955151][ T9480] loop2: detected capacity change from 0 to 128 [ 441.009309][ T9479] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1570'. [ 441.019162][ T9479] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1570'. [ 442.737544][ T9495] loop4: detected capacity change from 0 to 2048 [ 442.957205][ T9495] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 443.163510][ T9505] loop1: detected capacity change from 0 to 8 [ 443.377036][ T9505] SQUASHFS error: Unable to read directory block [2c0:35] [ 443.769270][ T9514] ALSA: seq fatal error: cannot create timer (-22) [ 443.941085][ T5876] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 444.171106][ T5876] usb 4-1: Using ep0 maxpacket: 32 [ 444.207846][ T5876] usb 4-1: config 0 interface 0 has no altsetting 0 [ 444.253319][ T5876] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 444.262998][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 444.276157][ T5876] usb 4-1: Product: syz [ 444.280632][ T5876] usb 4-1: Manufacturer: syz [ 444.285395][ T5876] usb 4-1: SerialNumber: syz [ 444.373090][ T5876] usb 4-1: config 0 descriptor?? [ 444.396264][ T5876] gs_usb 4-1:0.0: Required endpoints not found [ 444.420947][ T5870] kernel read not supported for file /dsp1 (pid: 5870 comm: kworker/1:3) [ 444.485109][ T9523] netlink: 'syz.0.1588': attribute type 3 has an invalid length. [ 444.658129][ T5876] usb 4-1: USB disconnect, device number 8 [ 446.033814][ T9545] loop1: detected capacity change from 0 to 512 [ 446.201983][ T9552] loop3: detected capacity change from 0 to 256 [ 446.310588][ T9545] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1597: bg 0: block 248: padding at end of block bitmap is not set [ 446.352822][ T9556] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 446.368078][ T9556] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1) [ 446.411536][ T9545] Quota error (device loop1): write_blk: dquota write failed [ 446.423865][ T9545] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 446.435531][ T9545] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.1597: Failed to acquire dquot type 1 [ 446.502279][ T9552] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 446.559404][ T9545] EXT4-fs (loop1): 1 truncate cleaned up [ 446.568736][ T9545] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 446.582152][ T9545] ext4 filesystem being mounted at /323/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 446.740838][ T30] audit: type=1800 audit(1756433489.597:97): pid=9545 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1597" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 447.033342][ T3664] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-5 [ 447.043107][ T3664] EXT4-fs error (device loop1): ext4_release_dquot:6973: comm kworker/u8:13: Failed to release dquot type 1 [ 447.056897][ T5822] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 449.447201][ T9605] loop1: detected capacity change from 0 to 128 [ 449.496194][ T9605] EXT4-fs: Ignoring removed nomblk_io_submit option [ 449.582013][ T9605] EXT4-fs (loop1): Test dummy encryption mode enabled [ 449.688355][ T9605] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 449.771092][ T9605] ext4 filesystem being mounted at /326/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 449.855259][ T9611] loop2: detected capacity change from 0 to 1024 [ 449.908477][ T9611] EXT4-fs: Ignoring removed nomblk_io_submit option [ 449.984348][ T9611] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 450.191011][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 450.232963][ T5822] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 450.245755][ T9618] loop3: detected capacity change from 0 to 1024 [ 451.399776][ T9634] loop1: detected capacity change from 0 to 512 [ 451.608761][ T9634] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.1637: iget: bad extended attribute block 1 [ 451.670811][ T9623] loop4: detected capacity change from 0 to 8192 [ 451.692656][ T9634] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.1637: couldn't read orphan inode 15 (err -117) [ 451.759079][ T9634] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 451.863082][ T9623] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 452.248806][ T5822] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 452.391935][ T9644] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1641'. [ 453.671711][ T9662] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1650'. [ 453.681187][ T9662] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1650'. [ 453.694241][ T9662] netlink: 'syz.0.1650': attribute type 19 has an invalid length. [ 454.443270][ T9677] use of bytesused == 0 is deprecated and will be removed in the future, [ 454.452319][ T9677] use the actual size instead. [ 454.867263][ T30] audit: type=1326 audit(1756433497.747:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9680 comm="syz.0.1660" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 455.008186][ T30] audit: type=1326 audit(1756433497.787:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9680 comm="syz.0.1660" exe="/root/syz-executor" sig=0 arch=40000003 syscall=393 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 455.033875][ T30] audit: type=1326 audit(1756433497.787:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9680 comm="syz.0.1660" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 455.057244][ T30] audit: type=1326 audit(1756433497.807:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9680 comm="syz.0.1660" exe="/root/syz-executor" sig=0 arch=40000003 syscall=394 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 455.079698][ T30] audit: type=1326 audit(1756433497.807:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9680 comm="syz.0.1660" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3539 code=0x7ffc0000 [ 456.990971][ T9684] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 456.991208][ T5823] Bluetooth: hci0: command 0x0406 tx timeout [ 457.008218][ T9684] Bluetooth: hci0: Opcode 0x0406 failed: -110 [ 457.158947][ T9688] loop4: detected capacity change from 0 to 32768 [ 457.812677][ T9684] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 457.819139][ T9684] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 457.867914][ T9684] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 457.874802][ T9684] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 457.980962][ T9684] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 457.993480][ T9684] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 458.031668][ T9684] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 458.038081][ T9684] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 458.724553][ T9726] loop1: detected capacity change from 0 to 1024 [ 458.751981][ T9730] loop3: detected capacity change from 0 to 164 [ 459.070634][ T5823] Bluetooth: hci1: command 0x0406 tx timeout [ 459.070690][ T5818] Bluetooth: hci0: command 0x0406 tx timeout [ 459.387712][ T57] hfsplus: bad catalog file entry [ 459.534645][ T9740] netlink: 'syz.4.1685': attribute type 1 has an invalid length. [ 459.819399][ T9742] loop2: detected capacity change from 0 to 2048 [ 459.838961][ T9745] loop1: detected capacity change from 0 to 256 [ 459.916149][ T9745] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 459.925718][ T9742] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 459.930099][ T9745] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 459.961797][ T5823] Bluetooth: hci2: command 0x0406 tx timeout [ 460.041622][ T5823] Bluetooth: hci3: command 0x0406 tx timeout [ 460.110160][ T9745] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 460.125206][ T5823] Bluetooth: hci4: command 0x0405 tx timeout [ 460.150799][ T9750] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 461.001844][ T9760] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1694'. [ 461.150960][ T5876] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 461.168033][ T5823] Bluetooth: hci1: command 0x0406 tx timeout [ 461.388599][ T5876] usb 5-1: config 1 has an invalid interface number: 7 but max is 0 [ 461.400860][ T5876] usb 5-1: config 1 has no interface number 0 [ 461.407156][ T5876] usb 5-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 461.419181][ T5876] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 461.429463][ T5876] usb 5-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 461.549648][ T5876] usb 5-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 461.559322][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.567855][ T5876] usb 5-1: Product: syz [ 461.575173][ T5876] usb 5-1: Manufacturer: syz [ 461.579950][ T5876] usb 5-1: SerialNumber: syz [ 461.715939][ T9767] loop0: detected capacity change from 0 to 64 [ 461.738355][ T9757] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 461.748986][ T9768] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1698'. [ 461.847987][ T9768] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1698'. [ 461.857782][ T9768] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1698'. [ 462.032034][ T5823] Bluetooth: hci2: command 0x0406 tx timeout [ 462.074492][ T9757] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 462.115946][ T5823] Bluetooth: hci3: command 0x0406 tx timeout [ 462.193132][ T5823] Bluetooth: hci4: command 0x0405 tx timeout [ 462.355152][ T5876] usb 5-1: Incompatible driver and firmware versions [ 462.589081][ T5876] usb 5-1: USB disconnect, device number 15 [ 463.602028][ T9788] loop1: detected capacity change from 0 to 512 [ 463.708616][ T9788] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 463.919475][ T9788] EXT4-fs (loop1): 1 truncate cleaned up [ 463.933323][ T9788] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 464.182736][ T9790] loop4: detected capacity change from 0 to 4096 [ 464.227732][ T9790] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 464.385120][ T9784] loop0: detected capacity change from 0 to 8192 [ 464.516659][ T5822] EXT4-fs error (device loop1): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 464.586417][ T9798] loop3: detected capacity change from 0 to 512 [ 464.724105][ T9798] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 464.791308][ T9798] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.1713: invalid indirect mapped block 2683928664 (level 1) [ 464.884171][ T9798] EXT4-fs (loop3): Remounting filesystem read-only [ 464.964024][ T9798] EXT4-fs (loop3): 1 truncate cleaned up [ 464.972023][ T9798] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 465.284557][ T3618] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.313710][ T5822] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 465.562050][ T5816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 465.602004][ T3618] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.817309][ T3618] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.879170][ T9813] ALSA: mixer_oss: invalid OSS volume '^' [ 466.024597][ T3618] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.192709][ T9811] bridge1: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 466.661339][ T3618] bridge_slave_1: left allmulticast mode [ 466.667208][ T3618] bridge_slave_1: left promiscuous mode [ 466.674128][ T3618] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.723308][ T3618] bridge_slave_0: left allmulticast mode [ 466.729154][ T3618] bridge_slave_0: left promiscuous mode [ 466.735950][ T3618] bridge0: port 1(bridge_slave_0) entered disabled state [ 467.243153][ T3618] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 467.271386][ T3618] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 467.296923][ T3618] bond0 (unregistering): Released all slaves [ 467.771817][ T9822] loop0: detected capacity change from 0 to 16 [ 467.857605][ T9822] erofs (device loop0): mounted with root inode @ nid 36. [ 467.962356][ T9822] erofs (device loop0): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 468.033018][ T9822] erofs (device loop0): failed to decompress -46 in[60, 4036] out[1851] [ 468.042913][ T9822] erofs (device loop0): read error -117 @ 43 of nid 36 [ 468.114819][ T3618] hsr_slave_0: left promiscuous mode [ 468.208667][ T3618] hsr_slave_1: left promiscuous mode [ 468.216715][ T3618] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 468.224630][ T3618] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 468.325724][ T3618] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 468.337411][ T3618] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 468.524498][ T3618] veth1_macvtap: left promiscuous mode [ 468.531110][ T3618] veth0_macvtap: left promiscuous mode [ 468.540833][ T3618] veth1_vlan: left promiscuous mode [ 468.546377][ T3618] veth0_vlan: left promiscuous mode [ 469.184529][ T5818] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 469.194579][ T5818] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 469.204754][ T5818] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 469.224129][ T9832] sctp: failed to load transform for md5: -2 [ 469.235753][ T5818] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 469.305847][ T5818] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 470.064659][ T3618] team0 (unregistering): Port device team_slave_1 removed [ 470.139773][ T3618] team0 (unregistering): Port device team_slave_0 removed [ 470.305275][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 470.621224][ T9861] loop2: detected capacity change from 0 to 1024 [ 470.659095][ T9833] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 470.693582][ T9861] EXT4-fs: Ignoring removed i_version option [ 470.858309][ T9854] loop4: detected capacity change from 0 to 8192 [ 471.096243][ T9861] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 471.226525][ T3618] IPVS: stop unused estimator thread 0... [ 471.256587][ T9861] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 471.391006][ T5818] Bluetooth: hci2: command tx timeout [ 471.609153][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 472.362362][ T9840] chnl_net:caif_netlink_parms(): no params data found [ 473.296595][ T9898] loop4: detected capacity change from 0 to 64 [ 473.325414][ T9894] loop3: detected capacity change from 0 to 512 [ 473.472151][ T5818] Bluetooth: hci2: command tx timeout [ 473.483189][ T9894] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 473.497157][ T9894] ext4 filesystem being mounted at /361/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 474.098569][ T5816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 474.273190][ T9914] loop3: detected capacity change from 0 to 256 [ 474.313949][ T9914] exfat: Deprecated parameter 'utf8' [ 474.319808][ T9914] exfat: Deprecated parameter 'utf8' [ 474.491133][ T9914] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x23a77120, utbl_chksum : 0xe619d30d) [ 474.689508][ T9840] bridge0: port 1(bridge_slave_0) entered blocking state [ 474.699485][ T9840] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.707365][ T9840] bridge_slave_0: entered allmulticast mode [ 474.716830][ T9840] bridge_slave_0: entered promiscuous mode [ 474.906926][ T9840] bridge0: port 2(bridge_slave_1) entered blocking state [ 474.915425][ T9840] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.923435][ T9840] bridge_slave_1: entered allmulticast mode [ 474.933057][ T9840] bridge_slave_1: entered promiscuous mode [ 475.103723][ T9921] loop2: detected capacity change from 0 to 1024 [ 475.269855][ T9921] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 475.283686][ T9921] ext4 filesystem being mounted at /363/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 475.284760][ T9927] ALSA: mixer_oss: invalid index -324355931 [ 475.501568][ T9840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 475.554158][ T5818] Bluetooth: hci2: command tx timeout [ 475.616791][ T9840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 475.871579][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 476.060135][ T9840] team0: Port device team_slave_0 added [ 476.135661][ T9840] team0: Port device team_slave_1 added [ 476.587675][ T9942] loop4: detected capacity change from 0 to 256 [ 476.666030][ T9840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 476.675084][ T9840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 476.701887][ T9840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 476.844925][ T9840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 476.856252][ T9840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 476.883381][ T9840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 477.064714][ T9942] FAT-fs (loop4): Directory bread(block 64) failed [ 477.072185][ T9942] FAT-fs (loop4): Directory bread(block 65) failed [ 477.079056][ T9942] FAT-fs (loop4): Directory bread(block 66) failed [ 477.085998][ T9942] FAT-fs (loop4): Directory bread(block 67) failed [ 477.093046][ T9942] FAT-fs (loop4): Directory bread(block 68) failed [ 477.099736][ T9942] FAT-fs (loop4): Directory bread(block 69) failed [ 477.106842][ T9942] FAT-fs (loop4): Directory bread(block 70) failed [ 477.113689][ T9942] FAT-fs (loop4): Directory bread(block 71) failed [ 477.121308][ T9942] FAT-fs (loop4): Directory bread(block 72) failed [ 477.128019][ T9942] FAT-fs (loop4): Directory bread(block 73) failed [ 477.406397][ T9840] hsr_slave_0: entered promiscuous mode [ 477.416445][ T9840] hsr_slave_1: entered promiscuous mode [ 477.425993][ T9840] debugfs: 'hsr0' already exists in 'hsr' [ 477.432013][ T9840] Cannot create hsr debugfs directory [ 477.631352][ T5818] Bluetooth: hci2: command tx timeout [ 477.755665][ T9956] dvmrp0: entered allmulticast mode [ 479.217699][ T9840] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 479.342515][ T9840] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 479.466329][ T9840] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 479.601293][ T9840] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 480.226528][ T9992] loop3: detected capacity change from 0 to 64 [ 480.968005][ T9840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 481.300562][ T9840] 8021q: adding VLAN 0 to HW filter on device team0 [ 481.395652][ T3863] bridge0: port 1(bridge_slave_0) entered blocking state [ 481.403255][ T3863] bridge0: port 1(bridge_slave_0) entered forwarding state [ 481.418900][ T3863] bridge0: port 2(bridge_slave_1) entered blocking state [ 481.426477][ T3863] bridge0: port 2(bridge_slave_1) entered forwarding state [ 482.645274][T10010] loop4: detected capacity change from 0 to 8192 [ 482.820909][ T30] audit: type=1326 audit(1756433525.697:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10027 comm="syz.2.1790" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 482.844498][ T30] audit: type=1326 audit(1756433525.697:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10027 comm="syz.2.1790" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 482.867686][ T30] audit: type=1326 audit(1756433525.747:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10027 comm="syz.2.1790" exe="/root/syz-executor" sig=0 arch=40000003 syscall=429 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 482.893055][ T30] audit: type=1326 audit(1756433525.747:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10027 comm="syz.2.1790" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 482.916484][ T30] audit: type=1326 audit(1756433525.747:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10027 comm="syz.2.1790" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 482.939037][ T30] audit: type=1326 audit(1756433525.787:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10027 comm="syz.2.1790" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 482.962071][ T30] audit: type=1326 audit(1756433525.787:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10027 comm="syz.2.1790" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 482.987179][ T30] audit: type=1326 audit(1756433525.817:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10027 comm="syz.2.1790" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 483.883016][ T9840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 484.747588][T10050] loop0: detected capacity change from 0 to 512 [ 484.858441][T10050] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.1798: corrupted in-inode xattr: invalid ea_ino [ 484.956069][T10050] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1798: couldn't read orphan inode 15 (err -117) [ 485.050944][T10050] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 485.542861][ T5821] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 485.618052][T10064] loop4: detected capacity change from 0 to 256 [ 485.678217][T10068] loop3: detected capacity change from 0 to 256 [ 485.762098][T10064] exfat: Deprecated parameter 'utf8' [ 486.069430][T10064] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 486.166840][T10068] FAT-fs (loop3): Directory bread(block 64) failed [ 486.174627][T10068] FAT-fs (loop3): Directory bread(block 65) failed [ 486.181817][T10068] FAT-fs (loop3): Directory bread(block 66) failed [ 486.188523][T10068] FAT-fs (loop3): Directory bread(block 67) failed [ 486.196198][T10068] FAT-fs (loop3): Directory bread(block 68) failed [ 486.203087][T10068] FAT-fs (loop3): Directory bread(block 69) failed [ 486.209931][T10068] FAT-fs (loop3): Directory bread(block 70) failed [ 486.216880][T10068] FAT-fs (loop3): Directory bread(block 71) failed [ 486.223856][T10068] FAT-fs (loop3): Directory bread(block 72) failed [ 486.230853][T10068] FAT-fs (loop3): Directory bread(block 73) failed [ 486.763065][T10078] loop2: detected capacity change from 0 to 64 [ 487.020047][ T9840] veth0_vlan: entered promiscuous mode [ 487.182062][ T9840] veth1_vlan: entered promiscuous mode [ 487.532249][ T9840] veth0_macvtap: entered promiscuous mode [ 487.610984][ T9840] veth1_macvtap: entered promiscuous mode [ 487.853928][ T9840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 487.956226][ T9840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 488.086008][ T4237] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.135901][ T57] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.216279][ T3664] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.323319][ T4237] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.559025][T10096] loop3: detected capacity change from 0 to 1024 [ 488.697644][T10096] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 488.763867][T10096] EXT4-fs error (device loop3): __ext4_new_inode:1073: comm syz.3.1812: reserved inode found cleared - inode=2 [ 488.921106][T10096] EXT4-fs (loop3): Remounting filesystem read-only [ 489.171548][ T30] audit: type=1800 audit(1756433532.037:111): pid=10108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1814" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 489.261614][ T5816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 491.799789][T10146] loop4: detected capacity change from 0 to 1024 [ 492.012315][T10146] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 492.503766][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 493.791435][T10183] loop3: detected capacity change from 0 to 1024 [ 494.899122][ T4237] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 494.907834][ T4237] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 495.160121][ T4237] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 495.168227][ T4237] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 495.643810][T10210] netlink: 'syz.5.1722': attribute type 142 has an invalid length. [ 496.552090][T10226] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1856'. [ 496.636177][T10228] loop0: detected capacity change from 0 to 8 [ 496.637993][T10226] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1856'. [ 496.653191][T10226] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1856'. [ 496.753421][ T7234] udevd[7234]: incorrect cramfs checksum on /dev/loop0 [ 497.431042][T10241] loop4: detected capacity change from 0 to 128 [ 497.539192][T10241] EXT4-fs: Ignoring removed nobh option [ 497.648105][T10241] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 497.783843][T10241] ext4 filesystem being mounted at /361/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 498.168491][T10251] loop5: detected capacity change from 0 to 1024 [ 498.211443][T10251] EXT4-fs: inline encryption not supported [ 498.217712][T10251] EXT4-fs: Ignoring removed nomblk_io_submit option [ 498.252679][ T5828] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 498.296755][T10251] EXT4-fs: test_dummy_encryption requires encrypt feature [ 498.982259][T10259] loop3: detected capacity change from 0 to 1024 [ 499.321470][ T5870] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 499.510625][ T5870] usb 3-1: Using ep0 maxpacket: 16 [ 499.544495][ T5870] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 499.555087][ T5870] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 499.570875][ T5870] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 499.582475][ T5870] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 499.592494][ T5870] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 499.708187][T10271] loop3: detected capacity change from 0 to 8 [ 499.717015][ T5870] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 499.727260][ T5870] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 499.736384][ T5870] usb 3-1: Manufacturer: syz [ 499.823667][ T5870] usb 3-1: config 0 descriptor?? [ 500.133626][T10276] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1879'. [ 500.364881][ T5870] rc_core: IR keymap rc-hauppauge not found [ 500.371203][ T5870] Registered IR keymap rc-empty [ 500.376900][ T5870] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 500.411429][ T5870] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 500.433950][ T5870] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 500.449473][ T5870] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input10 [ 500.535896][ T5870] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 500.590897][T10278] loop4: detected capacity change from 0 to 256 [ 500.613007][ T5870] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 500.640999][ T5870] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 500.673138][ T5870] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 500.722351][ T5870] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 500.765072][ T5870] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 500.817737][ T5870] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 500.881827][ T5870] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 500.916148][ T5870] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 500.965856][ T5870] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 501.015663][ T5870] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 501.026290][ T5870] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 501.154162][ T5870] usb 3-1: USB disconnect, device number 9 [ 501.486474][T10293] ªªªªª2q>wvÓÄÂ: renamed from lo (while UP) [ 502.933861][T10316] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1893'. [ 503.498282][T10326] loop3: detected capacity change from 0 to 1024 [ 504.114495][T10338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1913'. [ 504.124567][T10338] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1913'. [ 506.405434][T10369] loop2: detected capacity change from 0 to 2048 [ 506.438966][ T5870] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 506.494665][T10369] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 506.505015][T10369] NILFS (loop2): mounting unchecked fs [ 506.621578][ T5870] usb 4-1: Using ep0 maxpacket: 8 [ 506.669150][ T5870] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 506.679555][ T5870] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b25, bcdDevice= 0.00 [ 506.689122][ T5870] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 506.755278][T10369] NILFS (loop2): recovery complete [ 506.767440][ T5870] usb 4-1: config 0 descriptor?? [ 506.862324][T10381] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 507.326093][ T5870] hid-corsair-void 0003:1B1C:1B25.0012: item fetching failed at offset 0/1 [ 507.383422][ T5870] hid-corsair-void 0003:1B1C:1B25.0012: parse failed (reason: -22) [ 507.392225][ T5870] hid-corsair-void 0003:1B1C:1B25.0012: probe with driver hid-corsair-void failed with error -22 [ 507.561311][ T5870] usb 4-1: USB disconnect, device number 9 [ 508.255273][T10395] loop0: detected capacity change from 0 to 2048 [ 508.326664][T10395] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 508.515638][T10402] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 508.607694][T10394] loop5: detected capacity change from 0 to 4096 [ 510.402234][ T5877] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 510.511613][ T5823] Bluetooth: hci2: command 0x0405 tx timeout [ 510.663328][ T5877] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 510.673499][ T5877] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 510.699577][T10431] loop2: detected capacity change from 0 to 64 [ 510.755108][T10431] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing [ 510.791524][ T5877] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 510.801005][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 510.814710][ T5877] usb 4-1: Product: syz [ 510.821452][ T5877] usb 4-1: Manufacturer: syz [ 510.829055][ T5877] usb 4-1: SerialNumber: syz [ 511.620978][ T5877] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 511.627309][ T5877] cdc_ncm 4-1:1.0: bind() failure [ 511.649783][ T5877] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 511.659189][ T5877] cdc_ncm 4-1:1.1: bind() failure [ 511.869685][ T5877] usb 4-1: USB disconnect, device number 10 [ 512.521432][T10451] loop2: detected capacity change from 0 to 256 [ 512.558987][T10451] exfat: Deprecated parameter 'utf8' [ 512.733918][T10451] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x40a90196, utbl_chksum : 0xe619d30d) [ 513.059056][T10458] loop3: detected capacity change from 0 to 1024 [ 513.188296][T10462] loop0: detected capacity change from 0 to 16 [ 513.232103][T10458] hfsplus: bad catalog entry type [ 513.256509][T10462] erofs (device loop0): mounted with root inode @ nid 36. [ 513.342633][T10462] syz.0.1948: attempt to access beyond end of device [ 513.342633][T10462] loop0: rw=0, sector=48, nr_sectors = 16 limit=16 [ 513.356498][T10462] erofs (device loop0): read error -5 @ 43 of nid 36 [ 513.476899][T10467] syz.0.1948: attempt to access beyond end of device [ 513.476899][T10467] loop0: rw=0, sector=48, nr_sectors = 16 limit=16 [ 513.494585][T10467] erofs (device loop0): read error -5 @ 43 of nid 36 [ 513.586031][ T57] hfsplus: b-tree write err: -5, ino 4 [ 514.272758][T10480] netlink: 'syz.0.1954': attribute type 10 has an invalid length. [ 514.352474][T10482] netlink: 'syz.0.1954': attribute type 10 has an invalid length. [ 514.366168][T10480] team0: Port device netdevsim3 added [ 514.429014][T10482] team0: Port device netdevsim3 removed [ 514.448391][T10482] bond0: (slave netdevsim3): Enslaving as an active interface with an up link [ 515.904057][T10503] loop4: detected capacity change from 0 to 1024 [ 516.125212][T10503] hfsplus: bad catalog entry type [ 516.581531][ T4237] hfsplus: b-tree write err: -5, ino 4 [ 516.657772][T10515] loop2: detected capacity change from 0 to 1024 [ 516.754070][T10515] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 517.283801][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 517.682757][T10529] loop5: detected capacity change from 0 to 2048 [ 517.814348][T10537] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 517.957494][ T30] audit: type=1800 audit(1756433560.827:112): pid=10529 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1970" name="file2" dev="loop5" ino=16 res=0 errno=0 [ 518.627090][T10545] loop5: detected capacity change from 0 to 64 [ 518.851081][ T30] audit: type=1800 audit(1756433561.697:113): pid=10545 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1978" name="file1" dev="loop5" ino=21 res=0 errno=0 [ 520.282820][ T5870] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 520.425976][T10574] loop4: detected capacity change from 0 to 1024 [ 520.470630][ T5870] usb 6-1: Using ep0 maxpacket: 32 [ 520.543358][ T5870] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 520.558128][ T5870] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 520.569331][ T5870] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 520.578657][ T5870] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 520.588695][ T5870] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 520.598892][ T5870] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 520.612263][ T5870] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 520.622720][ T5870] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.973635][ T5870] usb 6-1: config 0 descriptor?? [ 521.249460][T10586] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1993'. [ 521.282546][ T5870] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 521.386126][T10586] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1993'. [ 521.499323][ T5877] usb 6-1: USB disconnect, device number 2 [ 521.532144][ T5877] usblp0: removed [ 522.165099][T10594] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 523.225337][T10613] loop2: detected capacity change from 0 to 512 [ 523.274551][T10613] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 523.448271][T10621] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2004'. [ 523.944276][ T5877] kernel write not supported for file /sg0 (pid: 5877 comm: kworker/0:5) [ 524.947216][T10641] loop3: detected capacity change from 0 to 512 [ 525.065350][T10641] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 525.211916][T10641] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 525.227217][T10641] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.2015: corrupted inode contents [ 525.341298][T10641] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #11: comm syz.3.2015: mark_inode_dirty error [ 525.379444][T10641] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2015: invalid indirect mapped block 1 (level 1) [ 525.450986][ T5877] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 525.499920][T10641] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.2015: corrupted inode contents [ 525.550732][T10641] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 525.590895][T10641] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.2015: corrupted inode contents [ 525.612454][T10641] EXT4-fs error (device loop3): ext4_truncate:4666: inode #11: comm syz.3.2015: mark_inode_dirty error [ 525.643511][ T5877] usb 5-1: Using ep0 maxpacket: 8 [ 525.653314][T10641] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 525.683337][ T5877] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 525.692379][ T5877] usb 5-1: config 179 has no interface number 0 [ 525.698856][ T5877] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 525.710939][ T5877] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 525.722517][ T5877] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 525.734014][ T5877] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 525.745864][ T5877] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 525.759532][ T5877] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 525.768917][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.808186][T10641] EXT4-fs (loop3): 1 truncate cleaned up [ 525.817164][T10641] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 525.966859][T10648] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 526.156335][T10657] loop2: detected capacity change from 0 to 256 [ 526.257659][T10657] exfat: Deprecated parameter 'namecase' [ 526.264905][T10657] exfat: Deprecated parameter 'namecase' [ 526.425356][ T5816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 526.465139][ T5877] usb 5-1: USB disconnect, device number 16 [ 526.471481][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 526.471695][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 526.522093][T10657] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 526.669935][ T30] audit: type=1800 audit(1756433569.537:114): pid=10657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2022" name="file1" dev="loop2" ino=1048784 res=0 errno=0 [ 527.913216][T10678] overlayfs: failed to resolve '/bÅì [ 527.913216][T10678] tbÿªF?!Ÿ é4eUzSÉ0¹voI¥/´§@¡BÂ@_bšë./file0': -2 [ 528.571396][T10692] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 528.936205][T10696] loop5: detected capacity change from 0 to 1024 [ 529.096753][T10696] hfsplus: xattr exists yet [ 529.637606][T10710] loop5: detected capacity change from 0 to 16 [ 529.661812][T10708] netlink: 'syz.0.2048': attribute type 7 has an invalid length. [ 529.675086][T10708] netlink: 'syz.0.2048': attribute type 8 has an invalid length. [ 531.775383][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 532.065123][T10747] loop5: detected capacity change from 0 to 512 [ 532.237846][T10747] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.2065: iget: bad i_size value: 38620345925642 [ 532.305133][T10749] loop4: detected capacity change from 0 to 1024 [ 532.364359][T10747] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2065: couldn't read orphan inode 15 (err -117) [ 532.457494][T10747] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 532.701035][T10747] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.2065: bg 0: block 5: invalid block bitmap [ 533.201813][ T9840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 534.151088][T10778] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2078'. [ 534.808018][T10786] loop4: detected capacity change from 0 to 1024 [ 535.329598][T10799] loop3: detected capacity change from 0 to 64 [ 536.029888][T10809] genirq: Flags mismatch irq 4. 00200000 (das16m1) vs. 00200080 (ttyS0) [ 537.211300][T10829] loop2: detected capacity change from 0 to 128 [ 537.261406][T10829] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 537.392183][T10829] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 538.904094][T10856] loop4: detected capacity change from 0 to 8 [ 539.062481][T10856] SQUASHFS error: Unable to read directory block [629:46] [ 539.301481][T10859] netlink: 'syz.3.2119': attribute type 30 has an invalid length. [ 541.540768][T10902] dummy0: entered promiscuous mode [ 541.571883][T10900] dummy0: left promiscuous mode [ 541.804495][T10906] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2140'. [ 542.267397][T10910] loop2: detected capacity change from 0 to 2048 [ 542.471401][T10910] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 542.592559][ T30] audit: type=1800 audit(1756433585.457:115): pid=10910 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2153" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 542.693965][T10910] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 542.751372][T10910] EXT4-fs (loop2): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 28 [ 542.764260][T10910] EXT4-fs (loop2): This should not happen!! Data will be lost [ 542.764260][T10910] [ 542.779764][T10910] EXT4-fs (loop2): Total free blocks count 0 [ 542.787701][T10910] EXT4-fs (loop2): Free/Dirty block details [ 542.793892][T10910] EXT4-fs (loop2): free_blocks=2415919504 [ 542.799786][T10910] EXT4-fs (loop2): dirty_blocks=16 [ 542.805317][T10910] EXT4-fs (loop2): Block reservation details [ 542.811590][T10910] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 543.346089][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 544.082206][T10931] loop4: detected capacity change from 0 to 4096 [ 544.185526][T10931] NILFS (loop4): invalid segment: Checksum error in segment payload [ 544.194577][T10931] NILFS (loop4): trying rollback from an earlier position [ 544.373315][T10931] NILFS (loop4): recovery complete [ 544.432305][T10944] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 544.603960][T10947] loop5: detected capacity change from 0 to 64 [ 545.165453][T10952] loop2: detected capacity change from 0 to 1024 [ 546.038960][ T3863] hfsplus: b-tree write err: -5, ino 4 [ 546.361825][T10967] loop5: detected capacity change from 0 to 512 [ 546.467429][T10967] EXT4-fs (loop5): orphan cleanup on readonly fs [ 546.495199][T10967] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.2170: bad orphan inode 13 [ 546.629866][T10967] ext4_test_bit(bit=12, block=18) = 1 [ 546.635949][T10967] is_bad_inode(inode)=0 [ 546.640483][T10967] NEXT_ORPHAN(inode)=2130706432 [ 546.645468][T10967] max_ino=32 [ 546.648797][T10967] i_nlink=1 [ 546.654426][T10967] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 546.731741][T10971] loop4: detected capacity change from 0 to 2048 [ 546.997019][T10971] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 547.032355][T10967] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 547.215844][T10967] EXT4-fs warning (device loop5): ext4_multi_mount_protect:332: MMP startup interrupted, failing mount [ 547.215844][T10967] [ 547.625927][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 547.783381][ T9840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 548.163684][T10990] loop5: detected capacity change from 0 to 512 [ 548.245246][T10995] loop4: detected capacity change from 0 to 64 [ 548.359822][T10990] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.2180: iget: bad extended attribute block 1 [ 548.391909][T10990] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2180: couldn't read orphan inode 15 (err -117) [ 548.445236][T10990] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 548.512450][T10993] loop2: detected capacity change from 0 to 2048 [ 548.644463][T11002] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 548.652685][T10990] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters [ 548.790738][ T30] audit: type=1800 audit(1756433591.657:116): pid=11000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2179" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 548.955074][ T9840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 549.758753][T11009] loop2: detected capacity change from 0 to 1764 [ 550.127944][T11016] loop0: detected capacity change from 0 to 1764 [ 550.429649][T11016] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 551.033029][T11027] loop5: detected capacity change from 0 to 256 [ 551.151393][ T5877] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 551.251996][T11027] exFAT-fs (loop5): failed to load upcase table (idx : 0x000103df, chksum : 0xf3211d0a, utbl_chksum : 0xe619d30d) [ 551.361176][ T5877] usb 4-1: Using ep0 maxpacket: 8 [ 551.420607][ T5877] usb 4-1: config 2 has an invalid interface number: 31 but max is 0 [ 551.428989][ T5877] usb 4-1: config 2 has no interface number 0 [ 551.435776][ T5877] usb 4-1: config 2 interface 31 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 551.449073][ T5877] usb 4-1: config 2 interface 31 has no altsetting 0 [ 551.598377][ T5877] usb 4-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 551.607977][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 551.617297][ T5877] usb 4-1: Product: syz [ 551.622015][ T5877] usb 4-1: Manufacturer: syz [ 551.626795][ T5877] usb 4-1: SerialNumber: syz [ 551.651590][T11034] sp0: Synchronizing with TNC [ 551.801715][T11032] [U] è [ 552.412739][ T5877] ch9200 4-1:2.31: probe with driver ch9200 failed with error -22 [ 552.466866][ T5877] usb 4-1: USB disconnect, device number 11 [ 553.268033][T11054] netlink: 'syz.2.2207': attribute type 3 has an invalid length. [ 553.849781][T11062] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2212'. [ 553.859177][T11062] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2212'. [ 553.869152][T11062] netlink: 'syz.2.2212': attribute type 19 has an invalid length. [ 554.507432][T11075] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2218'. [ 554.944541][T11079] loop3: detected capacity change from 0 to 2048 [ 555.172387][T11086] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 555.235003][ T30] audit: type=1326 audit(1756433598.097:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11083 comm="syz.2.2224" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 555.257786][ T30] audit: type=1326 audit(1756433598.097:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11083 comm="syz.2.2224" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 555.284574][ T30] audit: type=1326 audit(1756433598.137:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11083 comm="syz.2.2224" exe="/root/syz-executor" sig=0 arch=40000003 syscall=333 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 555.308471][ T30] audit: type=1326 audit(1756433598.137:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11083 comm="syz.2.2224" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 555.771119][T11090] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2226'. [ 555.936107][T11092] loop5: detected capacity change from 0 to 1024 [ 556.050801][T11092] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 557.986024][T11125] loop2: detected capacity change from 0 to 256 [ 557.997000][T11125] exfat: Deprecated parameter 'namecase' [ 558.104082][T11125] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 559.805851][T11138] loop2: detected capacity change from 0 to 8192 [ 559.851445][T11138] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 560.961296][T11171] loop4: detected capacity change from 0 to 64 [ 560.989265][T11170] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2260'. [ 561.127984][T11171] Trying to free block not in datazone [ 562.636598][T11196] loop4: detected capacity change from 0 to 8 [ 562.735904][T11194] loop3: detected capacity change from 0 to 2048 [ 562.817611][T11199] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 562.894454][T11194] overlayfs: failed to resolve './file2': -2 [ 562.940464][ T5870] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 563.074217][T11199] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 563.085662][T11199] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4) [ 563.119954][T11199] Remounting filesystem read-only [ 563.136816][ T5816] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 563.169465][ T5870] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 563.179403][ T5870] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.192897][ T5870] usb 6-1: config 0 descriptor?? [ 563.621683][ T5870] ath6kl: Unsupported hardware version: 0x8 [ 563.628287][ T5870] ath6kl: Failed to init ath6kl core: -22 [ 563.636571][ T5870] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 563.710628][ T5823] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 563.790576][ T5823] Bluetooth: hci0: command 0x0406 tx timeout [ 563.825629][ T5870] usb 6-1: USB disconnect, device number 3 [ 564.555474][T11214] raw_sendmsg: syz.3.2288 forgot to set AF_INET. Fix it! [ 564.991044][T11219] usb usb1: check_ctrlrecip: process 11219 (syz.4.2281) requesting ep 01 but needs 81 [ 565.330645][ T5870] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 565.439087][T11231] tipc: Started in network mode [ 565.444708][T11231] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 565.453422][T11231] tipc: Enabled bearer , priority 10 [ 565.509814][ T5870] usb 6-1: Using ep0 maxpacket: 8 [ 565.555080][ T5870] usb 6-1: unable to get BOS descriptor or descriptor too short [ 565.571344][ T5870] usb 6-1: config 4 has an invalid interface number: 30 but max is 0 [ 565.579767][ T5870] usb 6-1: config 4 has no interface number 0 [ 565.586418][ T5870] usb 6-1: config 4 interface 30 has no altsetting 0 [ 565.661243][ T5870] usb 6-1: string descriptor 0 read error: -22 [ 565.668001][ T5870] usb 6-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 565.677673][ T5870] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 565.740078][ T5870] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 565.748486][ T5870] dw2102: su3000_power_ctrl: 1, initialized 0 [ 565.756104][ T5870] dvb-usb: bulk message failed: -22 (2/0) [ 565.786747][ T5870] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 565.801006][ T5870] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 565.808717][ T5870] usb 6-1: media controller created [ 565.821022][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 565.826918][ T5870] dw2102: i2c transfer failed. [ 565.834042][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 565.839942][ T5870] dw2102: i2c transfer failed. [ 565.844962][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 565.850904][ T5870] dw2102: i2c transfer failed. [ 565.855797][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 565.861810][ T5870] dw2102: i2c transfer failed. [ 565.866766][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 565.872763][ T5870] dw2102: i2c transfer failed. [ 565.877666][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 565.883777][ T5870] dw2102: i2c transfer failed. [ 565.888671][ T5870] dvb-usb: MAC address: 02:02:02:02:02:02 [ 565.960914][ T5870] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 566.043407][ T5870] dvb-usb: bulk message failed: -22 (3/0) [ 566.049321][ T5870] dw2102: command 0x0e transfer failed. [ 566.055228][ T5870] dvb-usb: bulk message failed: -22 (3/0) [ 566.061980][ T5870] dw2102: command 0x0e transfer failed. [ 566.374083][ T5870] dvb-usb: bulk message failed: -22 (3/0) [ 566.380006][ T5870] dw2102: command 0x0e transfer failed. [ 566.386052][ T5870] dvb-usb: bulk message failed: -22 (3/0) [ 566.392155][ T5870] dw2102: command 0x0e transfer failed. [ 566.397863][ T5870] dvb-usb: bulk message failed: -22 (1/0) [ 566.403930][ T5870] dw2102: command 0x51 transfer failed. [ 566.409586][ T5870] dvb-usb: bulk message failed: -22 (5/0) [ 566.415553][ T5870] dw2102: i2c probe for address 0x68 failed. [ 566.421818][ T5870] dvb-usb: bulk message failed: -22 (5/0) [ 566.434817][ T5870] dw2102: i2c probe for address 0x69 failed. [ 566.443648][ T5870] dvb-usb: bulk message failed: -22 (5/0) [ 566.449563][ T5870] dw2102: i2c probe for address 0x6a failed. [ 566.455756][ T5870] dw2102: probing for demodulator failed. Is the external power switched on? [ 566.464781][ T5870] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)' [ 566.583165][ T5877] tipc: Node number set to 8432298 [ 566.600457][ T5870] rc_core: IR keymap rc-tt-1500 not found [ 566.606364][ T5870] Registered IR keymap rc-empty [ 566.613757][ T5870] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0 [ 566.626227][ T5870] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0/input12 [ 566.748940][ T5823] Bluetooth: hci1: unexpected event for opcode 0x1408 [ 566.757603][ T5870] dvb-usb: schedule remote query interval to 250 msecs. [ 566.764969][ T5870] dw2102: su3000_power_ctrl: 0, initialized 1 [ 566.771615][ T5870] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected. [ 566.783763][ T5870] usb 6-1: USB disconnect, device number 4 [ 566.876668][T11246] loop0: detected capacity change from 0 to 128 [ 566.966879][ T5870] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected. [ 567.054263][T11246] syz.0.2303: attempt to access beyond end of device [ 567.054263][T11246] loop0: rw=2051, sector=104, nr_sectors = 25 limit=128 [ 567.581125][T11257] tmpfs: Cannot enable swap on remount if it was disabled on first mount [ 567.734822][T11259] netlink: 'syz.3.2302': attribute type 3 has an invalid length. [ 567.858598][T11262] loop2: detected capacity change from 0 to 1024 [ 568.226317][T11269] loop3: detected capacity change from 0 to 512 [ 568.284150][ T4237] hfsplus: b-tree write err: -5, ino 4 [ 568.400746][T11269] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 568.414320][T11269] ext4 filesystem being mounted at /480/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 568.544674][T11281] loop5: detected capacity change from 0 to 2048 [ 568.873130][ T5816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 569.019866][T11289] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2316'. [ 569.330388][ T30] audit: type=1326 audit(1756433612.207:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11293 comm="syz.2.2319" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 569.353363][ T30] audit: type=1326 audit(1756433612.207:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11293 comm="syz.2.2319" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 569.376423][ T30] audit: type=1326 audit(1756433612.217:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11293 comm="syz.2.2319" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 569.403155][ T30] audit: type=1326 audit(1756433612.217:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11293 comm="syz.2.2319" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 569.427118][ T30] audit: type=1326 audit(1756433612.287:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11293 comm="syz.2.2319" exe="/root/syz-executor" sig=0 arch=40000003 syscall=170 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 569.449681][ T30] audit: type=1326 audit(1756433612.287:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11293 comm="syz.2.2319" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35539 code=0x7ffc0000 [ 569.518514][T11295] loop5: detected capacity change from 0 to 1024 [ 569.532278][T11295] EXT4-fs: Ignoring removed nomblk_io_submit option [ 569.600664][T11295] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 569.677006][T11300] loop4: detected capacity change from 0 to 256 [ 569.686602][T11300] exfat: Deprecated parameter 'namecase' [ 569.803552][T11300] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 569.928352][T11305] loop2: detected capacity change from 0 to 2048 [ 569.997993][ T9840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 570.088146][T11308] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 570.309127][T11315] netlink: 'syz.4.2327': attribute type 3 has an invalid length. [ 570.754140][ T5823] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 570.762964][ T5823] Bluetooth: hci1: Injecting HCI hardware error event [ 570.771467][ T5823] Bluetooth: hci1: hardware error 0x00 [ 570.854914][ T5877] kernel write not supported for file bpf-prog (pid: 5877 comm: kworker/0:5) [ 571.217859][T11319] loop0: detected capacity change from 0 to 4096 [ 571.630778][T11338] loop3: detected capacity change from 0 to 64 [ 571.693135][T11319] ntfs3(loop0): failed to convert "0080" to cp862 [ 571.714724][T11319] ntfs3(loop0): failed to convert name for inode 1e. [ 571.742715][T11319] ntfs3(loop0): ino=1f, mi_enum_attr [ 571.748515][T11319] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 571.769482][T11341] loop2: detected capacity change from 0 to 128 [ 572.303160][T11345] loop4: detected capacity change from 0 to 2048 [ 572.429410][T11345] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 572.443659][T11345] ext4 filesystem being mounted at /458/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 572.670496][T11351] ALSA: seq fatal error: cannot create timer (-19) [ 572.761636][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 572.835534][ T5823] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 573.986679][ T30] audit: type=1326 audit(1756433616.867:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11385 comm="syz.4.2362" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e539 code=0x0 [ 574.041334][T11387] loop3: detected capacity change from 0 to 128 [ 574.060495][T11387] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 574.105333][T11387] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 574.482577][T11394] loop2: detected capacity change from 0 to 4096 [ 574.511038][T11397] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2364'. [ 574.530890][T11394] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 574.564763][T11398] ALSA: mixer_oss: invalid OSS volume '' [ 574.582700][T11394] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 574.683321][ T30] audit: type=1800 audit(1756433617.571:128): pid=11394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2363" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 574.901437][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 575.243390][T11412] netlink: 'syz.4.2371': attribute type 29 has an invalid length. [ 575.323163][T11414] netlink: 'syz.4.2371': attribute type 29 has an invalid length. [ 575.395881][T11413] loop2: detected capacity change from 0 to 1024 [ 575.457472][T11413] EXT4-fs: Ignoring removed orlov option [ 575.463777][T11413] EXT4-fs: Ignoring removed mblk_io_submit option [ 575.487291][T11413] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 575.518603][T11418] loop3: detected capacity change from 0 to 128 [ 575.603084][T11413] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 575.603472][T11418] FAT-fs (loop3): Directory bread(block 11554) failed [ 575.626618][T11418] FAT-fs (loop3): Directory bread(block 11555) failed [ 575.634349][T11418] FAT-fs (loop3): Directory bread(block 11556) failed [ 575.641554][T11418] FAT-fs (loop3): Directory bread(block 11557) failed [ 575.655062][T11418] FAT-fs (loop3): Directory bread(block 11558) failed [ 575.667653][T11418] FAT-fs (loop3): Directory bread(block 11559) failed [ 575.674759][T11418] FAT-fs (loop3): Directory bread(block 11560) failed [ 575.681841][T11418] FAT-fs (loop3): Directory bread(block 11561) failed [ 575.689212][T11418] FAT-fs (loop3): Directory bread(block 11562) failed [ 575.696291][T11418] FAT-fs (loop3): Directory bread(block 11563) failed [ 576.049458][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 576.632705][ T5870] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 576.706762][T11442] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2385'. [ 576.717082][T11442] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2385'. [ 576.743774][T11442] macvlan2: entered promiscuous mode [ 576.835476][ T5870] usb 5-1: Using ep0 maxpacket: 16 [ 576.865693][ T5870] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 197, changing to 11 [ 576.881872][ T5870] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 8344, setting to 1024 [ 576.894959][ T5870] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 576.951402][ T5870] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 576.961339][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 576.969536][ T5870] usb 5-1: SerialNumber: syz [ 577.027347][T11434] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 577.143788][T11448] loop9: detected capacity change from 0 to 7 [ 577.162632][T11448] buffer_io_error: 4 callbacks suppressed [ 577.162769][T11448] Buffer I/O error on dev loop9, logical block 0, async page read [ 577.177432][T11448] Buffer I/O error on dev loop9, logical block 0, async page read [ 577.192288][T11448] Buffer I/O error on dev loop9, logical block 0, async page read [ 577.202559][T11448] Buffer I/O error on dev loop9, logical block 0, async page read [ 577.211048][T11448] Buffer I/O error on dev loop9, logical block 0, async page read [ 577.219491][T11448] Buffer I/O error on dev loop9, logical block 0, async page read [ 577.227945][T11448] Buffer I/O error on dev loop9, logical block 0, async page read [ 577.236269][T11448] ldm_validate_partition_table(): Disk read failed. [ 577.243514][T11448] Buffer I/O error on dev loop9, logical block 0, async page read [ 577.251947][T11448] Buffer I/O error on dev loop9, logical block 0, async page read [ 577.260518][T11448] Buffer I/O error on dev loop9, logical block 0, async page read [ 577.269209][T11448] Dev loop9: unable to read RDB block 0 [ 577.275674][T11448] loop9: unable to read partition table [ 577.288992][T11448] loop9: partition table beyond EOD, truncated [ 577.295566][T11448] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ â·û [ 577.295566][T11448] ) failed (rc=-5) [ 577.313651][ T5870] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 577.362176][ T5870] usb 5-1: USB disconnect, device number 17 [ 577.446544][T11452] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2389'. [ 577.455898][T11452] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2389'. [ 577.465346][T11452] netlink: 'syz.2.2389': attribute type 18 has an invalid length. [ 578.020597][ T5870] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 578.127090][T11464] loop4: detected capacity change from 0 to 64 [ 578.228064][T11457] loop3: detected capacity change from 0 to 4096 [ 578.245390][ T5870] usb 3-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 578.254870][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.263309][ T5870] usb 3-1: Product: syz [ 578.267657][ T5870] usb 3-1: Manufacturer: syz [ 578.272806][ T5870] usb 3-1: SerialNumber: syz [ 578.368590][ T5870] usb 3-1: config 0 descriptor?? [ 578.691040][T11471] loop5: detected capacity change from 0 to 512 [ 578.719187][T11471] EXT4-fs: Ignoring removed nobh option [ 578.776182][T11471] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.2398: iget: bad i_size value: 38620345925642 [ 578.888426][T11471] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2398: couldn't read orphan inode 15 (err -117) [ 578.961807][T11471] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 579.036585][ T5870] usb 3-1: f81604_read: reg: 105 failed: -EPROTO [ 579.043398][ T5870] f81604 3-1:0.0: Setting termination of CH#1 failed: -EPROTO [ 579.051378][ T5870] f81604 3-1:0.0: probe with driver f81604 failed with error -71 [ 579.093639][ T5870] usb 3-1: USB disconnect, device number 10 [ 579.247522][ T9840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 580.285548][T11495] loop4: detected capacity change from 0 to 4096 [ 580.367616][T11495] EXT4-fs (loop4): Test dummy encryption mode enabled [ 580.428018][T11495] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 580.478844][T11495] System zones: 0-5 [ 580.490755][T11495] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 580.710656][ T5870] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 580.769172][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 580.872684][ T5870] usb 6-1: Using ep0 maxpacket: 8 [ 580.923640][ T5870] usb 6-1: unable to get BOS descriptor or descriptor too short [ 580.975342][ T5870] usb 6-1: config 4 has an invalid interface number: 30 but max is 0 [ 580.984444][ T5870] usb 6-1: config 4 has no interface number 0 [ 580.991608][ T5870] usb 6-1: config 4 interface 30 has no altsetting 0 [ 581.089259][ T5870] usb 6-1: string descriptor 0 read error: -22 [ 581.096286][ T5870] usb 6-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 581.105763][ T5870] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.182827][ T5870] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 581.190044][ T5870] dw2102: su3000_power_ctrl: 1, initialized 0 [ 581.196759][ T5870] dvb-usb: bulk message failed: -22 (2/0) [ 581.219900][T11516] loop2: detected capacity change from 0 to 512 [ 581.225067][T11518] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2421'. [ 581.229230][T11516] EXT4-fs: Ignoring removed oldalloc option [ 581.242802][T11516] EXT4-fs: Ignoring removed mblk_io_submit option [ 581.301167][ T5870] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 581.335445][ T5870] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 581.343417][ T5870] usb 6-1: media controller created [ 581.348895][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 581.355255][ T5870] dw2102: i2c transfer failed. [ 581.360291][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 581.366263][ T5870] dw2102: i2c transfer failed. [ 581.371398][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 581.384613][ T5870] dw2102: i2c transfer failed. [ 581.389530][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 581.397702][ T5870] dw2102: i2c transfer failed. [ 581.402751][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 581.408629][ T5870] dw2102: i2c transfer failed. [ 581.413684][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 581.419577][ T5870] dw2102: i2c transfer failed. [ 581.424632][ T5870] dvb-usb: MAC address: 02:02:02:02:02:02 [ 581.448887][T11516] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 581.485412][T11516] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=2840c01c, mo2=0102] [ 581.510562][T11516] System zones: 0-2, 18-18, 34-34 [ 581.517078][T11516] EXT4-fs (loop2): orphan cleanup on readonly fs [ 581.532053][T11516] Quota error (device loop2): do_check_range: Getting block 196613 out of range 1-5 [ 581.542503][T11516] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 581.552388][T11516] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.2420: Failed to acquire dquot type 1 [ 581.604198][T11516] EXT4-fs (loop2): 1 truncate cleaned up [ 581.656242][T11516] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 581.704224][ T5870] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 581.864418][T11516] EXT4-fs: Ignoring removed orlov option [ 581.871634][T11516] EXT4-fs: Remounting file system with no journal so ignoring journalled data option [ 581.881913][T11516] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 581.948954][T11516] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 581.957358][ T5870] dvb-usb: bulk message failed: -22 (3/0) [ 581.964595][ T5870] dw2102: command 0x0e transfer failed. [ 581.970567][ T5870] dvb-usb: bulk message failed: -22 (3/0) [ 581.976522][ T5870] dw2102: command 0x0e transfer failed. [ 582.016329][T11516] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=842c11c, mo2=0102] [ 582.053936][T11516] EXT4-fs error (device loop2): __ext4_remount:6740: comm syz.2.2420: Abort forced by user [ 582.110695][T11516] EXT4-fs (loop2): Remounting filesystem read-only [ 582.117499][T11516] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 582.126458][T11516] ext4 filesystem being remounted at /502/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 582.160975][ T5877] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 582.183539][T11533] capability: warning: `syz.3.2427' uses 32-bit capabilities (legacy support in use) [ 582.313687][ T5870] dvb-usb: bulk message failed: -22 (3/0) [ 582.319623][ T5870] dw2102: command 0x0e transfer failed. [ 582.325622][ T5870] dvb-usb: bulk message failed: -22 (3/0) [ 582.331638][ T5870] dw2102: command 0x0e transfer failed. [ 582.337318][ T5870] dvb-usb: bulk message failed: -22 (1/0) [ 582.343350][ T5870] dw2102: command 0x51 transfer failed. [ 582.349029][ T5870] dvb-usb: bulk message failed: -22 (5/0) [ 582.356402][ T5870] dw2102: i2c probe for address 0x68 failed. [ 582.362668][ T5870] dvb-usb: bulk message failed: -22 (5/0) [ 582.368618][ T5870] dw2102: i2c probe for address 0x69 failed. [ 582.374936][ T5870] dvb-usb: bulk message failed: -22 (5/0) [ 582.381028][ T5870] dw2102: i2c probe for address 0x6a failed. [ 582.381039][ T5877] usb 5-1: Using ep0 maxpacket: 32 [ 582.392457][ T5870] dw2102: probing for demodulator failed. Is the external power switched on? [ 582.394735][ T5877] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 582.408454][ T5870] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)' [ 582.417332][ T5877] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 582.476764][ T5877] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 582.486426][ T5877] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 582.491118][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 582.495221][ T5877] usb 5-1: Product: syz [ 582.512693][ T5877] usb 5-1: Manufacturer: syz [ 582.560986][T11537] loop5: detected capacity change from 0 to 256 [ 582.638792][ T5877] hub 5-1:4.0: USB hub found [ 582.751582][T11542] loop0: detected capacity change from 0 to 512 [ 582.827713][T11542] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 582.840520][ T5870] rc_core: IR keymap rc-tt-1500 not found [ 582.846409][ T5870] Registered IR keymap rc-empty [ 582.853506][ T5870] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0 [ 582.865187][ T5870] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0/input13 [ 582.869121][ T5877] hub 5-1:4.0: 2 ports detected [ 582.968590][T11542] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 582.982172][T11542] ext4 filesystem being mounted at /486/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 583.068245][ T5877] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 583.075645][ T5877] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 583.091362][ T5870] dvb-usb: schedule remote query interval to 250 msecs. [ 583.098595][ T5870] dw2102: su3000_power_ctrl: 0, initialized 1 [ 583.106419][ T5870] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected. [ 583.108997][T11542] EXT4-fs error (device loop0): ext4_xattr_block_find:1869: inode #15: comm syz.0.2432: corrupted xattr block 19: overlapping e_value [ 583.137838][ T5877] usb 5-1: USB disconnect, device number 18 [ 583.154496][T11549] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2433'. [ 583.191613][ T5870] usb 6-1: USB disconnect, device number 5 [ 583.217667][T11542] EXT4-fs (loop0): Remounting filesystem read-only [ 583.317920][ T5870] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected. [ 583.550823][ T5821] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 584.222646][T11558] loop2: detected capacity change from 0 to 4096 [ 584.408945][T11564] loop4: detected capacity change from 0 to 4096 [ 584.524195][T11558] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 584.580705][T11564] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 584.596829][T11570] trusted_key: encrypted_key: key user:syz not found [ 584.689346][T11558] ntfs3(loop2): Failed to load $Extend (-22). [ 584.703083][T11558] ntfs3(loop2): Failed to initialize $Extend. [ 585.459793][T11580] loop0: detected capacity change from 0 to 2048 [ 585.605602][T11580] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 586.208812][ T5877] kernel write not supported for file /input/mice (pid: 5877 comm: kworker/0:5) [ 586.893460][T11618] netlink: 'syz.5.2462': attribute type 5 has an invalid length. [ 587.299504][T11626] gretap1: entered promiscuous mode [ 587.831360][T11635] loop4: detected capacity change from 0 to 256 [ 587.864844][T11635] exfat: Deprecated parameter 'namecase' [ 588.006383][T11635] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d) [ 588.228416][T11631] loop3: detected capacity change from 0 to 4096 [ 588.502079][T11640] loop5: detected capacity change from 0 to 2048 [ 588.598861][T11640] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 589.284926][T11657] loop5: detected capacity change from 0 to 64 [ 589.306400][T11653] loop0: detected capacity change from 0 to 2048 [ 589.426046][T11653] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 590.415503][ T3902] kworker/u8:19: attempt to access beyond end of device [ 590.415503][ T3902] loop5: rw=1, sector=2089, nr_sectors = 2048 limit=64 [ 590.434397][ T3902] kworker/u8:19: attempt to access beyond end of device [ 590.434397][ T3902] loop5: rw=1, sector=4137, nr_sectors = 32 limit=64 [ 590.449172][ T3902] kworker/u8:19: attempt to access beyond end of device [ 590.449172][ T3902] loop5: rw=1, sector=4169, nr_sectors = 1 limit=64 [ 590.462902][ T3902] buffer_io_error: 4 callbacks suppressed [ 590.462969][ T3902] Buffer I/O error on dev loop5, logical block 4169, lost async page write [ 590.478139][ T3902] kworker/u8:19: attempt to access beyond end of device [ 590.478139][ T3902] loop5: rw=1, sector=4170, nr_sectors = 1 limit=64 [ 590.495295][ T3902] Buffer I/O error on dev loop5, logical block 4170, lost async page write [ 590.505521][ T3902] kworker/u8:19: attempt to access beyond end of device [ 590.505521][ T3902] loop5: rw=1, sector=4172, nr_sectors = 1 limit=64 [ 590.519331][ T3902] Buffer I/O error on dev loop5, logical block 4172, lost async page write [ 590.528232][ T3902] kworker/u8:19: attempt to access beyond end of device [ 590.528232][ T3902] loop5: rw=1, sector=4173, nr_sectors = 1 limit=64 [ 590.541991][ T3902] Buffer I/O error on dev loop5, logical block 4173, lost async page write [ 590.550868][ T3902] kworker/u8:19: attempt to access beyond end of device [ 590.550868][ T3902] loop5: rw=1, sector=4174, nr_sectors = 1 limit=64 [ 590.564873][ T3902] Buffer I/O error on dev loop5, logical block 4174, lost async page write [ 590.573772][ T3902] kworker/u8:19: attempt to access beyond end of device [ 590.573772][ T3902] loop5: rw=1, sector=4175, nr_sectors = 1 limit=64 [ 590.587484][ T3902] Buffer I/O error on dev loop5, logical block 4175, lost async page write [ 590.600012][ T3902] kworker/u8:19: attempt to access beyond end of device [ 590.600012][ T3902] loop5: rw=1, sector=4176, nr_sectors = 1 limit=64 [ 590.614917][ T3902] Buffer I/O error on dev loop5, logical block 4176, lost async page write [ 590.623847][ T3902] kworker/u8:19: attempt to access beyond end of device [ 590.623847][ T3902] loop5: rw=1, sector=4177, nr_sectors = 1 limit=64 [ 590.637499][ T3902] Buffer I/O error on dev loop5, logical block 4177, lost async page write [ 590.646737][ T3902] Buffer I/O error on dev loop5, logical block 4196, lost async page write [ 590.655729][ T3902] Buffer I/O error on dev loop5, logical block 4197, lost async page write [ 591.641638][T11683] loop2: detected capacity change from 0 to 2048 [ 591.651438][T11683] EXT4-fs: Ignoring removed mblk_io_submit option [ 591.840557][T11683] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 592.229730][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 592.748513][T11705] netlink: 766 bytes leftover after parsing attributes in process `syz.3.2501'. [ 592.778761][T11704] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2502'. [ 592.788569][T11704] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2502'. [ 592.875865][T11703] loop0: detected capacity change from 0 to 1024 [ 593.084902][T11703] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 593.188603][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 593.524408][ T5821] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 593.834886][T11726] loop3: detected capacity change from 0 to 512 [ 593.881847][T11726] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 594.103565][ T5870] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 594.105743][T11726] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #17: comm syz.3.2511: iget: bad i_size value: -6917529027641081756 [ 594.108938][T11726] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.2511: couldn't read orphan inode 17 (err -117) [ 594.206638][T11726] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 594.285058][ T5870] usb 5-1: Using ep0 maxpacket: 32 [ 594.301400][ T5870] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 594.301534][ T5870] usb 5-1: config 0 has no interface number 0 [ 594.315420][T11726] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2511: bg 0: block 65: padding at end of block bitmap is not set [ 594.317468][T11726] Quota error (device loop3): write_blk: dquota write failed [ 594.318333][T11726] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 594.318555][T11726] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.2511: Failed to acquire dquot type 0 [ 594.325585][ T5870] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 594.325731][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.325852][ T5870] usb 5-1: Product: syz [ 594.325948][ T5870] usb 5-1: Manufacturer: syz [ 594.326043][ T5870] usb 5-1: SerialNumber: syz [ 594.330523][ T5870] usb 5-1: config 0 descriptor?? [ 594.332104][T11726] Quota error (device loop3): do_check_range: Getting block 144 out of range 0-5 [ 594.346611][ T5870] smsc95xx v2.0.0 [ 594.483731][T11739] loop2: detected capacity change from 0 to 256 [ 594.566763][T11739] exfat: Deprecated parameter 'utf8' [ 594.567067][T11739] exfat: Deprecated parameter 'utf8' [ 594.567330][T11739] exfat: Deprecated parameter 'namecase' [ 594.627114][ T5816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 594.686917][T11739] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 595.143576][ T5870] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 595.154890][ T5870] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 595.171361][ T5870] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 595.183415][ T5870] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71 [ 595.248056][ T5870] usb 5-1: USB disconnect, device number 19 [ 595.361000][T11747] sctp: [Deprecated]: syz.2.2519 (pid 11747) Use of int in maxseg socket option. [ 595.361000][T11747] Use struct sctp_assoc_value instead [ 595.525028][T11752] netlink: 328 bytes leftover after parsing attributes in process `syz.0.2521'. [ 596.393596][T11770] tipc: Failed to obtain node identity [ 596.399293][T11770] tipc: Enabling of bearer rejected, failed to enable media [ 596.472256][T11765] loop4: detected capacity change from 0 to 4096 [ 597.089971][T11785] loop2: detected capacity change from 0 to 256 [ 597.102330][ T3902] ntfs3(loop4): ino=5, mi_enum_attr [ 597.160605][T11785] exfat: Deprecated parameter 'utf8' [ 597.166695][T11785] exfat: Deprecated parameter 'namecase' [ 597.273079][T11787] loop0: detected capacity change from 0 to 1024 [ 597.379465][T11785] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 597.546325][T11793] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2541'. [ 597.635615][ T3664] hfsplus: b-tree write err: -5, ino 4 [ 597.895835][T11796] loop5: detected capacity change from 0 to 128 [ 597.958300][T11796] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 598.032323][T11796] ext4 filesystem being mounted at /135/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 598.505027][ T9840] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 598.868120][T11822] loop4: detected capacity change from 0 to 256 [ 598.922311][T11815] loop0: detected capacity change from 0 to 4096 [ 598.965934][T11815] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 598.978468][T11822] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 599.288981][ T30] audit: type=1800 audit(1756433642.171:129): pid=11815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2549" name="file1" dev="loop0" ino=33 res=0 errno=0 [ 600.059639][T11841] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2564'. [ 600.069598][T11841] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2564'. [ 600.426494][ T5877] kernel write not supported for file /media0 (pid: 5877 comm: kworker/0:5) [ 600.505121][T11853] delete_channel: no stack [ 600.767614][T11856] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 600.807312][T11856] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 601.369471][T11867] loop5: detected capacity change from 0 to 164 [ 601.438630][T11871] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2578'. [ 601.479839][T11867] ISOFS: unable to read i-node block [ 602.206066][T11888] loop5: detected capacity change from 0 to 64 [ 602.670550][T11893] loop3: detected capacity change from 0 to 2048 [ 602.751429][T11893] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 602.762584][T11893] NILFS (loop3): mounting unchecked fs [ 602.906582][T11893] NILFS (loop3): recovery complete [ 602.943116][T11901] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 603.214073][T11904] loop0: detected capacity change from 0 to 2048 [ 603.235481][T11904] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 603.246123][T11904] NILFS (loop0): mounting unchecked fs [ 603.351863][T11904] NILFS (loop0): recovery complete [ 603.362308][T11908] ALSA: mixer_oss: invalid OSS volume '^' [ 603.373158][T11910] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 603.627311][T11905] loop2: detected capacity change from 0 to 4096 [ 603.638325][T11905] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512). [ 604.941624][ T5877] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 604.987773][T11936] bridge1: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 605.099643][T11939] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2608'. [ 605.172317][T11941] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2608'. [ 605.183468][T11941] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2608'. [ 605.212630][ T5877] usb 3-1: config 1 has an invalid interface number: 7 but max is 0 [ 605.221031][ T5877] usb 3-1: config 1 has no interface number 0 [ 605.227435][ T5877] usb 3-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 605.242983][ T5877] usb 3-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 605.254221][ T5877] usb 3-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 605.293631][ T5877] usb 3-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 605.303410][ T5877] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 605.312080][ T5877] usb 3-1: Product: syz [ 605.316421][ T5877] usb 3-1: Manufacturer: syz [ 605.321387][ T5877] usb 3-1: SerialNumber: syz [ 605.462181][T11930] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 605.792298][T11930] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 605.844085][T11949] loop4: detected capacity change from 0 to 1024 [ 606.080910][ T5877] usb 3-1: Incompatible driver and firmware versions [ 606.199979][ T4237] hfsplus: bad catalog file entry [ 606.306668][ T5870] usb 3-1: USB disconnect, device number 11 [ 606.528146][T11961] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2618'. [ 606.537669][T11961] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2618'. [ 606.547104][T11961] netlink: 'syz.5.2618': attribute type 19 has an invalid length. [ 607.104469][T11966] loop0: detected capacity change from 0 to 2048 [ 607.171464][T11966] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 607.407858][ T30] audit: type=1800 audit(1756433650.291:130): pid=11966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2630" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 607.429334][ T30] audit: type=1800 audit(1756433650.291:131): pid=11966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2630" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 607.678604][ T5821] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 607.926711][T11990] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2628'. [ 608.082232][T11995] devtmpfs: Too few inodes for current use [ 608.487431][T12006] netlink: 'syz.0.2636': attribute type 30 has an invalid length. [ 608.840791][T12008] loop3: detected capacity change from 0 to 512 [ 608.883350][T12008] EXT4-fs: Ignoring removed orlov option [ 608.904739][T12012] loop5: detected capacity change from 0 to 128 [ 608.921089][T12008] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 608.951578][T12012] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 608.978610][T12014] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2652'. [ 609.056169][T12008] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 609.085297][T12012] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 609.112919][T12008] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.2638: corrupted in-inode xattr: e_value size too large [ 609.170986][T12008] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.2638: couldn't read orphan inode 15 (err -117) [ 609.206919][T12008] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 609.576945][ T5816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 609.697544][T12026] genirq: Flags mismatch irq 4. 00200000 (das16m1) vs. 00200080 (ttyS0) [ 610.194406][T12035] tipc: MTU too low for tipc bearer [ 610.531564][T12040] loop0: detected capacity change from 0 to 2048 [ 610.602161][T12045] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 611.182568][T12056] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2662'. [ 611.675839][T12067] loop0: detected capacity change from 0 to 1024 [ 612.314851][ T3863] hfsplus: b-tree write err: -5, ino 4 [ 612.745718][T12091] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2677'. [ 613.796517][T12109] loop0: detected capacity change from 0 to 1024 [ 614.579055][T12125] loop0: detected capacity change from 0 to 512 [ 614.617345][T12125] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 614.669401][T12128] loop7: detected capacity change from 0 to 7 [ 614.673859][T12125] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.2704: invalid indirect mapped block 4294967295 (level 0) [ 614.719660][ C0] blk_print_req_error: 10 callbacks suppressed [ 614.719740][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 614.735632][ C0] buffer_io_error: 86 callbacks suppressed [ 614.735716][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 614.795396][T12125] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.2704: invalid indirect mapped block 4294967295 (level 1) [ 614.809887][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 614.810039][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 614.829905][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 614.839519][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 614.852230][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 614.861804][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 614.890948][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 614.900464][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 614.932360][T12125] EXT4-fs (loop0): 1 orphan inode deleted [ 614.934186][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 614.938268][T12125] EXT4-fs (loop0): 1 truncate cleaned up [ 614.940839][T12125] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 614.947665][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 614.980082][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 614.990016][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 615.011602][T12128] ldm_validate_partition_table(): Disk read failed. [ 615.018993][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 615.028628][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 615.061968][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 615.071624][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 615.096800][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 615.106472][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 615.127986][T12128] Dev loop7: unable to read RDB block 0 [ 615.146002][T12125] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 615.184533][T12128] loop7: unable to read partition table [ 615.213504][T12128] loop7: partition table beyond EOD, truncated [ 615.220078][T12128] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 615.315024][T12134] loop5: detected capacity change from 0 to 1024 [ 615.342849][T12134] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 615.383898][T12134] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 615.427826][T12134] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c840e02c, mo2=0000] [ 615.471163][ T5821] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 615.500016][T12134] EXT4-fs error (device loop5): ext4_free_blocks:6696: comm syz.5.2694: Freeing blocks not in datazone - block = 0, count = 4096 [ 615.521238][T12134] EXT4-fs (loop5): Remounting filesystem read-only [ 615.528204][T12134] EXT4-fs (loop5): 1 orphan inode deleted [ 615.536500][T12134] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 615.596770][ T4237] EXT4-fs (loop5): Quota write (off=3072, len=1024) cancelled because transaction is not started [ 615.608031][ T4237] Quota error (device loop5): write_blk: dquota write failed [ 615.616017][ T4237] Quota error (device loop5): free_dqentry: Can't move quota data block (2) to free list [ 615.633871][T12137] loop3: detected capacity change from 0 to 256 [ 615.643239][T12137] exfat: Deprecated parameter 'utf8' [ 615.678083][T12137] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 615.741128][T12134] EXT4-fs: Ignoring removed orlov option [ 615.747465][T12134] EXT4-fs: Cannot change quota options when quota turned on [ 615.882446][ T9840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 616.049661][T12143] loop4: detected capacity change from 0 to 512 [ 616.071665][T12143] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 617.793699][T12184] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 617.807496][T12184] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1) [ 617.829331][T12185] loop0: detected capacity change from 0 to 256 [ 618.130319][T12185] FAT-fs (loop0): Directory bread(block 64) failed [ 618.137655][T12185] FAT-fs (loop0): Directory bread(block 65) failed [ 618.148937][T12185] FAT-fs (loop0): Directory bread(block 66) failed [ 618.158087][T12185] FAT-fs (loop0): Directory bread(block 67) failed [ 618.165946][T12185] FAT-fs (loop0): Directory bread(block 68) failed [ 618.172907][T12185] FAT-fs (loop0): Directory bread(block 69) failed [ 618.179792][T12185] FAT-fs (loop0): Directory bread(block 70) failed [ 618.186914][T12185] FAT-fs (loop0): Directory bread(block 71) failed [ 618.193986][T12185] FAT-fs (loop0): Directory bread(block 72) failed [ 618.201038][T12185] FAT-fs (loop0): Directory bread(block 73) failed [ 618.429030][T12193] mkiss: ax0: crc mode is auto. [ 618.431563][ T5870] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 618.630642][ T5870] usb 3-1: Using ep0 maxpacket: 16 [ 618.645956][ T5870] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 618.662441][ T5870] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 618.675141][ T5870] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 618.689629][ T5870] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 618.699155][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 618.833409][ T5870] usb 3-1: config 0 descriptor?? [ 619.195347][T12203] loop5: detected capacity change from 0 to 1024 [ 619.424771][ T5870] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0013/input/input14 [ 619.582002][ T5870] microsoft 0003:045E:07DA.0013: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 619.633731][ T5870] usb 3-1: USB disconnect, device number 12 [ 619.863417][T12215] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2748'. [ 620.185687][T12221] loop4: detected capacity change from 0 to 8 [ 620.418670][T12226] loop3: detected capacity change from 0 to 512 [ 620.548062][T12226] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 620.695072][T12226] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 620.715881][T12226] ext4 filesystem being mounted at /576/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 620.885106][T12226] EXT4-fs error (device loop3): ext4_xattr_block_find:1869: inode #15: comm syz.3.2752: corrupted xattr block 19: overlapping e_value [ 620.912170][ T5870] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 620.958699][T12226] EXT4-fs (loop3): Remounting filesystem read-only [ 621.100492][ T5870] usb 6-1: Using ep0 maxpacket: 16 [ 621.123108][ T5870] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 621.134045][ T5870] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 621.145848][ T5870] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 621.156565][ T5870] usb 6-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 621.166532][ T5870] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.225598][ T5870] usb 6-1: config 0 descriptor?? [ 621.249209][ T5816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 621.393917][ T5818] Bluetooth: hci4: unexpected event for opcode 0x1408 [ 621.665386][ T5870] hid-picolcd 0003:04D8:F002.0014: unknown main item tag 0x0 [ 621.674288][ T5870] hid-picolcd 0003:04D8:F002.0014: unknown main item tag 0x0 [ 621.684087][ T5870] hid-picolcd 0003:04D8:F002.0014: unknown main item tag 0x0 [ 621.692378][ T5870] hid-picolcd 0003:04D8:F002.0014: unknown main item tag 0x0 [ 621.700082][ T5870] hid-picolcd 0003:04D8:F002.0014: unknown main item tag 0x0 [ 621.770767][ T5870] hid-picolcd 0003:04D8:F002.0014: No report with id 0xf3 found [ 621.779062][ T5870] hid-picolcd 0003:04D8:F002.0014: No report with id 0xf4 found [ 621.956105][T10387] usb 6-1: USB disconnect, device number 6 [ 622.180493][ T5870] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 622.279040][T12255] loop0: detected capacity change from 0 to 512 [ 622.289700][T12255] EXT4-fs: Ignoring removed nobh option [ 622.313904][T12255] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.2753: iget: bad i_size value: 38620345925642 [ 622.350729][ T5870] usb 3-1: Using ep0 maxpacket: 8 [ 622.351448][T12255] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.2753: couldn't read orphan inode 15 (err -117) [ 622.374427][ T5870] usb 3-1: unable to get BOS descriptor or descriptor too short [ 622.397471][ T5870] usb 3-1: config 4 has an invalid interface number: 30 but max is 0 [ 622.400681][T12255] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 622.406370][ T5870] usb 3-1: config 4 has no interface number 0 [ 622.425090][ T5870] usb 3-1: config 4 interface 30 has no altsetting 0 [ 622.450554][ T5870] usb 3-1: string descriptor 0 read error: -22 [ 622.457450][ T5870] usb 3-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 622.467382][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.563860][ T5870] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 622.571253][ T5870] dw2102: su3000_power_ctrl: 1, initialized 0 [ 622.577499][ T5870] dvb-usb: bulk message failed: -22 (2/0) [ 622.628798][ T5870] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 622.663744][ T5870] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 622.672919][ T5870] usb 3-1: media controller created [ 622.678307][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 622.684507][ T5870] dw2102: i2c transfer failed. [ 622.689432][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 622.695636][ T5870] dw2102: i2c transfer failed. [ 622.701087][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 622.706991][ T5870] dw2102: i2c transfer failed. [ 622.712508][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 622.718397][ T5870] dw2102: i2c transfer failed. [ 622.723513][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 622.729397][ T5870] dw2102: i2c transfer failed. [ 622.734485][ T5870] dvb-usb: bulk message failed: -22 (6/0) [ 622.740715][ T5870] dw2102: i2c transfer failed. [ 622.745715][ T5870] dvb-usb: MAC address: 02:02:02:02:02:02 [ 622.897499][ T5870] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 622.899434][ T5821] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 623.013485][ T5870] dvb-usb: bulk message failed: -22 (3/0) [ 623.019667][ T5870] dw2102: command 0x0e transfer failed. [ 623.025842][ T5870] dvb-usb: bulk message failed: -22 (3/0) [ 623.032884][ T5870] dw2102: command 0x0e transfer failed. [ 623.225001][T12264] loop4: detected capacity change from 0 to 2048 [ 623.295207][T12267] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 623.340773][ T5870] dvb-usb: bulk message failed: -22 (3/0) [ 623.346716][ T5870] dw2102: command 0x0e transfer failed. [ 623.352730][ T5870] dvb-usb: bulk message failed: -22 (3/0) [ 623.358608][ T5870] dw2102: command 0x0e transfer failed. [ 623.371544][ T5870] dvb-usb: bulk message failed: -22 (1/0) [ 623.377623][ T5870] dw2102: command 0x51 transfer failed. [ 623.385527][ T5870] dvb-usb: bulk message failed: -22 (5/0) [ 623.392587][ T5870] dw2102: i2c probe for address 0x68 failed. [ 623.398725][ T5870] dvb-usb: bulk message failed: -22 (5/0) [ 623.404812][ T5870] dw2102: i2c probe for address 0x69 failed. [ 623.411203][ T5870] dvb-usb: bulk message failed: -22 (5/0) [ 623.417097][ T5870] dw2102: i2c probe for address 0x6a failed. [ 623.428532][ T5870] dw2102: probing for demodulator failed. Is the external power switched on? [ 623.437834][ T5870] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)' [ 623.614299][T12273] loop0: detected capacity change from 0 to 256 [ 623.742446][T12273] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x09066d1f, utbl_chksum : 0xe619d30d) [ 623.879291][T12273] exFAT-fs (loop0): error, data size is invalid(150994954) [ 623.888188][T12273] exFAT-fs (loop0): Filesystem has been set read-only [ 623.937478][T12273] exFAT-fs (loop0): error, data size is invalid(150994954) [ 623.981021][ T5870] rc_core: IR keymap rc-tt-1500 not found [ 623.987014][ T5870] Registered IR keymap rc-empty [ 623.993986][ T5870] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0 [ 624.005708][ T5870] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input15 [ 624.046472][ T5870] dvb-usb: schedule remote query interval to 250 msecs. [ 624.054308][ T5870] dw2102: su3000_power_ctrl: 0, initialized 1 [ 624.060839][ T5870] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected. [ 624.091277][ T5870] usb 3-1: USB disconnect, device number 13 [ 624.168787][T12280] loop4: detected capacity change from 0 to 512 [ 624.339724][T12280] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 624.353790][T12280] ext4 filesystem being mounted at /536/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 624.399031][ T5870] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected. [ 624.481678][T12280] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #2: comm syz.4.2762: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 624.561461][T12280] EXT4-fs (loop4): Remounting filesystem read-only [ 624.872204][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 625.285802][T12303] hugetlbfs: Bad value for 'nr_inodes' [ 625.337897][T12298] loop5: detected capacity change from 0 to 2048 [ 625.341329][T12304] loop2: detected capacity change from 0 to 128 [ 625.437497][T12305] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 625.470509][ T5818] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 625.487216][ T5818] Bluetooth: hci4: Injecting HCI hardware error event [ 625.501031][ T5818] Bluetooth: hci4: hardware error 0x00 [ 626.195671][T12318] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2780'. [ 626.828734][T12325] loop4: detected capacity change from 0 to 2048 [ 626.906466][T12335] loop2: detected capacity change from 0 to 256 [ 626.944104][T12325] loop4: p1 < > p3 p4 < > [ 626.987608][T12325] loop4: p3 start 4284289 is beyond EOD, truncated [ 627.550859][ T5818] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 627.606972][T12345] loop4: detected capacity change from 0 to 512 [ 627.649105][T12347] loop3: detected capacity change from 0 to 2048 [ 627.650785][T12345] EXT4-fs: Ignoring removed oldalloc option [ 627.718931][T12345] EXT4-fs (loop4): 1 truncate cleaned up [ 627.727367][T12345] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 627.940689][ T5870] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 628.145258][ T5870] usb 3-1: Using ep0 maxpacket: 32 [ 628.184577][ T5870] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 628.195639][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.259051][ T5870] usb 3-1: config 0 descriptor?? [ 628.306837][ T5870] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 628.566870][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 628.932198][ T5870] usb 3-1: USB disconnect, device number 14 [ 629.115702][T12367] loop3: detected capacity change from 0 to 2048 [ 629.156299][T12371] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 629.292275][ T5877] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 629.440410][ T11] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 629.504019][ T5877] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 629.517568][ T5877] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 629.557318][ T5877] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 629.566886][ T5877] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 629.575421][ T5877] usb 5-1: Product: syz [ 629.579851][ T5877] usb 5-1: Manufacturer: syz [ 629.589705][ T5877] usb 5-1: SerialNumber: syz [ 629.640357][ T11] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 629.653836][ T11] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 629.664224][ T11] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 629.678223][ T11] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 629.688123][ T11] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.784516][ T11] usb 6-1: config 0 descriptor?? [ 629.873888][T12378] loop3: detected capacity change from 0 to 512 [ 629.925847][T12378] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 629.964072][T12378] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e11c, mo2=0002] [ 630.005095][T12378] System zones: 1-12 [ 630.009941][T12378] EXT4-fs (loop3): orphan cleanup on readonly fs [ 630.040355][T12378] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2808: bg 0: block 361: padding at end of block bitmap is not set [ 630.067971][ T5877] usb 5-1: cannot find UAC_HEADER [ 630.088517][T12378] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 630.128087][T12383] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2810'. [ 630.181064][T12378] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2808: invalid indirect mapped block 12 (level 1) [ 630.212893][T12385] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 630.221318][T12385] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 630.229571][T12385] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 630.231824][ T5877] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 630.238055][T12385] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 630.255188][T12385] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 630.263480][T12385] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 630.271807][T12385] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 630.271863][ T11] plantronics 0003:047F:FFFF.0015: ignoring exceeding usage max [ 630.280329][T12385] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 630.295818][T12385] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 630.304314][T12385] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 630.351623][T12378] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2808: invalid indirect mapped block 2 (level 2) [ 630.367036][ T5877] usb 5-1: USB disconnect, device number 20 [ 630.423619][T12378] EXT4-fs (loop3): 1 truncate cleaned up [ 630.437329][T12378] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 630.507743][ T11] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 630.545682][ T11] usb 6-1: USB disconnect, device number 7 [ 630.729445][ T5816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 632.850612][ T11] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 633.133394][ T11] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 633.143088][ T11] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 633.228341][T12422] loop3: detected capacity change from 0 to 256 [ 633.277280][ T11] usb 5-1: config 0 descriptor?? [ 633.360412][ T11] cp210x 5-1:0.0: cp210x converter detected [ 633.836874][T12422] FAT-fs (loop3): Directory bread(block 64) failed [ 633.843907][T12422] FAT-fs (loop3): Directory bread(block 65) failed [ 633.851458][T12422] FAT-fs (loop3): Directory bread(block 66) failed [ 633.858247][T12422] FAT-fs (loop3): Directory bread(block 67) failed [ 633.865705][T12422] FAT-fs (loop3): Directory bread(block 68) failed [ 633.872729][T12422] FAT-fs (loop3): Directory bread(block 69) failed [ 633.877052][ T11] usb 5-1: cp210x converter now attached to ttyUSB0 [ 633.879543][T12422] FAT-fs (loop3): Directory bread(block 70) failed [ 633.893351][T12422] FAT-fs (loop3): Directory bread(block 71) failed [ 633.900516][T12422] FAT-fs (loop3): Directory bread(block 72) failed [ 633.907239][T12422] FAT-fs (loop3): Directory bread(block 73) failed [ 633.981964][T12428] loop0: detected capacity change from 0 to 256 [ 633.985595][T12427] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2830'. [ 634.077188][ T11] usb 5-1: USB disconnect, device number 21 [ 634.158993][ T11] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 634.206937][ T11] cp210x 5-1:0.0: device disconnected [ 634.236411][T12428] FAT-fs (loop0): Directory bread(block 64) failed [ 634.244768][T12428] FAT-fs (loop0): Directory bread(block 65) failed [ 634.252248][T12428] FAT-fs (loop0): Directory bread(block 66) failed [ 634.258987][T12428] FAT-fs (loop0): Directory bread(block 67) failed [ 634.266149][T12428] FAT-fs (loop0): Directory bread(block 68) failed [ 634.273153][T12428] FAT-fs (loop0): Directory bread(block 69) failed [ 634.280583][T12428] FAT-fs (loop0): Directory bread(block 70) failed [ 634.287350][T12428] FAT-fs (loop0): Directory bread(block 71) failed [ 634.294368][T12428] FAT-fs (loop0): Directory bread(block 72) failed [ 634.301259][T12428] FAT-fs (loop0): Directory bread(block 73) failed [ 634.373157][T12433] loop2: detected capacity change from 0 to 128 [ 634.449638][ T5877] Process accounting resumed [ 634.715714][ T5821] FAT-fs (loop0): error, corrupted directory (invalid entries) [ 634.724237][ T5821] FAT-fs (loop0): Filesystem has been set read-only [ 636.351629][T12458] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2845'. [ 636.535639][T12456] loop4: detected capacity change from 0 to 512 [ 636.615706][T12456] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 636.637496][T12442] ===================================================== [ 636.644991][T12442] BUG: KMSAN: uninit-value in aes_encrypt+0x1239/0x1960 [ 636.652089][T12442] aes_encrypt+0x1239/0x1960 [ 636.656846][T12442] aesti_encrypt+0x7d/0xf0 [ 636.661420][T12442] cipher_crypt_one+0x11d/0x2e0 [ 636.666513][T12442] crypto_cipher_encrypt_one+0x33/0x40 [ 636.672214][T12442] drbg_ctr_update+0x19a9/0x3700 [ 636.677340][T12442] drbg_seed+0xb1e/0xe20 [ 636.681878][T12442] drbg_kcapi_seed+0x19b2/0x1e40 [ 636.686989][T12442] crypto_rng_reset+0x190/0x250 [ 636.692082][T12442] rng_setkey+0x52/0x70 [ 636.696384][T12442] alg_setkey+0x262/0x3b0 [ 636.701054][T12442] alg_setsockopt+0x503/0x760 [ 636.705890][T12442] __sys_setsockopt+0x43e/0x580 [ 636.710897][T12442] __ia32_sys_setsockopt+0xf3/0x1a0 [ 636.716258][T12442] ia32_sys_call+0x24c2/0x4310 [ 636.721155][T12442] __do_fast_syscall_32+0xb0/0x150 [ 636.726533][T12442] do_fast_syscall_32+0x38/0x80 [ 636.731579][T12442] do_SYSENTER_32+0x1f/0x30 [ 636.736300][T12442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 636.742796][T12442] [ 636.745191][T12442] [ 636.745191][T12442] [ 636.754024][T12442] Uninit was stored to memory at: [ 636.759274][T12442] crypto_sha3_finup+0x136/0xe00 [ 636.764397][T12442] crypto_shash_finup+0x324/0xe80 [ 636.769795][T12442] jent_hash_time+0x247/0x590 [ 636.775259][T12442] jent_condition_data+0x4f0/0x510 [ 636.780643][T12442] jent_measure_jitter+0x547/0x770 [ 636.785926][T12442] jent_gen_entropy+0x209/0x450 [ 636.790946][T12442] jent_read_entropy+0x353/0xeb0 [ 636.796055][T12442] jent_kcapi_random+0x6c/0x250 [ 636.801079][T12442] drbg_seed+0x3f2/0xe20 [ 636.805469][T12442] drbg_kcapi_seed+0x19b2/0x1e40 [ 636.810597][T12442] crypto_rng_reset+0x190/0x250 [ 636.815851][T12442] rng_setkey+0x52/0x70 [ 636.820235][T12442] alg_setkey+0x262/0x3b0 [ 636.824737][T12442] alg_setsockopt+0x503/0x760 [ 636.829539][T12442] __sys_setsockopt+0x43e/0x580 [ 636.834547][T12442] __ia32_sys_setsockopt+0xf3/0x1a0 [ 636.839933][T12442] ia32_sys_call+0x24c2/0x4310 [ 636.844945][T12442] __do_fast_syscall_32+0xb0/0x150 [ 636.850258][T12442] do_fast_syscall_32+0x38/0x80 [ 636.855296][T12442] do_SYSENTER_32+0x1f/0x30 [ 636.859983][T12442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 636.866490][T12442] [ 636.868983][T12442] Uninit was stored to memory at: [ 636.874252][T12442] crypto_shash_finup+0xc5a/0xe80 [ 636.879464][T12442] jent_hash_time+0x1de/0x590 [ 636.884334][T12442] jent_condition_data+0x4f0/0x510 [ 636.889725][T12442] jent_measure_jitter+0x547/0x770 [ 636.895024][T12442] jent_gen_entropy+0x209/0x450 [ 636.900143][T12442] jent_read_entropy+0x353/0xeb0 [ 636.905252][T12442] jent_kcapi_random+0x6c/0x250 [ 636.910297][T12442] drbg_seed+0x3f2/0xe20 [ 636.914790][T12442] drbg_kcapi_seed+0x19b2/0x1e40 [ 636.919903][T12442] crypto_rng_reset+0x190/0x250 [ 636.924934][T12442] rng_setkey+0x52/0x70 [ 636.929262][T12442] alg_setkey+0x262/0x3b0 [ 636.933731][T12442] alg_setsockopt+0x503/0x760 [ 636.936564][T12456] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 11: [ 636.938543][T12442] __sys_setsockopt+0x43e/0x580 [ 636.938671][T12442] __ia32_sys_setsockopt+0xf3/0x1a0 [ 636.938791][T12442] ia32_sys_call+0x24c2/0x4310 [ 636.948080][T12456] block 64: [ 636.952331][T12442] __do_fast_syscall_32+0xb0/0x150 [ 636.952480][T12442] do_fast_syscall_32+0x38/0x80 [ 636.952610][T12442] do_SYSENTER_32+0x1f/0x30 [ 636.958060][T12456] freeing already freed block (bit 63); block bitmap corrupt. [ 636.962834][T12442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 636.962968][T12442] [ 636.962993][T12442] Uninit was stored to memory at: [ 636.963127][T12442] crypto_sha3_finup+0xc98/0xe00 [ 636.963246][T12442] crypto_shash_finup+0x324/0xe80 [ 636.963397][T12442] jent_hash_time+0x247/0x590 [ 636.963532][T12442] jent_condition_data+0x4f0/0x510 [ 636.963659][T12442] jent_measure_jitter+0x547/0x770 [ 636.963784][T12442] jent_gen_entropy+0x209/0x450 [ 636.963917][T12442] jent_read_entropy+0x353/0xeb0 [ 636.964043][T12442] jent_kcapi_random+0x6c/0x250 [ 636.964179][T12442] drbg_seed+0x3f2/0xe20 [ 636.964292][T12442] drbg_kcapi_seed+0x19b2/0x1e40 [ 636.964412][T12442] crypto_rng_reset+0x190/0x250 [ 636.964515][T12442] rng_setkey+0x52/0x70 [ 636.964615][T12442] alg_setkey+0x262/0x3b0 [ 636.964697][T12442] alg_setsockopt+0x503/0x760 [ 636.964781][T12442] __sys_setsockopt+0x43e/0x580 [ 636.968112][T12456] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #11: comm syz.4.2844: corrupted inode contents [ 636.973217][T12442] __ia32_sys_setsockopt+0xf3/0x1a0 [ 636.973332][T12442] ia32_sys_call+0x24c2/0x4310 [ 636.973426][T12442] __do_fast_syscall_32+0xb0/0x150 [ 636.973566][T12442] do_fast_syscall_32+0x38/0x80 [ 637.053935][T12456] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #11: comm syz.4.2844: mark_inode_dirty error [ 637.058693][T12442] do_SYSENTER_32+0x1f/0x30 [ 637.058844][T12442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 637.069694][T12456] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2844: invalid indirect mapped block 1 (level 1) [ 637.072229][T12442] [ 637.072256][T12442] Uninit was stored to memory at: [ 637.072386][T12442] keccakf+0x1efb/0x2110 [ 637.072497][T12442] crypto_sha3_finup+0x772/0xe00 [ 637.072609][T12442] crypto_shash_finup+0x324/0xe80 [ 637.072755][T12442] jent_hash_time+0x247/0x590 [ 637.109846][T12456] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #11: comm syz.4.2844: corrupted inode contents [ 637.121130][T12442] jent_condition_data+0x4f0/0x510 [ 637.121275][T12442] jent_measure_jitter+0x547/0x770 [ 637.121400][T12442] jent_gen_entropy+0x209/0x450 [ 637.121524][T12442] jent_read_entropy+0x353/0xeb0 [ 637.121643][T12442] jent_kcapi_random+0x6c/0x250 [ 637.121775][T12442] drbg_seed+0x3f2/0xe20 [ 637.121887][T12442] drbg_kcapi_seed+0x19b2/0x1e40 [ 637.122002][T12442] crypto_rng_reset+0x190/0x250 [ 637.170055][T12456] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 637.173030][T12442] rng_setkey+0x52/0x70 [ 637.173143][T12442] alg_setkey+0x262/0x3b0 [ 637.209310][T12456] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #11: comm syz.4.2844: corrupted inode contents [ 637.210128][T12442] alg_setsockopt+0x503/0x760 [ 637.210231][T12442] __sys_setsockopt+0x43e/0x580 [ 637.210346][T12442] __ia32_sys_setsockopt+0xf3/0x1a0 [ 637.210461][T12442] ia32_sys_call+0x24c2/0x4310 [ 637.232042][T12456] EXT4-fs error (device loop4): ext4_truncate:4666: inode #11: comm syz.4.2844: mark_inode_dirty error [ 637.233229][T12442] __do_fast_syscall_32+0xb0/0x150 [ 637.239123][T12456] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 637.242025][T12442] do_fast_syscall_32+0x38/0x80 [ 637.242168][T12442] do_SYSENTER_32+0x1f/0x30 [ 637.242297][T12442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 637.242429][T12442] [ 637.242453][T12442] Uninit was stored to memory at: [ 637.242598][T12442] crypto_sha3_finup+0x5be/0xe00 [ 637.307746][T12456] EXT4-fs (loop4): 1 truncate cleaned up [ 637.309390][T12442] crypto_shash_finup+0x324/0xe80 [ 637.309551][T12442] jent_hash_time+0x247/0x590 [ 637.318492][T12456] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 637.323357][T12442] jent_condition_data+0x4f0/0x510 [ 637.323497][T12442] jent_measure_jitter+0x547/0x770 [ 637.323622][T12442] jent_gen_entropy+0x209/0x450 [ 637.371529][T12442] jent_read_entropy+0x353/0xeb0 [ 637.376721][T12442] jent_kcapi_random+0x6c/0x250 [ 637.381777][T12442] drbg_seed+0x3f2/0xe20 [ 637.386268][T12442] drbg_kcapi_seed+0x19b2/0x1e40 [ 637.391364][T12442] crypto_rng_reset+0x190/0x250 [ 637.396368][T12442] rng_setkey+0x52/0x70 [ 637.400745][T12442] alg_setkey+0x262/0x3b0 [ 637.405257][T12442] alg_setsockopt+0x503/0x760 [ 637.410071][T12442] __sys_setsockopt+0x43e/0x580 [ 637.415076][T12442] __ia32_sys_setsockopt+0xf3/0x1a0 [ 637.420447][T12442] ia32_sys_call+0x24c2/0x4310 [ 637.425380][T12442] __do_fast_syscall_32+0xb0/0x150 [ 637.430796][T12442] do_fast_syscall_32+0x38/0x80 [ 637.435835][T12442] do_SYSENTER_32+0x1f/0x30 [ 637.440531][T12442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 637.447042][T12442] [ 637.449438][T12442] Uninit was stored to memory at: [ 637.454676][T12442] crypto_sha3_finup+0x136/0xe00 [ 637.459788][T12442] crypto_shash_finup+0x324/0xe80 [ 637.465019][T12442] jent_hash_time+0x247/0x590 [ 637.469875][T12442] jent_condition_data+0x4f0/0x510 [ 637.475159][T12442] jent_measure_jitter+0x547/0x770 [ 637.480452][T12442] jent_gen_entropy+0x209/0x450 [ 637.485477][T12442] jent_read_entropy+0x353/0xeb0 [ 637.490600][T12442] jent_kcapi_random+0x6c/0x250 [ 637.495701][T12442] drbg_seed+0x3f2/0xe20 [ 637.500111][T12442] drbg_kcapi_seed+0x19b2/0x1e40 [ 637.505308][T12442] crypto_rng_reset+0x190/0x250 [ 637.510330][T12442] rng_setkey+0x52/0x70 [ 637.514627][T12442] alg_setkey+0x262/0x3b0 [ 637.519264][T12442] alg_setsockopt+0x503/0x760 [ 637.524081][T12442] __sys_setsockopt+0x43e/0x580 [ 637.529091][T12442] __ia32_sys_setsockopt+0xf3/0x1a0 [ 637.534466][T12442] ia32_sys_call+0x24c2/0x4310 [ 637.539371][T12442] __do_fast_syscall_32+0xb0/0x150 [ 637.544703][T12442] do_fast_syscall_32+0x38/0x80 [ 637.549748][T12442] do_SYSENTER_32+0x1f/0x30 [ 637.554514][T12442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 637.561048][T12442] [ 637.563441][T12442] Uninit was stored to memory at: [ 637.568698][T12442] crypto_shash_finup+0xc5a/0xe80 [ 637.573916][T12442] jent_hash_time+0x1de/0x590 [ 637.578771][T12442] jent_condition_data+0x4f0/0x510 [ 637.584050][T12442] jent_measure_jitter+0x547/0x770 [ 637.589344][T12442] jent_gen_entropy+0x209/0x450 [ 637.594352][T12442] jent_read_entropy+0x353/0xeb0 [ 637.599447][T12442] jent_kcapi_random+0x6c/0x250 [ 637.604567][T12442] drbg_seed+0x3f2/0xe20 [ 637.608972][T12442] drbg_kcapi_seed+0x19b2/0x1e40 [ 637.614079][T12442] crypto_rng_reset+0x190/0x250 [ 637.619204][T12442] rng_setkey+0x52/0x70 [ 637.623615][T12442] alg_setkey+0x262/0x3b0 [ 637.628069][T12442] alg_setsockopt+0x503/0x760 [ 637.632877][T12442] __sys_setsockopt+0x43e/0x580 [ 637.637884][T12442] __ia32_sys_setsockopt+0xf3/0x1a0 [ 637.643257][T12442] ia32_sys_call+0x24c2/0x4310 [ 637.648159][T12442] __do_fast_syscall_32+0xb0/0x150 [ 637.653454][T12442] do_fast_syscall_32+0x38/0x80 [ 637.658606][T12442] do_SYSENTER_32+0x1f/0x30 [ 637.663285][T12442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 637.670107][T12442] [ 637.672491][T12442] Local variable intermediary created at: [ 637.678286][T12442] jent_hash_time+0x9b/0x590 [ 637.683078][T12442] jent_condition_data+0x4f0/0x510 [ 637.688624][T12442] [ 637.691060][T12442] CPU: 0 UID: 0 PID: 12442 Comm: syz.2.2835 Not tainted syzkaller #0 PREEMPT(none) [ 637.700578][T12442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 637.710760][T12442] ===================================================== [ 637.717788][T12442] Disabling lock debugging due to kernel taint [ 637.724048][T12442] Kernel panic - not syncing: kmsan.panic set ... [ 637.730604][T12442] CPU: 0 UID: 0 PID: 12442 Comm: syz.2.2835 Tainted: G B syzkaller #0 PREEMPT(none) [ 637.741900][T12442] Tainted: [B]=BAD_PAGE [ 637.746145][T12442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 637.756846][T12442] Call Trace: [ 637.760255][T12442] [ 637.763271][T12442] __dump_stack+0x26/0x30 [ 637.767862][T12442] dump_stack_lvl+0x53/0x270 [ 637.772628][T12442] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 637.778623][T12442] dump_stack+0x1e/0x25 [ 637.782944][T12442] vpanic+0x361/0xc50 [ 637.787112][T12442] panic+0x15d/0x160 [ 637.791232][T12442] kmsan_report+0x31c/0x320 [ 637.795985][T12442] ? __msan_warning+0x1b/0x30 [ 637.800901][T12442] ? aes_encrypt+0x1239/0x1960 [ 637.805957][T12442] ? aesti_encrypt+0x7d/0xf0 [ 637.810711][T12442] ? cipher_crypt_one+0x11d/0x2e0 [ 637.816085][T12442] ? crypto_cipher_encrypt_one+0x33/0x40 [ 637.822315][T12442] ? drbg_ctr_update+0x19a9/0x3700 [ 637.827614][T12442] ? drbg_seed+0xb1e/0xe20 [ 637.832198][T12442] ? drbg_kcapi_seed+0x19b2/0x1e40 [ 637.837490][T12442] ? crypto_rng_reset+0x190/0x250 [ 637.842778][T12442] ? rng_setkey+0x52/0x70 [ 637.847257][T12442] ? alg_setkey+0x262/0x3b0 [ 637.851903][T12442] ? alg_setsockopt+0x503/0x760 [ 637.856896][T12442] ? __sys_setsockopt+0x43e/0x580 [ 637.862100][T12442] ? __ia32_sys_setsockopt+0xf3/0x1a0 [ 637.867740][T12442] ? ia32_sys_call+0x24c2/0x4310 [ 637.872829][T12442] ? __do_fast_syscall_32+0xb0/0x150 [ 637.878312][T12442] ? do_fast_syscall_32+0x38/0x80 [ 637.883563][T12442] ? do_SYSENTER_32+0x1f/0x30 [ 637.888427][T12442] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 637.895133][T12442] ? crypto_sha3_finup+0xd11/0xe00 [ 637.900452][T12442] ? kmsan_get_metadata+0xfb/0x160 [ 637.905831][T12442] ? kmsan_internal_memmove_metadata+0x181/0x230 [ 637.912324][T12442] ? kmsan_get_metadata+0xfb/0x160 [ 637.917620][T12442] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 637.923604][T12442] ? kmsan_get_metadata+0xfb/0x160 [ 637.928902][T12442] __msan_warning+0x1b/0x30 [ 637.933563][T12442] aes_encrypt+0x1239/0x1960 [ 637.938311][T12442] ? kmsan_get_metadata+0xfb/0x160 [ 637.943707][T12442] aesti_encrypt+0x7d/0xf0 [ 637.948341][T12442] cipher_crypt_one+0x11d/0x2e0 [ 637.953403][T12442] ? __pfx_aesti_encrypt+0x10/0x10 [ 637.958704][T12442] ? crypto_cipher_setkey+0x37d/0x430 [ 637.964241][T12442] ? kmsan_get_metadata+0xfb/0x160 [ 637.969979][T12442] crypto_cipher_encrypt_one+0x33/0x40 [ 637.975775][T12442] drbg_ctr_update+0x19a9/0x3700 [ 637.980981][T12442] ? __pfx_drbg_ctr_update+0x10/0x10 [ 637.986451][T12442] drbg_seed+0xb1e/0xe20 [ 637.990892][T12442] ? __pfx_jent_kcapi_random+0x10/0x10 [ 637.996547][T12442] ? kmsan_get_metadata+0xfb/0x160 [ 638.001974][T12442] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 638.008140][T12442] drbg_kcapi_seed+0x19b2/0x1e40 [ 638.013309][T12442] ? __pfx_drbg_kcapi_seed+0x10/0x10 [ 638.018781][T12442] crypto_rng_reset+0x190/0x250 [ 638.023802][T12442] rng_setkey+0x52/0x70 [ 638.028109][T12442] ? __pfx_rng_setkey+0x10/0x10 [ 638.033129][T12442] alg_setkey+0x262/0x3b0 [ 638.037748][T12442] alg_setsockopt+0x503/0x760 [ 638.042584][T12442] ? __pfx_alg_setsockopt+0x10/0x10 [ 638.047932][T12442] __sys_setsockopt+0x43e/0x580 [ 638.054193][T12442] __ia32_sys_setsockopt+0xf3/0x1a0 [ 638.059682][T12442] ia32_sys_call+0x24c2/0x4310 [ 638.064704][T12442] __do_fast_syscall_32+0xb0/0x150 [ 638.070013][T12442] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 638.075918][T12442] do_fast_syscall_32+0x38/0x80 [ 638.080959][T12442] do_SYSENTER_32+0x1f/0x30 [ 638.085644][T12442] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 638.092192][T12442] RIP: 0023:0xf7f35539 [ 638.096373][T12442] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 638.116311][T12442] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 638.124899][T12442] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000117 [ 638.132997][T12442] RDX: 0000000000000001 RSI: 0000000080000000 RDI: 0000000000000004 [ 638.141184][T12442] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 638.149278][T12442] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 638.157382][T12442] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 638.165523][T12442] [ 638.168815][T12442] Kernel Offset: disabled [ 638.173188][T12442] Rebooting in 86400 seconds..