last executing test programs: 2m47.370783287s ago: executing program 3 (id=834): openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x82002, 0x0) r0 = fsopen(&(0x7f0000000200)='cramfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 2m46.838966494s ago: executing program 3 (id=836): r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x7374, 0x0, 0xffffffff, 0xffdfffff}, &(0x7f00000000c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x18, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000000)='./file0\x00', 0xd0, 0x80c40, 0x23456}) io_uring_enter(r0, 0x47f4, 0x0, 0x0, 0x0, 0x0) 2m46.153497323s ago: executing program 3 (id=840): r0 = epoll_create1(0x0) r1 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x7c, 0x4) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)) 2m45.580151617s ago: executing program 3 (id=844): syz_mount_image$ext4(&(0x7f0000000600)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2040d0, &(0x7f0000000c40), 0xff, 0x4b7, &(0x7f0000000640)="$eJzs3E1sG8UeAPD/OknzXr+S19f3oKVAoCAqPpI2LbQHJD4kJA6AkOBQjiZJq1K3QU2QSBXRgKpyQYJKiCsCcUFw5sCJEwJOSFw4wB1VqlAuLT0Zrb02jhN/1HXiNPn9JMcz9joz/90d78yOdwPYtEbSP0nE9oj4LSKGIiJXv8BI+en64vzEX4vzE0kUi6/8maQfi2uL8xOVRZPseVs5058+5S4m8fQK5c7MnT+dLxSmzmX5sdkzb47NzJ1/7NSZ/Mmpk1Nnx48dO3L40NEnxh/vSpz/Seu6953pfXuef+3yixPHL7/+49dJTaVr46hbAx0aiIWadVLvwS6UsJ7sqEkn/U0X7cbKpUsGI0oNdaDU/oei7+LO6ntD8dx7Pa0csKqKxWJxvPHbC0VgA0ui1zUAeqNyoL+2+MlEOgZeOg7e+K4+Ux4ApXFfzx7lQU9/daA6UDe+7ab5iDi+cOPT9BHLzkMAAHTfd2n/59Fyv2Np/y8X/69Zbmc2NzSczaXsioj/RsTuiPhfRGnZOyLizpssf6Quv7z/k7vSUWBtSvt/T2ZzW5VHVm5lkeG+LLejFP9AcuJUYepgtk4OxMBgmj+04n9PojQJFL982Kj8kZr+X/pIy6/0BbN6XOkfXPqZyfxs/pYDz1x9N2Jv/0rxZxN42RzWnojY22EZpx7+ct/SV/qqqdbxN9F8nqktxc8iHipv/4Woi78iaT4/OfavKEwdHKvsFcv99POllxuVf0vxd0G6/beuuP9X4x9OaudrZ5b9iy2tyrj0+/sNxzQjEU9FB/v/luTVJYW/nZ+dvVGM2JK8sOz1czUnuCv50vOhcvwH9q/c/nfFP2virohId+K7I+KeiLg323b3RcT9EbG/Sfw/PPvAG03i7+n2j6/K31Btbf/KdijvCNU9olWi7/T33zYqvr3vvyOl1IHslcn87ECrsNqtYIdrDQAAAG4ruYjYHklutJrO5UZHy7/h3x1bc4XpmdlHTky/dXayfI3AcAzkKme6hrJ8ZOc/h8v50uh7PMpD9AvZ+dLD2Xnjj/v+XcqPTkwXJnsdPGxy2xq0/9Qffb2uHbDq2p5H27669QDWXrP2//nRNawIsOY6/x1NF36BA/RUi1bshg2wgTmKw+a1Uvu/0IN6AGuv8fF/StcANrhqI/+ojYVrLveqv3gTuP04yMPm1br9v7Ra978Ceqf9q/jXSyJJlrwSX0Q0/1TS+zp3kPhgfVSjcSJyjd4avNkbRPQkkV8f1WiVqDTUufOn+9u+q8Vc8UK+UPj1m1spvbffSwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3ydwAAAP//zlHgaA==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x80) getdents64(r0, &(0x7f0000000000)=""/39, 0x27) 2m44.220120495s ago: executing program 3 (id=848): syz_mount_image$exfat(&(0x7f00000003c0), &(0x7f0000000240)='./file0\x00', 0x3000050, &(0x7f0000000600)=ANY=[], 0x2, 0x14fe, &(0x7f0000003680)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==") chdir(&(0x7f0000000200)='./file0\x00') r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$binfmt_aout(r0, &(0x7f0000000600)={{0x107, 0x8, 0xc, 0x3ce, 0x2e5, 0x9, 0x2a6}}, 0x20) 2m40.76540242s ago: executing program 3 (id=854): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000000)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1d, 0x0, 0x16, {0x0, 0x1ee}}, 0x18, &(0x7f00000004c0)={&(0x7f0000000140)='\x00', 0x8}}, 0x0) 2m39.23224047s ago: executing program 32 (id=854): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000000)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1d, 0x0, 0x16, {0x0, 0x1ee}}, 0x18, &(0x7f00000004c0)={&(0x7f0000000140)='\x00', 0x8}}, 0x0) 36.57048978s ago: executing program 5 (id=1579): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x401, 0xfffffffe, 0x0, 0xffffffff}, 0x10) close(r0) 35.883519151s ago: executing program 5 (id=1580): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000200)='freezer.self_freezing\x00', 0x0, 0x0) preadv2(r1, &(0x7f0000000280)=[{&(0x7f0000000340)=""/198, 0xc6}], 0x1, 0x0, 0x0, 0x0) 35.329983515s ago: executing program 5 (id=1582): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000800)=@newqdisc={0x98, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r2, {0x0, 0xe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x68, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100], [0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4, 0xc}]}}]}, 0x98}}, 0x0) 34.82868731s ago: executing program 5 (id=1584): syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000080)='./file2\x00', 0x402, &(0x7f0000001280)=ANY=[@ANYRES64=0x0, @ANYRESOCT, @ANYRESOCT, @ANYBLOB="ec1a3881369fae6987d7a6922db874bcb0563edbf212875f142a04bbe14fd11ed31543677ddfbd12a760f13dd2fd476b0d7e088b2ac5eaebe64ab225975b882e26ccc04ae1e56422927a5de974cf1bc2873d781e837bdea83a1a8ff1fc5670132de294b6b2ae840099cb4d037cc46b3980928a506f800befa5037ecc4c128dc83d62f8d7ede6c05d595ab96a009e378894d776a0e83d4c1bbd9cfe6dbf29c3c5", @ANYRESOCT, @ANYBLOB="650dff969a08ff9e724d5d7c4ef89e23d56dda29c31665f63ec8a6f772a525c5b7212d46fcdce41a1775bdc7ae8d824d46ff9c67feac09d995afa0aed98ce5381701ee97a11793808dbb0a95927953efd647f04a4d25be7c929451bd4f6a217f6976fe903f0542222969f6d90184c98b67298ed804d7b1b0e667a2c734bec13f27287182ddd1e4f5ecf7"], 0x1, 0x242, &(0x7f0000000e40)="$eJzsmL+LE0EUx7+zu5kkIqLNFTYKHhjRSy57KNeE8wTBysYTtdLgrceZvYskK5iA4mFjo52FYGPhP2BxxdV2/gOCFioIFqawEEQOVt7O7GbiJpdltfN9iuE7M2/m/ZjNKwKGYf5bPn/68fHJucWVUwD2YxZFvf7VBoRQ2jLsPzy/e/JZ4/yL1+9fvdk8cH/nz/voSBjuhuZCaQ//DoDKso0g8RTGZ3+RmNWTFRQTfRkWTmh9BQJVrW/AKsT3evgZKoDbELim19tkX63eWve96s22v0pinoY6DS4NI/lSfIMtgVU9pxuFsd/t9VtN3/c6hnD03pitXCJx1ppJ1a8AicGyhYaOluKj+K8+frRFK3Ft5mEl9avDQl0nsbCblAmLKMa1USUx8j/sDPO3i4l7etpW0x+brb4V05Is+b5nd3uN7/+kWKY4NJfveIXSOatXHgDQWweRJwwMTy3B6xQw3LLpSx0xPpr55jKADJ9OJBzjdTDeeEm/aI4EL6aymCCeZor570WuLGIxM9h5m976op9SMeZ4KKa7ECPfj9zLuJQ15jik/BUro9+yclZMTv51A++2Vf8IXwocB2TcPxyjf9WCjTu1bq8/t77RXPPWvE3XXTgjgIen3VrUiNSY6nvD/lyO+tM+oz8XJthKS+JeMwg6dTVKIVFGEHTcaO4aP5tL2+1v1/WxABcAHFMTapsyudFO+RBS2ViRLalK2ohhGIZhGIZhGIZhGIZhGCYrI394HoFAOB1XWf8OAAD//5X0aKk=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000380)='./file0\x00') chdir(&(0x7f0000000080)='./file0\x00') 34.338523142s ago: executing program 5 (id=1588): r0 = msgget$private(0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0xeba45e42f78e2070, 0x1000) msgrcv(r0, 0x0, 0x0, 0x2, 0x1000) msgctl$IPC_RMID(r0, 0x0) 33.671663519s ago: executing program 5 (id=1595): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000000)={0x0, 0x2710}, 0x10) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x20086}], 0x1}}], 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f00000071c0)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000080)='H', 0x1}], 0x1}}], 0x1, 0x0) 32.210932031s ago: executing program 33 (id=1595): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000000)={0x0, 0x2710}, 0x10) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x20086}], 0x1}}], 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f00000071c0)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000080)='H', 0x1}], 0x1}}], 0x1, 0x0) 4.868246896s ago: executing program 4 (id=1769): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x3c, r1, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) 4.300146113s ago: executing program 4 (id=1773): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'bond0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'hsr0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="480000001000010400000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="400d0000000000002800128008000100687372001c00028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r1], 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) 3.768075012s ago: executing program 4 (id=1779): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x4) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)) 3.068392511s ago: executing program 0 (id=1784): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x38}, 0x9}]}, &(0x7f0000000040)=0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) shutdown(r0, 0x2) 2.723304096s ago: executing program 6 (id=1787): openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x40100, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="200000001a140100000000000000000008000300000000000800", @ANYRES64=r0], 0x20}, 0x1, 0x0, 0x0, 0x4000015}, 0x0) 2.658186642s ago: executing program 2 (id=1788): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x104, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0xe}, {0x0, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0xd4, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x8065738cbab9bcb1}, @TCA_FLOW_EMATCHES={0xa8, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x3, 0x0, 0x0, {{0x7, 0x2, 0x3}, {0x4, 0x0, 0x6}}}, @TCF_EM_CONTAINER={0x14, 0x3, 0x0, 0x0, {{0x4, 0x0, 0xb}, "d0fa3d16cd"}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x1, 0x3, 0x81}, {0x10, 0xe, 0x6, 0xd4c}}}]}, @TCA_EMATCH_TREE_LIST={0x58, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x3, 0x0, 0x0, {{0x0, 0x2, 0x5}, {0x7, 0x0, 0x2}}}, @TCF_EM_CONTAINER={0x44, 0x3, 0x0, 0x0, {{0x3, 0x0, 0x7}, "3b5fc2fa80e3cc043cc726edaa2d447569d28224edb20ee7619c9f85a7c63ad5d733714ddc40dacc05a8593dd6790998fa145ce906"}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x40}}]}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffff7b}, @TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x104}, 0x1, 0x0, 0x0, 0x80}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 2.647997539s ago: executing program 1 (id=1789): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0xf) syz_clone3(&(0x7f00000006c0)={0x102102180, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, &(0x7f0000000300)=[0x0], 0x1}, 0x58) 2.493770108s ago: executing program 0 (id=1790): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="12000000070000000400000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r1, &(0x7f0000000080)="9372"}, 0x20) 2.397665735s ago: executing program 6 (id=1791): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000007d00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x10) r1 = io_uring_setup(0x1694, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, 0x0, 0x0) 2.133612996s ago: executing program 0 (id=1792): r0 = socket(0x2b, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x8000000, 0x0, 0xff, 0x1, 0x0, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x2, 0x0, 0x1, 0x600}, 0x20) 2.055009356s ago: executing program 2 (id=1793): r0 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400), r0) getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4800000010000305ff810000fddbdf2500000000", @ANYRES32=r1, @ANYBLOB="1748000040000200280012800a000100767863616e000000180002801400010000000000", @ANYRES32=r1], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0) 2.035015494s ago: executing program 1 (id=1794): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x40, r0, 0x801, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "7ee5d52ffd"}, @NL80211_KEY_TYPE={0x8, 0x7, 0x1}]}]}, 0x40}}, 0x0) 1.976126342s ago: executing program 6 (id=1795): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560aff820fffff5bab003a0000002058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000003000100030c100000000000224e0000", 0x58}], 0x1) syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r0) 1.7795129s ago: executing program 0 (id=1796): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000cc0)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e3845", 0x118) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000000)={0x4}, 0x8) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c) 1.75056414s ago: executing program 1 (id=1797): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002000)=ANY=[@ANYBLOB="757466383d312c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c756e695f786c6174653d302c73686f72746e616d653d77696e39352c000f3556feecb6412e00c80bdee16891f8bf67c9f201996782a86d4bab33b4f23383380e4ccafc9da9def41b05c1dfb2cfa24e43aedf5536d3bce06ddda97c586bc37fab5366b1ab6fee95cc224e56e681e82dd4dbbde3785fdd0fc4e7df753a0e2658aa5e88e1d38366c7908a7b2b678ee4b4bfc7aafa2101c157745926241af5ac30189eced78c1611b972d03bfef046f4adcada230ef0ac02ede79fb7d92a8354670c01cb80361c1fde2cef3204a182323c318e10ef11cb24c435d589b17a396377800f"], 0x1, 0x21b, &(0x7f0000000300)="$eJzs2j+LHGUcB/DfnJHEC5dd8R8JiA9aqM2Q3doihyQgLiiaFaIgmXizuuy4e+wsBytirtLWl2AtlnaCpLS5xldgYXfNlSnEkWRjcnesxSHein4+zXzhmS88D8/w8BSz/9rXn44GdT4oZrGWZbF2JXbjbhbtWIs/7carL9/46fl3b7z/5mavd/WdlK5tXu90U0oXXvjxg8+/e/HO7Px731/44WzstT/cP+j+uvfs3sX9369/MqzTsE7jySwV6dZkMituVWXaGtajPKW3q7KoyzQc1+X0yPigmmxvz1Mx3tpY356WdZ2K8TyNynmaTdJsOk/Fx8VwnPI8Txvrwd/R//Zu08RB8/jNaJrmiW/i/J3Y+CVakT2ZsqeuZM/czJ7bzS4eNE1r1VPlH2H//98OHernIqqvdvo7/cVzMb45iGFUUcblaMVvce8zeWCRr73Ru3o53deOL6vbD/q3d/qPHe13ohXt5f3Oop+O9s/G+uF+N1rx9PJ+d2n/XLzy0qF+Hq34+aOYRBVbca/7qP9FJ6XX3+od61+6/x4AwH9Nnh5aen/L878aX/RPcD88dr86E5fOrHbtRNTzz0ZFVZVTQRCEh2HVJxOn4dGmr3omAAAAAAAAAAAAnMRp/E646jUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/bn8EAAD//xrx1cI=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x42, 0x4) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) fallocate(r0, 0x1, 0x13, 0xfffe) 1.583808626s ago: executing program 6 (id=1798): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_open_dev$evdev(&(0x7f0000000140), 0x0, 0x103401) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) close(0x4) 1.536283462s ago: executing program 2 (id=1799): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) removexattr(0x0, 0x0) 1.357839886s ago: executing program 1 (id=1800): syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000040)='./file3\x00', 0x40, &(0x7f00000003c0)=ANY=[], 0xfd, 0x1d8, &(0x7f0000000640)="$eJzslj2PEkEYx/8zSxYwGhNLGwtJ1MJld1FjQyKNlYWJL8TCRCIrQVZJgEJIDPoJ7O0s7P0CJtr6IQza3DVcdVfvZV6WnSMscLwcxT2/5Gb/uzfz7DPPs/kPIAji3PL/39EoOizv5QBcRAFZ/XzfSuZwY/7f3MHH348eVr+8/P4nO3Lys2JG0fLvzwD4VbHQm6w9ubqgr0/BJ/oZOG5pXQWDo/UrcDzXOgDDC63fGrot5jvOm2YYOK/bYV0IVwyeGHwxlKbzG39mqBv5MeP/3f6gVQvDoLNFsah+4wpH2cjP7JcDla1r1M8Dh6d1CQxPtL6PbFwbVRJj/1czSXxr7v5tbLsiIpVTrLpyKbVVNoDV0gDYpnqPT/qT3eY3lCIsSBF3dEORrTPahfjQF8xBZgdVXUus0oufD9Sa+Ek0VPdyzuWUgNFwyVfYWGU7iT9F3xhuGP6krOSrPGpEC4vd/uB2812tETSC975fuufecd27flEakRrn+F9e+tOFJP7MM0lgMxsfar1ex1Pj5N5X4yzH5dL/OG5eV/fCTe2puDlDM/3H5VV6b+tHavYEQRC74xqY9GTpy7HQpwmM37qPd5gjQRAEQRAEQRAEQRDrcRwAAP//UwVIJw==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x1a5840, 0x126) io_setup(0x2e, &(0x7f0000000200)=0x0) io_submit(r1, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r0}]) 1.259989251s ago: executing program 6 (id=1801): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xd, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0}, 0x94) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') preadv(r1, &(0x7f00000005c0)=[{&(0x7f0000000040)=""/196, 0xc4}], 0x1, 0x8, 0xffffffff) 1.154376486s ago: executing program 4 (id=1802): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x11, 0x4, 0x4, 0x9}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x2, 0x4, 0x1, 0x0, r0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r1}, &(0x7f0000000840), &(0x7f0000000880)=r0, 0x1000000}, 0x20) 1.144076391s ago: executing program 2 (id=1803): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x1210080, &(0x7f0000000140)={[{@codepage={'codepage', 0x3d, 'euc-jp'}}, {@creator={'creator', 0x3d, "a5ba0ae3"}}, {@part={'part', 0x3d, 0x40007}}, {@creator={'creator', 0x3d, "e5cb853d"}}, {}, {}, {@gid}, {@iocharset={'iocharset', 0x3d, 'koi8-r'}}]}, 0x7, 0x318, &(0x7f00000004c0)="$eJzs3U1rE08cB/Dv7CZp8m/pf20rBY/VgqfS1oPixSLFi2/AgxRrm0LpWkEraEGMnkW8CYJHb55F34JexDegpx7Ek16CB1dmZmcf0tnNQ9tsQr4faJrszsNvdnayMynpgohG1tXVb28vHMgfUQbgArgMOACqQAnAacxWH+zube/59c28glyVQ/4I6JziUJqN3botq8yncoQ8+aqEieQ2OhlBEATf26b61ZdYqDhCj/1DHGAsHJ1qf7XvkZ2Mhm7XaEn0sGiiiYeYLDIcIiIqXnj9d8KrxEQ4f3ccYD6chw/79T81v2kWF8dAiK7/jn4dCHl8/le74vWeWsLJ3nfMKtFWlvWcCOLDXYE+s1IdINqtKlUsTm1r268vNFQBz3AllEg2ox43YRqiZEVb0b/mLGvTHHltzzeu2lCWbVjOiH+66xo//sAre3VrnzuISXwSX8Sa8PAam9H8rxQIeXDU8fFaekrHv5hdomqlp1OlWhmv30+pSs6YHvjwLm5lLeu4VuHKWGxkKaJ1/u6ZOF9WsnNhCumPFXTrlrJbp3JNW3MtR6//WHPNtOaqbZX9+sLGXT/3o5RjY13RiRfihpjDT7zHamL+78jU88gemalRLlTK8MzIbU9JpczoxxQ1gO90NTJJuWbt6HzPcRuXMHn/0f7Ouu/X7xX/xAyVAYlHn4jh6Si3yN+JNKjKJ2UAx1bp3yAIrLtK6EeTy6qpF9/ETd7fWRcN/fJoVaARFWh2rWQnBrACINxi3hF6qf1JlGssLrCj7L9lb6st9hPSRNWHE9JUldrlYqyjkVLrodLrj3fW/Z7eiWjIxJ2O2ZtFB0NFkPMuodd/ifXKonrXkQ9ezmokaFd4osSljBXQlHr8r7MVXFRs5jxx3Dxps+Y6ex4411KjA1Pj09ZivTBODOJfJbv/U4ZYxVfc4uf/RERERERERERERERERERERERERETDpttvI/TydYJ0jQcj+I83iIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiOJnH/X8BVd4ypFH7/X7eD+/+a+1IQUc/+BQAA//8KX2Ch") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) lseek(r0, 0x2, 0x1) getdents64(r0, 0x0, 0x22) 917.202091ms ago: executing program 6 (id=1804): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000000140)={0x40, 0x0, 0x1, "d0"}, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000180)={0x1, 0x9, 0x3, &(0x7f0000000040)={0x51, "c6c1f7b51030c4b7c54bf28facb1ed3ee2dfe17a04bc517b5452b3b94bce47509d"}}) 731.761951ms ago: executing program 1 (id=1805): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000180)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="cf0400000000000000f71200000008000300", @ANYRES32=r2, @ANYBLOB="0400130006001a01020000000600b500850100000a000600080211000001000006001200"], 0x48}, 0x1, 0x0, 0x0, 0x40480c0}, 0x4000004) 697.007782ms ago: executing program 4 (id=1806): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000180)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x1c, r1, 0x2586ad4018a3b31b, 0x1, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 606.218315ms ago: executing program 2 (id=1807): setresuid(0x0, 0xee00, 0x0) r0 = syz_io_uring_setup(0x117, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x200000, 0x1000000}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x8, 0x2007, @fd=r0, 0x6, 0x0, 0x0, 0x25}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 540.034254ms ago: executing program 0 (id=1808): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) readv(r0, &(0x7f00000009c0)=[{&(0x7f0000000140)=""/69, 0x45}, {0x0}], 0x2) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) 313.212612ms ago: executing program 1 (id=1809): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@dev={0xfe, 0x80, '\x00', 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe2ca917137fe2583, 0x64}, {@in=@remote, 0x0, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0x21}, {0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x0, 0xf84, 0x200}, {}, 0x0, 0x3500, 0xa, 0x0, 0x0, 0xcd}}, 0xf0}}, 0x0) 268.942188ms ago: executing program 4 (id=1810): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0) pread64(r1, &(0x7f0000000240)=""/106, 0x6a, 0x81) 155.213625ms ago: executing program 2 (id=1811): ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f0000000100)={0x39, {0x9, 0x0, 0x2000000, 0x2, 0x101, 0x12}}) syz_mount_image$squashfs(&(0x7f0000000100), &(0x7f0000000b00)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000b80)=ANY=[@ANYRES16=0x0, @ANYRES8, @ANYRESDEC, @ANYRES8=0x0, @ANYRES8, @ANYRESDEC, @ANYRESHEX, @ANYRES32, @ANYRES64, @ANYBLOB="e634866ae8bd0464aebf899d59adf6b870b8571b48d5a175b36176747c876c34fa065b87672718e71b0172cd901939082d9a391e7f023f305c9eb0faa0e5c4dbcf47370bd24698a88bebd7a8060686674bcd276b4ab98e7bed8c6ce985ffad9aa101af9fe81c06cd439b1b83903c9939b0c8ee1b3f2b833a797dc1727313426e2cdfbb805cf7d3", @ANYRES64, @ANYRESDEC], 0x1, 0x1df, &(0x7f00000002c0)="$eJzslc1qE1EUx39n5qbTaMCu3VpsN9pmCuIb2AfwAQzpWIuJH52AJhSMbroREZ9BqPgULgTddyEiuKkLBbOouKpI5M49czuhgagYJDB/SM45/3s+7jnDvfdGejeNgJ+HO00WyCDU+CCCAZbEcUdzTn5TOVR8Ns6uK/9S5SeVabe3/9ipvZuNVivZTrsTFBGY5DOinKTMbxcbo7x9NMoIf5dn+kondJM9ufR0hInG+WgsU91hwP+Zz/caFJkv/7pEhWl3wfHoftQmf6b3z9znHOsTaniV0bHMnhL8UVSKXl/plYcBg8x4d7jTtMo1vcUst+F++ZHIfKzxuuBz1kAfJGTo85jstoQlYKXTvrOSdnsXttqNzWQzuRXHa5dW35zWIzp8AFutZFUYPNEqzcD+GzwiXpyBgTzfd+krwMfj9T4FSGFrFqdAqtpiHpJfzsvnCoFVCAqxxRwu7yvfXqRcSJurnGceuNe3yzFuWovYbIbrtrV1hFCNuinsE44ImM8WLjZvtzZ2ESQP28P4HPUDKt6I1bCFkrXLvv1dlYsq11XuqTxQmb9d+Ztksgxf1Vruwxz3G53OdvZ4Oc1zsefiBV850Kr5ayj5TiJKlChRokSJEiVmBL8CAAD//1RZTqk=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="100000000200010001"], 0x454680) 0s ago: executing program 0 (id=1812): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000340)) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000040)={0xfffffffffffff001, 0x10000}) kernel console output (not intermixed with test programs): DF', timestamp 2022/11/22 14:59 (1000) [ 342.429547][ T7498] loop1: detected capacity change from 0 to 1024 [ 342.753143][ T7502] loop0: detected capacity change from 0 to 512 [ 342.936333][ T7502] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 342.949696][ T7502] ext4 filesystem being mounted at /127/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 342.986677][ T58] hfsplus: b-tree write err: -5, ino 4 [ 343.428602][ T7514] tap0: tun_chr_ioctl cmd 2147767521 [ 343.581542][ T5867] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 343.617080][ T5803] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 343.801163][ T5867] usb 4-1: Using ep0 maxpacket: 16 [ 343.855402][ T5867] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 343.869439][ T5867] usb 4-1: config 0 interface 0 has no altsetting 0 [ 343.876404][ T5867] usb 4-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 343.885962][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.074348][ T5867] usb 4-1: config 0 descriptor?? [ 344.265679][ T7523] netlink: 'syz.2.623': attribute type 3 has an invalid length. [ 344.618315][ T5867] hid (null): unknown global tag 0xd [ 344.948236][ T7527] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false [ 345.030556][ T5867] cougar 0003:060B:500A.0007: unknown main item tag 0x0 [ 345.038178][ T5867] cougar 0003:060B:500A.0007: unknown main item tag 0x0 [ 345.045592][ T5867] cougar 0003:060B:500A.0007: unknown main item tag 0x0 [ 345.052962][ T5867] cougar 0003:060B:500A.0007: unknown main item tag 0x0 [ 345.069549][ T5867] cougar 0003:060B:500A.0007: unknown main item tag 0x0 [ 345.078942][ T5867] cougar 0003:060B:500A.0007: unknown main item tag 0x0 [ 345.086215][ T5867] cougar 0003:060B:500A.0007: unknown main item tag 0x0 [ 345.093737][ T5867] cougar 0003:060B:500A.0007: unknown main item tag 0x0 [ 345.101038][ T5867] cougar 0003:060B:500A.0007: unknown main item tag 0x0 [ 345.108286][ T5867] cougar 0003:060B:500A.0007: unknown main item tag 0x0 [ 345.118331][ T5867] cougar 0003:060B:500A.0007: ignoring exceeding usage max [ 345.138291][ T5867] cougar 0003:060B:500A.0007: unexpected long global item [ 345.275555][ T7532] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.284614][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 345.592657][ T5867] cougar 0003:060B:500A.0007: parse failed [ 345.599028][ T5867] cougar 0003:060B:500A.0007: probe with driver cougar failed with error -22 [ 345.729573][ T5867] usb 4-1: USB disconnect, device number 4 [ 345.875751][ T7540] netlink: 27 bytes leftover after parsing attributes in process `syz.4.631'. [ 346.770328][ T7554] loop3: detected capacity change from 0 to 1024 [ 347.015923][ T7554] hfsplus: bad catalog entry type [ 347.392959][ T3546] hfsplus: b-tree write err: -5, ino 4 [ 347.602537][ T5867] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 347.846078][ T5867] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 347.854574][ T5867] usb 5-1: config 0 has no interface number 0 [ 347.942808][ T5867] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 347.952374][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 347.960771][ T5867] usb 5-1: Product: syz [ 347.965159][ T5867] usb 5-1: Manufacturer: syz [ 347.969920][ T5867] usb 5-1: SerialNumber: syz [ 348.097088][ T5867] usb 5-1: config 0 descriptor?? [ 348.364191][ T5867] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 348.419917][ T5867] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 348.431754][ T5867] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 348.448604][ T5867] usb 5-1: media controller created [ 348.635086][ T5867] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 348.919560][ T7581] loop2: detected capacity change from 0 to 512 [ 349.024766][ T5867] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 349.223251][ T7581] EXT4-fs (loop2): 1 truncate cleaned up [ 349.231723][ T7581] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 349.535916][ T5867] usb 5-1: USB disconnect, device number 5 [ 349.655173][ T7585] syzkaller0: tun_chr_ioctl cmd 2147767506 [ 350.123293][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 351.327847][ T7606] bpf: Bad value for 'uid' [ 351.381377][ T7607] loop3: detected capacity change from 0 to 512 [ 351.451729][ T7612] Driver unsupported XDP return value 0 on prog (id 41) dev N/A, expect packet loss! [ 351.499247][ T7607] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 351.576170][ T7607] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.662: invalid block [ 351.590416][ T7607] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.662: invalid indirect mapped block 4294967295 (level 1) [ 351.606656][ T7607] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.662: invalid indirect mapped block 4294967295 (level 1) [ 351.656368][ T7607] EXT4-fs (loop3): 2 truncates cleaned up [ 351.664578][ T7607] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 351.875475][ T7607] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 352.304383][ T5808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 352.369989][ T7618] loop2: detected capacity change from 0 to 256 [ 352.427703][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 352.440415][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 352.649211][ T7618] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000001) [ 352.657690][ T7618] FAT-fs (loop2): Filesystem has been set read-only [ 353.511191][ T5867] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 353.707332][ T5863] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 353.717802][ T5867] usb 4-1: config 0 has an invalid interface number: 128 but max is 0 [ 353.726571][ T5867] usb 4-1: config 0 has no interface number 0 [ 353.809627][ T5867] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 353.819199][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.827612][ T5867] usb 4-1: Product: syz [ 353.832187][ T5867] usb 4-1: Manufacturer: syz [ 353.836952][ T5867] usb 4-1: SerialNumber: syz [ 353.984732][ T5863] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 353.996576][ T5863] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.008555][ T5867] usb 4-1: config 0 descriptor?? [ 354.018499][ T5863] usb 5-1: Product: syz [ 354.028386][ T5863] usb 5-1: Manufacturer: syz [ 354.034531][ T5863] usb 5-1: SerialNumber: syz [ 354.159658][ T7641] loop1: detected capacity change from 0 to 256 [ 354.237517][ T5863] usb 5-1: config 0 descriptor?? [ 354.335284][ T5863] gspca_main: sq930x-2.14.0 probing 2770:930c [ 354.488994][ T5867] usb 4-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 354.489134][ T5867] usb 4-1: Firmware version (0.0) predates our first public release. [ 354.489240][ T5867] usb 4-1: Please update to version 0.2 or newer [ 355.298341][ T5863] gspca_sq930x: ucbus_write failed -71 [ 355.314386][ T5863] sq930x 5-1:0.0: probe with driver sq930x failed with error -71 [ 355.462765][ T7643] loop2: detected capacity change from 0 to 32768 [ 355.474694][ T7643] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.679 (7643) [ 355.532964][ T7643] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 355.543957][ T7643] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 355.581529][ T5867] usb 4-1: USB disconnect, device number 5 [ 355.634805][ T5863] usb 5-1: USB disconnect, device number 6 [ 355.732594][ T7643] BTRFS info (device loop2): enabling ssd optimizations [ 355.739950][ T7643] BTRFS info (device loop2): enabling free space tree [ 355.833368][ T7643] BTRFS error (device loop2): balance: mixed groups data and metadata options must be the same [ 355.945510][ T5805] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 356.592483][ T7670] netlink: 12 bytes leftover after parsing attributes in process `syz.1.685'. [ 357.264667][ T5863] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 357.392579][ T7678] netlink: 72 bytes leftover after parsing attributes in process `syz.1.688'. [ 357.551521][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 357.571656][ T5863] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 357.582974][ T5863] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.697936][ T5863] usb 4-1: config 0 descriptor?? [ 357.713132][ T7676] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 358.077728][ T5863] usbhid 4-1:0.0: can't add hid device: -71 [ 358.086621][ T5863] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 358.098941][ T7684] netlink: 24 bytes leftover after parsing attributes in process `syz.1.691'. [ 358.156618][ T5863] usb 4-1: USB disconnect, device number 6 [ 359.323998][ T7699] loop2: detected capacity change from 0 to 1024 [ 359.373871][ T7699] EXT4-fs: Ignoring removed bh option [ 359.418239][ T7699] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 359.556398][ T7703] bond0: entered promiscuous mode [ 359.562825][ T7703] bond_slave_0: entered promiscuous mode [ 359.572465][ T7703] bond_slave_1: entered promiscuous mode [ 359.648209][ T7699] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 360.401100][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 362.719697][ T7729] loop0: detected capacity change from 0 to 65536 [ 362.755048][ T7729] XFS (loop0): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 362.893296][ T7729] XFS (loop0): Ending clean mount [ 362.912435][ T7729] XFS (loop0): Quotacheck needed: Please wait. [ 363.049551][ T7729] XFS (loop0): Quotacheck: Done. [ 363.272478][ T5803] XFS (loop0): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 364.446492][ T7760] netlink: 40 bytes leftover after parsing attributes in process `syz.2.721'. [ 364.542439][ T7757] loop3: detected capacity change from 0 to 2048 [ 364.686636][ T7757] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 366.431390][ T7769] loop3: detected capacity change from 0 to 4096 [ 366.542485][ T7769] NILFS (loop3): invalid segment: Checksum error in segment payload [ 366.551629][ T7769] NILFS (loop3): trying rollback from an earlier position [ 366.752086][ T7769] NILFS (loop3): recovery complete [ 366.814002][ T7780] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 367.214375][ T7782] Attempt to restore checkpoint with obsolete wellknown handles [ 367.276861][ T7785] loop1: detected capacity change from 0 to 256 [ 367.373399][ T7785] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 367.882746][ T7789] loop0: detected capacity change from 0 to 1024 [ 367.906836][ T7789] ext4: Unknown parameter 'subj_type' [ 368.966548][ T7801] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 369.772795][ T7809] program syz.0.741 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 372.472956][ T5804] Bluetooth: hci4: unexpected event for opcode 0x080f [ 372.583522][ T7840] loop4: detected capacity change from 0 to 64 [ 372.635831][ T7840] hfs: invalid btree extent records (0 size) [ 372.642794][ T7840] hfs: unable to open catalog tree [ 372.655169][ T7842] loop1: detected capacity change from 0 to 8 [ 372.671404][ T5864] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 372.731784][ T7840] hfs: can't find a HFS filesystem on dev loop4 [ 372.861009][ T5864] usb 3-1: Using ep0 maxpacket: 32 [ 372.931833][ T5864] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 372.941531][ T5864] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.024421][ T5864] usb 3-1: config 0 descriptor?? [ 373.232110][ T7846] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.759'. [ 373.341156][ T5864] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 373.406353][ T5864] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 373.474631][ T5864] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 373.482397][ T5864] usb 3-1: media controller created [ 373.616509][ T5864] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 374.102324][ T5864] az6027: usb out operation failed. (-71) [ 374.153260][ T5864] az6027: usb out operation failed. (-71) [ 374.159175][ T5864] stb0899_attach: Driver disabled by Kconfig [ 374.165671][ T5864] az6027: no front-end attached [ 374.165671][ T5864] [ 374.218234][ T5864] az6027: usb out operation failed. (-71) [ 374.224923][ T5864] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 374.234983][ T5864] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input9 [ 374.425105][ T5864] dvb-usb: schedule remote query interval to 400 msecs. [ 374.438627][ T5864] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 374.555317][ T5864] usb 3-1: USB disconnect, device number 9 [ 375.156041][ T5864] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 375.818305][ T7868] sp0: Synchronizing with TNC [ 376.812437][ T7858] loop4: detected capacity change from 0 to 32768 [ 376.891460][ T7878] loop3: detected capacity change from 0 to 256 [ 376.926246][ T7858] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 377.167561][ T7878] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d) [ 377.199665][ T7858] XFS (loop4): Ending clean mount [ 377.439293][ T5817] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 377.466137][ T7890] loop1: detected capacity change from 0 to 1024 [ 378.380198][ T7894] loop2: detected capacity change from 0 to 32768 [ 378.792035][ T7899] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 378.800295][ T7899] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 378.809247][ T7899] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 378.817420][ T7899] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 379.481560][ T5864] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 379.588928][ T7906] netlink: 'syz.3.785': attribute type 49 has an invalid length. [ 379.710992][ T5864] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 379.721700][ T5864] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 379.731047][ T5864] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 379.740373][ T5864] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.910069][ T5864] usb 2-1: config 0 descriptor?? [ 379.955880][ T5864] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 379.963131][ T5864] dvb-usb: bulk message failed: -22 (3/0) [ 380.015107][ T5864] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 380.034570][ T5864] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 380.041925][ T5864] usb 2-1: media controller created [ 380.065364][ T5864] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 380.142987][ T7902] dvb-usb: bulk message failed: -22 (2/0) [ 380.163887][ T5864] dvb-usb: bulk message failed: -22 (6/0) [ 380.170038][ T5864] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 380.273516][ T5864] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input10 [ 380.378741][ T5864] dvb-usb: schedule remote query interval to 150 msecs. [ 380.386448][ T5864] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 380.510815][ T5864] usb 2-1: USB disconnect, device number 15 [ 380.754876][ T5864] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 381.455032][ T7916] loop4: detected capacity change from 0 to 2048 [ 381.637834][ T7916] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 381.728658][ T7924] loop1: detected capacity change from 0 to 1024 [ 381.789873][ T7918] loop0: detected capacity change from 0 to 4096 [ 381.856535][ T7916] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:169: inode #12: comm syz.4.789: inline data xattr refers to an external xattr inode [ 381.934489][ T7916] EXT4-fs (loop4): Remounting filesystem read-only [ 381.966818][ T7931] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 382.260494][ T5817] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 382.329232][ T3682] hfsplus: b-tree write err: -5, ino 4 [ 382.923446][ T7939] netlink: 4 bytes leftover after parsing attributes in process `syz.1.795'. [ 383.338727][ T3729] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 383.403974][ T3729] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 383.492655][ T3729] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 383.543161][ T3729] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 383.625605][ T7947] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 383.737709][ T7949] loop2: detected capacity change from 0 to 1024 [ 383.854582][ T7949] EXT4-fs: Ignoring removed nomblk_io_submit option [ 384.013811][ T7953] netlink: 8 bytes leftover after parsing attributes in process `syz.0.802'. [ 384.066823][ T7953] netlink: 24 bytes leftover after parsing attributes in process `syz.0.802'. [ 384.213538][ T7949] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 385.115360][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 386.938917][ T30] audit: type=1326 audit(1756146119.550:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7988 comm="syz.2.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0789d8ebe9 code=0x7ffc0000 [ 387.452256][ T30] audit: type=1326 audit(1756146119.590:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7988 comm="syz.2.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f0789d8ebe9 code=0x7ffc0000 [ 387.481271][ T30] audit: type=1326 audit(1756146119.600:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7988 comm="syz.2.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0789d8ebe9 code=0x7ffc0000 [ 387.509146][ T30] audit: type=1326 audit(1756146119.600:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7988 comm="syz.2.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0789d8ebe9 code=0x7ffc0000 [ 391.341432][ T8016] loop4: detected capacity change from 0 to 256 [ 391.584456][ T8016] MINIX-fs: mounting file system with errors, running fsck is recommended [ 392.716828][ T7951] Set syz1 is full, maxelem 65536 reached [ 397.214578][ T8023] kexec: Could not allocate control_code_buffer [ 397.721551][ T8034] loop7: detected capacity change from 0 to 7 [ 397.787410][ T8034] Dev loop7: unable to read RDB block 7 [ 397.830325][ T8034] loop7: AHDI p1 p2 [ 397.835641][ T8034] loop7: partition table partially beyond EOD, truncated [ 397.844811][ T8034] loop7: p1 start 1702000233 is beyond EOD, truncated [ 399.006337][ T8054] netlink: 'syz.2.837': attribute type 15 has an invalid length. [ 399.014882][ T8054] netlink: 4 bytes leftover after parsing attributes in process `syz.2.837'. [ 399.029567][ T8054] bond0: option resend_igmp: invalid value (65535) [ 399.038272][ T8054] bond0: option resend_igmp: allowed values 0 - 255 [ 399.088357][ T8055] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 399.102990][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 400.407964][ T8069] loop3: detected capacity change from 0 to 512 [ 400.577135][ T8069] EXT4-fs error (device loop3): __ext4_iget:5464: inode #17: block 1803188595: comm syz.3.844: invalid block [ 400.641239][ T8069] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.844: couldn't read orphan inode 17 (err -117) [ 400.719675][ T8069] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 400.904525][ T8069] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 13: comm syz.3.844: path /: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=0, rec_len=127, size=1024 fake=0 [ 401.274421][ T5808] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 13: comm syz-executor: path /159/bus: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=0, rec_len=127, size=1024 fake=0 [ 401.294006][ C1] vkms_vblank_simulate: vblank timer overrun [ 401.370332][ T5808] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz-executor: bg 0: block 7: invalid block bitmap [ 401.397446][ T8060] loop4: detected capacity change from 0 to 32768 [ 401.404035][ T5808] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 401.477026][ T8060] JBD2: Ignoring recovery information on journal [ 401.621649][ T5808] EXT4-fs error (device loop3): ext4_lookup:1787: inode #14: comm syz-executor: invalid fast symlink length 39 [ 401.712246][ T5808] EXT4-fs error (device loop3): ext4_lookup:1787: inode #14: comm syz-executor: invalid fast symlink length 39 [ 401.779393][ T8060] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode. [ 401.872593][ T8060] ocfs2: Unmounting device (7,4) on (node local) [ 403.116093][ T3729] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 403.133616][ T3729] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.203111][ T5808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 403.321737][ T3729] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 403.340269][ T3729] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.565850][ T3729] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 403.577413][ T3729] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.712736][ T3729] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 403.723553][ T3729] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.183365][ T3729] bridge_slave_1: left allmulticast mode [ 404.189298][ T3729] bridge_slave_1: left promiscuous mode [ 404.196123][ T3729] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.234750][ T3729] bridge_slave_0: left allmulticast mode [ 404.240893][ T3729] bridge_slave_0: left promiscuous mode [ 404.256333][ T3729] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.022012][ T8088] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 405.022012][ T8088] The task syz.0.852 (8088) triggered the difference, watch for misbehavior. [ 405.327249][ T3729] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 405.415268][ T3729] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 405.458981][ T3729] bond0 (unregistering): Released all slaves [ 406.041011][ T5811] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 406.051608][ T5811] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 406.075142][ T5811] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 406.123973][ T5811] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 406.148537][ T5811] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 406.314873][ T3729] hsr_slave_0: left promiscuous mode [ 406.371762][ T3729] hsr_slave_1: left promiscuous mode [ 406.386641][ T3729] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 406.396726][ T3729] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 406.576118][ T3729] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 406.585748][ T3729] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 406.785036][ T3729] veth1_macvtap: left promiscuous mode [ 406.790937][ T3729] veth0_macvtap: left promiscuous mode [ 406.796919][ T3729] veth1_vlan: left promiscuous mode [ 406.802522][ T3729] veth0_vlan: left promiscuous mode [ 406.943628][ T5804] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 406.953708][ T5804] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 406.963083][ T5804] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 406.976874][ T5804] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 406.987887][ T5804] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 407.104609][ T8101] program syz.4.859 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 407.859442][ T3729] team0 (unregistering): Port device team_slave_1 removed [ 407.901783][ T3729] team0 (unregistering): Port device team_slave_0 removed [ 408.251428][ T5811] Bluetooth: hci1: command tx timeout [ 409.046365][ T5811] Bluetooth: hci2: command tx timeout [ 409.133985][ T8127] binder: 8126:8127 ioctl c018620c 2000000000c0 returned -22 [ 409.619531][ T8089] chnl_net:caif_netlink_parms(): no params data found [ 410.325439][ T5811] Bluetooth: hci1: command tx timeout [ 410.476876][ T8098] chnl_net:caif_netlink_parms(): no params data found [ 410.787848][ T8155] loop4: detected capacity change from 0 to 128 [ 410.910205][ T8155] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 410.923590][ T8159] loop1: detected capacity change from 0 to 64 [ 410.971805][ T8155] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 411.122494][ T8089] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.130155][ T8089] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.138273][ T8089] bridge_slave_0: entered allmulticast mode [ 411.149126][ T8089] bridge_slave_0: entered promiscuous mode [ 411.160992][ T5811] Bluetooth: hci2: command tx timeout [ 411.233294][ T8089] bridge0: port 2(bridge_slave_1) entered blocking state [ 411.240917][ T8089] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.248620][ T8089] bridge_slave_1: entered allmulticast mode [ 411.258274][ T8089] bridge_slave_1: entered promiscuous mode [ 411.552546][ T8089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 411.575375][ T8089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 411.785900][ T8089] team0: Port device team_slave_0 added [ 411.845951][ T8089] team0: Port device team_slave_1 added [ 412.130298][ T8089] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 412.137725][ T8089] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 412.163096][ T8173] loop4: detected capacity change from 0 to 512 [ 412.164176][ T8089] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 412.188217][ T8098] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.196068][ T8098] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.198151][ T8173] EXT4-fs (loop4): Test dummy encryption mode enabled [ 412.205811][ T8098] bridge_slave_0: entered allmulticast mode [ 412.219658][ T8098] bridge_slave_0: entered promiscuous mode [ 412.236757][ T8089] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 412.244082][ T8089] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 412.270352][ T8089] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 412.285878][ T8098] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.293649][ T8098] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.301482][ T8098] bridge_slave_1: entered allmulticast mode [ 412.310983][ T8098] bridge_slave_1: entered promiscuous mode [ 412.351537][ T8173] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #12: comm syz.4.880: corrupted in-inode xattr: invalid ea_ino [ 412.380506][ T8173] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.880: couldn't read orphan inode 12 (err -117) [ 412.404234][ T5811] Bluetooth: hci1: command tx timeout [ 412.457402][ T8173] EXT4-fs (loop4): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 412.600399][ T8098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 412.695615][ T8089] hsr_slave_0: entered promiscuous mode [ 412.705405][ T8089] hsr_slave_1: entered promiscuous mode [ 412.714244][ T8089] debugfs: 'hsr0' already exists in 'hsr' [ 412.720112][ T8089] Cannot create hsr debugfs directory [ 412.733430][ T8180] pimreg: tun_chr_ioctl cmd 1074025676 [ 412.739067][ T8180] pimreg: owner set to 60929 [ 412.756595][ T8098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 412.771499][ T5817] EXT4-fs (loop4): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 413.100844][ T8098] team0: Port device team_slave_0 added [ 413.134555][ T8098] team0: Port device team_slave_1 added [ 413.200855][ T5811] Bluetooth: hci2: command tx timeout [ 413.566343][ T8098] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 413.577843][ T8098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 413.604269][ T8098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 413.709102][ T8098] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 413.716582][ T8098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 413.742999][ T8098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 413.883372][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 413.890107][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 414.257687][ T8098] hsr_slave_0: entered promiscuous mode [ 414.267571][ T8098] hsr_slave_1: entered promiscuous mode [ 414.276101][ T8098] debugfs: 'hsr0' already exists in 'hsr' [ 414.282217][ T8098] Cannot create hsr debugfs directory [ 414.499506][ T5811] Bluetooth: hci1: command tx timeout [ 414.614072][ T8208] netlink: 4 bytes leftover after parsing attributes in process `syz.1.889'. [ 414.677329][ T8089] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.925233][ T8089] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.192389][ T8204] loop4: detected capacity change from 0 to 32768 [ 415.247208][ T8204] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 415.258457][ T8204] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 415.258898][ T8089] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.282646][ T5811] Bluetooth: hci2: command tx timeout [ 415.298478][ T8204] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 415.312298][ T11] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 415.319537][ T11] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 415.510245][ T8089] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.138670][ T8213] loop1: detected capacity change from 0 to 32768 [ 416.192873][ T11] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 873ms [ 416.201428][ T11] gfs2: fsid=syz:syz.0: jid=0: Done [ 416.206934][ T8204] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 416.383566][ T8213] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 416.409759][ T8089] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 416.547065][ T8089] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 416.574034][ T8213] XFS (loop1): Corruption warning: Metadata has LSN (3:16) ahead of current LSN (1:80). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 416.589674][ T8213] XFS (loop1): Metadata CRC error detected at xfs_inobt_read_verify+0xaf/0x2d0, xfs_inobt block 0x18 [ 416.601110][ T8213] XFS (loop1): Unmount and run xfs_repair [ 416.607017][ T8213] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 416.614806][ T8213] 00000000: 49 41 42 33 00 00 00 01 ff ff ff ff ff ff ff ff IAB3............ [ 416.624026][ T8213] 00000010: 00 00 00 00 00 00 00 18 00 00 00 03 00 00 00 10 ................ [ 416.633346][ T8213] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 416.642591][ T8213] 00000030: 00 00 00 00 f0 ea ad a5 00 00 11 40 00 00 40 37 ...........@..@7 [ 416.651788][ T8213] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 416.661019][ T8213] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 416.670074][ T8213] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 416.679317][ T8213] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 416.688480][ T8213] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x33d/0x5f0" at daddr 0x18 len 8 error 74 [ 416.700294][ T8213] XFS (loop1): Failed to read root inode 0x1140, error 117 [ 416.707890][ T8213] XFS (loop1): Uncorrected metadata errors detected; please run xfs_repair. [ 416.734157][ T8218] loop0: detected capacity change from 0 to 2048 [ 416.756028][ T8218] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 416.785030][ T8089] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 416.826796][ T8089] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 417.049968][ T8233] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 417.265055][ T8098] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 417.392410][ T8098] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 417.541437][ T8098] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 417.644033][ T8098] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 418.057189][ T8242] program syz.0.894 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 418.311201][ T8089] 8021q: adding VLAN 0 to HW filter on device bond0 [ 418.482777][ T8089] 8021q: adding VLAN 0 to HW filter on device team0 [ 418.567219][ T706] bridge0: port 1(bridge_slave_0) entered blocking state [ 418.574771][ T706] bridge0: port 1(bridge_slave_0) entered forwarding state [ 418.699353][ T706] bridge0: port 2(bridge_slave_1) entered blocking state [ 418.707002][ T706] bridge0: port 2(bridge_slave_1) entered forwarding state [ 418.857924][ T8249] loop0: detected capacity change from 0 to 16 [ 418.964665][ T8249] erofs (device loop0): mounted with root inode @ nid 36. [ 419.038493][ T8098] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.274601][ T8098] 8021q: adding VLAN 0 to HW filter on device team0 [ 419.386796][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.394315][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 419.502258][ T5867] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 419.504202][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.517410][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 419.724508][ T5867] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 419.735910][ T5867] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 419.745989][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.854719][ T8098] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 420.497187][ T8262] loop0: detected capacity change from 0 to 32768 [ 420.533146][ T5867] usb 5-1: config 0 descriptor?? [ 420.591757][ T5867] pwc: Askey VC010 type 2 USB webcam detected. [ 420.695230][ T8273] netlink: 8 bytes leftover after parsing attributes in process `syz.1.900'. [ 420.699117][ T8262] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 420.722744][ T8273] vlan2: entered allmulticast mode [ 420.727265][ T8262] allowing incompatible features above 0.0: (unknown version) [ 420.740307][ T8262] features: [ 420.744107][ T8262] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 420.752699][ T8262] bcachefs (loop0): initializing new filesystem [ 420.774323][ T8262] bcachefs (loop0): going read-write [ 420.864458][ T8262] bcachefs (loop0): marking superblocks [ 420.940461][ T8262] bcachefs (loop0): initializing freespace [ 420.979738][ T8262] bcachefs (loop0): done initializing freespace [ 421.006158][ T8262] bcachefs (loop0): reading snapshots table [ 421.012810][ T8262] bcachefs (loop0): reading snapshots done [ 421.093306][ T5867] pwc: recv_control_msg error -32 req 02 val 2b00 [ 421.195441][ T8262] bcachefs (loop0): done starting filesystem [ 421.314438][ T5867] pwc: recv_control_msg error -71 req 02 val 2c00 [ 421.351908][ T5867] pwc: recv_control_msg error -71 req 04 val 1000 [ 421.382446][ T5867] pwc: recv_control_msg error -71 req 04 val 1300 [ 421.468964][ T8262] syz.0.899 (8262) used greatest stack depth: 1040 bytes left [ 421.477263][ T5867] pwc: recv_control_msg error -71 req 04 val 1400 [ 421.488010][ T5803] bcachefs (loop0): shutting down [ 421.494366][ T5803] bcachefs (loop0): going read-only [ 421.503921][ T5803] bcachefs (loop0): finished waiting for writes to stop [ 421.511491][ T5867] pwc: recv_control_msg error -71 req 02 val 2000 [ 421.541103][ T5803] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3 [ 421.554014][ T5867] pwc: recv_control_msg error -71 req 02 val 2100 [ 421.601845][ T5867] pwc: recv_control_msg error -71 req 04 val 1500 [ 421.631028][ T5867] pwc: recv_control_msg error -71 req 02 val 2500 [ 421.679939][ T5867] pwc: recv_control_msg error -71 req 02 val 2400 [ 421.713216][ T5867] pwc: recv_control_msg error -71 req 02 val 2600 [ 421.726611][ T5867] pwc: recv_control_msg error -71 req 02 val 2900 [ 421.776064][ T5867] pwc: recv_control_msg error -71 req 02 val 2800 [ 421.811250][ T5803] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3 [ 421.831193][ T8089] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 421.855041][ T8288] loop1: detected capacity change from 0 to 512 [ 421.871522][ T5867] pwc: recv_control_msg error -71 req 04 val 1100 [ 421.882473][ T8288] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 421.901327][ T5867] pwc: recv_control_msg error -71 req 04 val 1200 [ 421.925797][ T5803] bcachefs (loop0): clean shutdown complete, journal seq 4 [ 421.942429][ T5867] pwc: Registered as video103. [ 421.949980][ T5867] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input12 [ 421.969716][ T8288] EXT4-fs (loop1): 1 truncate cleaned up [ 421.977882][ T8288] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 421.992888][ T5803] bcachefs (loop0): marking filesystem clean [ 422.063346][ T5867] usb 5-1: USB disconnect, device number 7 [ 422.188963][ T8288] fscrypt (loop1, inode 18): Unsupported encryption flags (0x23) [ 422.224783][ T5803] bcachefs (loop0): shutdown complete [ 422.319711][ T8098] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 422.356125][ T8089] veth0_vlan: entered promiscuous mode [ 422.432285][ T8089] veth1_vlan: entered promiscuous mode [ 422.633718][ T5813] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 422.720054][ T8089] veth0_macvtap: entered promiscuous mode [ 422.786605][ T8089] veth1_macvtap: entered promiscuous mode [ 422.942295][ T8089] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 423.003909][ T8089] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 423.129066][ T3682] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 423.167313][ T3682] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 423.207379][ T3546] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 423.243565][ T3546] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 423.906384][ T8309] loop1: detected capacity change from 0 to 2048 [ 423.970304][ T8309] NILFS (loop1): invalid segment: Checksum error in super root [ 423.979066][ T8309] NILFS (loop1): error -22 while loading super root [ 424.793675][ T8098] veth0_vlan: entered promiscuous mode [ 424.909311][ T8098] veth1_vlan: entered promiscuous mode [ 425.066155][ T8329] netlink: 632 bytes leftover after parsing attributes in process `syz.4.910'. [ 425.199987][ T8098] veth0_macvtap: entered promiscuous mode [ 425.267458][ T8098] veth1_macvtap: entered promiscuous mode [ 425.452689][ T8098] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 425.555716][ T8098] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 425.640321][ T3682] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.701534][ T3682] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.756641][ T3682] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.812300][ T3682] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.908261][ T8333] loop1: detected capacity change from 0 to 4096 [ 426.115288][ T8343] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 426.200111][ T8346] loop4: detected capacity change from 0 to 164 [ 426.592551][ T8350] netlink: 'syz.0.902': attribute type 2 has an invalid length. [ 429.584610][ T8393] loop0: detected capacity change from 0 to 32768 [ 429.704087][ T8393] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 429.712549][ T8393] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 429.784191][ T8393] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 429.852876][ T8396] loop4: detected capacity change from 0 to 32768 [ 429.893146][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 429.901254][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 430.108887][ T8393] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 430.327710][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 430.335949][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 430.507723][ T8404] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 431.085252][ T8411] loop4: detected capacity change from 0 to 128 [ 431.172527][ T8411] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 431.715834][ T8418] loop4: detected capacity change from 0 to 256 [ 432.005314][ T8418] FAT-fs (loop4): Directory bread(block 64) failed [ 432.012342][ T8418] FAT-fs (loop4): Directory bread(block 65) failed [ 432.019169][ T8418] FAT-fs (loop4): Directory bread(block 66) failed [ 432.026080][ T8418] FAT-fs (loop4): Directory bread(block 67) failed [ 432.033014][ T8418] FAT-fs (loop4): Directory bread(block 68) failed [ 432.039692][ T8418] FAT-fs (loop4): Directory bread(block 69) failed [ 432.046643][ T8418] FAT-fs (loop4): Directory bread(block 70) failed [ 432.053411][ T8418] FAT-fs (loop4): Directory bread(block 71) failed [ 432.060217][ T8418] FAT-fs (loop4): Directory bread(block 72) failed [ 432.067148][ T8418] FAT-fs (loop4): Directory bread(block 73) failed [ 432.289776][ T5867] Process accounting resumed [ 432.294927][ T5867] kworker/1:5: attempt to access beyond end of device [ 432.294927][ T5867] loop4: rw=0, sector=1192, nr_sectors = 4 limit=256 [ 432.360087][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 432.368560][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.423610][ T8428] vivid-004: disconnect [ 432.454896][ T8425] vivid-004: reconnect [ 432.484346][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 432.493083][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.561491][ T5804] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 432.828007][ T8434] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 432.966410][ T8437] cgroup: fork rejected by pids controller in /syz2 [ 433.220979][ T5867] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 433.392125][ T5867] usb 6-1: Using ep0 maxpacket: 32 [ 433.417867][ T5867] usb 6-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 433.429510][ T5867] usb 6-1: config 0 interface 0 has no altsetting 0 [ 433.436531][ T5867] usb 6-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 433.445956][ T5867] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.463907][ T5867] usb 6-1: config 0 descriptor?? [ 433.728508][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.938611][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.990055][ T8450] loop4: detected capacity change from 0 to 512 [ 434.074844][ T8450] EXT4-fs (loop4): 1 truncate cleaned up [ 434.082926][ T8450] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 434.090038][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.209024][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.209771][ T8450] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.941: invalid indirect mapped block 234881024 (level 0) [ 434.379974][ T5817] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 434.463977][ T5867] hid_parser_main: 50 callbacks suppressed [ 434.464069][ T5867] corsair-cpro 0003:1B1C:0C10.0008: unknown main item tag 0x0 [ 434.477861][ T5867] corsair-cpro 0003:1B1C:0C10.0008: unknown main item tag 0x0 [ 434.485791][ T5867] corsair-cpro 0003:1B1C:0C10.0008: unknown main item tag 0x0 [ 434.493775][ T5867] corsair-cpro 0003:1B1C:0C10.0008: unknown main item tag 0x0 [ 434.501658][ T5867] corsair-cpro 0003:1B1C:0C10.0008: unknown main item tag 0x0 [ 434.517558][ T5867] corsair-cpro 0003:1B1C:0C10.0008: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.5-1/input0 [ 434.530954][ T12] bridge_slave_1: left allmulticast mode [ 434.536933][ T12] bridge_slave_1: left promiscuous mode [ 434.543979][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 434.563113][ T12] bridge_slave_0: left allmulticast mode [ 434.569015][ T12] bridge_slave_0: left promiscuous mode [ 434.575976][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 434.895940][ T5867] corsair-cpro 0003:1B1C:0C10.0008: probe with driver corsair-cpro failed with error -110 [ 434.936744][ T5867] usb 6-1: USB disconnect, device number 2 [ 435.027082][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 435.076558][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 435.095764][ T12] bond0 (unregistering): Released all slaves [ 435.594424][ T12] hsr_slave_0: left promiscuous mode [ 435.620067][ T12] hsr_slave_1: left promiscuous mode [ 435.628662][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 435.636349][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 435.739437][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 435.747256][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 435.859566][ T12] veth1_macvtap: left promiscuous mode [ 435.866493][ T12] veth0_macvtap: left promiscuous mode [ 435.872472][ T12] veth1_vlan: left promiscuous mode [ 435.878015][ T12] veth0_vlan: left promiscuous mode [ 436.474976][ T5804] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 436.485035][ T5804] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 436.494336][ T5804] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 436.511410][ T5804] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 436.522849][ T5804] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 437.183076][ T12] team0 (unregistering): Port device team_slave_1 removed [ 437.229889][ T12] team0 (unregistering): Port device team_slave_0 removed [ 437.963292][ T8488] netlink: 8 bytes leftover after parsing attributes in process `syz.1.956'. [ 438.562869][ T5804] Bluetooth: hci1: command tx timeout [ 438.665474][ T8500] input: syz0 as /devices/virtual/input/input13 [ 439.022003][ T8470] chnl_net:caif_netlink_parms(): no params data found [ 439.553559][ T8494] loop0: detected capacity change from 0 to 65536 [ 439.612499][ T8494] XFS (loop0): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 439.950249][ T8494] XFS (loop0): Ending clean mount [ 439.961381][ T8494] XFS (loop0): Quotacheck needed: Please wait. [ 439.988522][ T8522] loop1: detected capacity change from 0 to 128 [ 440.011409][ T8494] XFS (loop0): Quotacheck: Done. [ 440.150131][ T5803] XFS (loop0): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 440.182391][ T30] audit: type=1800 audit(1756146172.800:9): pid=8522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.965" name="file1" dev="loop1" ino=1048631 res=0 errno=0 [ 440.484352][ T8470] bridge0: port 1(bridge_slave_0) entered blocking state [ 440.493914][ T8470] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.504091][ T8470] bridge_slave_0: entered allmulticast mode [ 440.515433][ T8470] bridge_slave_0: entered promiscuous mode [ 440.635597][ T8470] bridge0: port 2(bridge_slave_1) entered blocking state [ 440.651131][ T8470] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.659637][ T8470] bridge_slave_1: entered allmulticast mode [ 440.668968][ T8470] bridge_slave_1: entered promiscuous mode [ 440.679548][ T5804] Bluetooth: hci1: command tx timeout [ 440.948948][ T8470] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 441.015766][ T8470] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 441.240999][ T8538] netlink: 20 bytes leftover after parsing attributes in process `syz.5.973'. [ 441.272850][ T8470] team0: Port device team_slave_0 added [ 441.309828][ T8470] team0: Port device team_slave_1 added [ 441.600847][ T8470] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 441.608001][ T8470] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 441.636053][ T8470] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 441.746700][ T8470] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 441.754334][ T8470] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 441.781466][ T8470] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 442.154950][ T8470] hsr_slave_0: entered promiscuous mode [ 442.164903][ T8470] hsr_slave_1: entered promiscuous mode [ 442.173518][ T8470] debugfs: 'hsr0' already exists in 'hsr' [ 442.179469][ T8470] Cannot create hsr debugfs directory [ 442.213558][ T5863] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 442.483438][ T5863] usb 2-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 442.496647][ T5863] usb 2-1: config 0 interface 0 has no altsetting 0 [ 442.503558][ T5863] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 442.512942][ T5863] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.664748][ T5863] usb 2-1: config 0 descriptor?? [ 442.739051][ T5804] Bluetooth: hci1: command tx timeout [ 442.745063][ T8556] syz_tun: entered promiscuous mode [ 442.767228][ T8556] syz_tun: left promiscuous mode [ 443.182207][ T5863] logitech 0003:046D:C29C.0009: hidraw0: USB HID v1.01 Device [HID 046d:c29c] on usb-dummy_hcd.1-1/input0 [ 443.527995][ T8470] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 443.582615][ T5863] logitech 0003:046D:C29C.0009: no inputs found [ 443.586485][ T8470] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 443.633529][ T5863] usb 2-1: USB disconnect, device number 16 [ 443.683301][ T8470] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 443.753447][ T8470] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 443.878938][ T8571] Falling back ldisc for ttyS3. [ 444.059163][ T8575] mmap: syz.4.989 (8575) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 444.540243][ T8470] 8021q: adding VLAN 0 to HW filter on device bond0 [ 444.735383][ T8470] 8021q: adding VLAN 0 to HW filter on device team0 [ 444.781883][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 444.789390][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 444.811626][ T5804] Bluetooth: hci1: command tx timeout [ 444.847829][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state [ 444.855379][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 445.758676][ T8602] Lens B: ================= START STATUS ================= [ 445.766494][ T8602] Lens B: Focus, Absolute: 0 [ 445.773307][ T8602] Lens B: ================== END STATUS ================== [ 446.022710][ T8599] loop1: detected capacity change from 0 to 4096 [ 446.271536][ T8599] ntfs3(loop1): Failed to initialize $Extend/$ObjId. [ 446.350195][ T8597] ntfs3(loop1): ino=1e, "file1" attr_set_size [ 446.474995][ T8470] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 446.893160][ T8470] veth0_vlan: entered promiscuous mode [ 446.978544][ T8470] veth1_vlan: entered promiscuous mode [ 447.041400][ T8622] loop0: detected capacity change from 0 to 1024 [ 447.169991][ T8622] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 447.198515][ T8470] veth0_macvtap: entered promiscuous mode [ 447.224056][ T8470] veth1_macvtap: entered promiscuous mode [ 447.286076][ T8470] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 447.326143][ T8470] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 447.403859][ T3546] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.420016][ T8626] loop1: detected capacity change from 0 to 2048 [ 447.437896][ T3546] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.479044][ T3546] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.506702][ T3682] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.618777][ T8626] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 447.691407][ T5803] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 447.843272][ T8626] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 447.944627][ T8626] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 9 with error 28 [ 447.957496][ T8626] EXT4-fs (loop1): This should not happen!! Data will be lost [ 447.957496][ T8626] [ 447.967401][ T8626] EXT4-fs (loop1): Total free blocks count 0 [ 447.975403][ T8626] EXT4-fs (loop1): Free/Dirty block details [ 447.982374][ T8626] EXT4-fs (loop1): free_blocks=2415919104 [ 447.988252][ T8626] EXT4-fs (loop1): dirty_blocks=32 [ 447.993642][ T8626] EXT4-fs (loop1): Block reservation details [ 447.999768][ T8626] EXT4-fs (loop1): i_reserved_data_blocks=2 [ 448.027935][ T8626] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 448.548391][ T8648] loop5: detected capacity change from 0 to 2048 [ 448.701071][ T8648] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a002e018, mo2=0002] [ 448.735262][ T8648] System zones: 0-4 [ 448.742689][ T8648] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 448.751991][ T8656] loop0: detected capacity change from 0 to 1024 [ 448.755549][ T8648] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 448.868988][ T8648] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 16: comm syz.5.1015: path /20/file0: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0 [ 449.149160][ T8098] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 449.176175][ T8662] loop4: detected capacity change from 0 to 1024 [ 449.519972][ T8670] netlink: 27 bytes leftover after parsing attributes in process `syz.5.1021'. [ 449.544179][ T12] hfsplus: b-tree write err: -5, ino 4 [ 450.607069][ T8689] netlink: 'syz.4.1029': attribute type 1 has an invalid length. [ 450.619865][ T8689] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1029'. [ 451.813432][ T3546] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 451.821761][ T3546] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 451.951347][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 451.959375][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 452.693262][ T5863] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 452.728614][ T8732] loop4: detected capacity change from 0 to 128 [ 452.807866][ T8732] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 452.868416][ T8738] loop2: detected capacity change from 0 to 512 [ 452.883141][ T8732] ext4 filesystem being mounted at /236/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 452.919394][ T8738] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x05417272 (sector = 1) [ 452.929885][ T8738] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 452.946915][ T5863] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 452.962522][ T5863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 452.976736][ T5863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 452.989258][ T5863] usb 2-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 453.001665][ T5863] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.017863][ T5863] usb 2-1: config 0 descriptor?? [ 453.295020][ T5817] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 453.453993][ T5863] sony 0003:054C:024B.000A: unknown main item tag 0x0 [ 453.461479][ T5863] sony 0003:054C:024B.000A: unknown main item tag 0x0 [ 453.468601][ T5863] sony 0003:054C:024B.000A: unknown main item tag 0x6 [ 453.479224][ T5863] sony 0003:054C:024B.000A: report_id 0 is invalid [ 453.489060][ T5863] sony 0003:054C:024B.000A: item 0 0 1 8 parsing failed [ 453.617834][ T5863] sony 0003:054C:024B.000A: parse failed [ 453.624431][ T5863] sony 0003:054C:024B.000A: probe with driver sony failed with error -22 [ 453.698270][ T5863] usb 2-1: USB disconnect, device number 17 [ 454.802578][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 454.995204][ T8776] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 455.360368][ T8783] loop0: detected capacity change from 0 to 164 [ 455.416065][ T8786] netlink: 'syz.1.1071': attribute type 2 has an invalid length. [ 455.434337][ T8787] loop2: detected capacity change from 0 to 256 [ 455.974487][ T8796] loop4: detected capacity change from 0 to 1024 [ 456.197481][ T8802] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 456.328885][ T3758] hfsplus: b-tree write err: -5, ino 4 [ 456.981118][ T5867] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 457.196843][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 457.207156][ T8825] netlink: 'syz.5.1089': attribute type 15 has an invalid length. [ 457.208372][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 457.226335][ T5867] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 457.235726][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.248731][ T5867] usb 3-1: config 0 descriptor?? [ 457.685836][ T8831] loop1: detected capacity change from 0 to 128 [ 457.727963][ T5867] hid-steam 0003:28DE:1142.000B: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.2-1/input0 [ 457.791475][ T5867] hid-steam 0003:28DE:1142.000B: Steam wireless receiver connected [ 457.828089][ T5867] hid-steam 0003:28DE:1142.000C: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.2-1/input0 [ 457.917317][ T8831] FAT-fs (loop1): error, corrupted directory (invalid i_start) [ 457.926574][ T8831] FAT-fs (loop1): Filesystem has been set read-only [ 457.932558][ T8830] loop4: detected capacity change from 0 to 4096 [ 457.945092][ T8830] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512). [ 457.968004][ T5863] usb 3-1: USB disconnect, device number 10 [ 458.043469][ T5863] hid-steam 0003:28DE:1142.000B: Steam wireless receiver disconnected [ 458.221750][ T8830] ntfs3(loop4): Failed to initialize $Extend/$ObjId. [ 458.924960][ T8849] loop5: detected capacity change from 0 to 2048 [ 459.027826][ T8854] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 459.275049][ T8858] loop4: detected capacity change from 0 to 1024 [ 459.629752][ T3682] hfsplus: b-tree write err: -5, ino 4 [ 459.998319][ T8871] loop4: detected capacity change from 0 to 1024 [ 460.417502][ T3758] hfsplus: b-tree write err: -5, ino 4 [ 461.308951][ T8890] loop4: detected capacity change from 0 to 32768 [ 461.510521][ T8890] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 461.510935][ T8890] allowing incompatible features above 0.0: (unknown version) [ 461.511048][ T8890] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 461.533844][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.562735][ T8890] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 461.571479][ T8890] bcachefs (loop4): initializing new filesystem [ 461.587440][ T8890] bcachefs (loop4): going read-write [ 461.643669][ T8890] bcachefs (loop4): marking superblocks [ 461.654694][ T8892] loop5: detected capacity change from 0 to 32768 [ 461.663971][ T8892] BTRFS warning: excessive commit interval 2147483647, use with care [ 461.674781][ T8892] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1121 (8892) [ 461.697462][ T8890] bcachefs (loop4): initializing freespace [ 461.723857][ T8890] bcachefs (loop4): done initializing freespace [ 461.743454][ T8890] bcachefs (loop4): reading snapshots table [ 461.749740][ T8890] bcachefs (loop4): reading snapshots done [ 461.817044][ T8892] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 461.827709][ T8892] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm [ 461.870839][ T8890] bcachefs (loop4): done starting filesystem [ 462.074839][ T8892] BTRFS info (device loop5): rebuilding free space tree [ 462.119677][ T8892] BTRFS info (device loop5): disabling free space tree [ 462.127020][ T8892] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 462.137017][ T8892] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 462.159560][ T8892] BTRFS info (device loop5): enabling ssd optimizations [ 462.183555][ T8892] BTRFS info (device loop5): turning off barriers [ 462.204676][ T8892] BTRFS info (device loop5): disabling tree log [ 462.210122][ T5817] bcachefs (loop4): shutting down [ 462.215906][ T8892] BTRFS info (device loop5): turning on flush-on-commit [ 462.216009][ T8892] BTRFS info (device loop5): force clearing of disk cache [ 462.216106][ T8892] BTRFS info (device loop5): doing ref verification [ 462.221453][ T5817] bcachefs (loop4): going read-only [ 462.228291][ T8892] BTRFS info (device loop5): use lzo compression, level 0 [ 462.261841][ T5817] bcachefs (loop4): finished waiting for writes to stop [ 462.311352][ T5817] bcachefs (loop4): flushing journal and stopping allocators, journal seq 3 [ 462.570268][ T5817] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 3 [ 462.585270][ T8098] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 462.624237][ T5817] bcachefs (loop4): clean shutdown complete, journal seq 4 [ 462.663393][ T5817] bcachefs (loop4): marking filesystem clean [ 462.817196][ T5817] bcachefs (loop4): shutdown complete [ 463.402752][ T8945] netlink: 'syz.0.1134': attribute type 10 has an invalid length. [ 463.421906][ T8945] team0: Cannot enslave team device to itself [ 464.864395][ T8953] loop1: detected capacity change from 0 to 32768 [ 464.883712][ T8955] loop5: detected capacity change from 0 to 4096 [ 464.904860][ T8955] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512). [ 464.926929][ T8953] find_entry called with index >= next_index [ 467.745310][ T8989] loop4: detected capacity change from 0 to 1764 [ 468.394899][ T9007] loop1: detected capacity change from 0 to 1024 [ 468.406242][ T9009] A link change request failed with some changes committed already. Interface veth0_virt_wifi may have been left with an inconsistent configuration, please check. [ 468.589494][ T30] audit: type=1800 audit(1756146201.210:10): pid=9007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1158" name="bus" dev="loop1" ino=26 res=0 errno=0 [ 468.856960][ T3758] hfsplus: b-tree write err: -5, ino 4 [ 468.894899][ T9018] loop5: detected capacity change from 0 to 64 [ 468.940298][ T9018] Trying to free block not in datazone [ 468.947981][ T9018] Trying to free block not in datazone [ 468.953637][ T9018] Trying to free block not in datazone [ 468.959232][ T9018] Trying to free block not in datazone [ 468.969178][ T9018] Trying to free block not in datazone [ 468.974935][ T9018] minix_free_block (loop5:6): bit already cleared [ 468.981828][ T9018] Trying to free block not in datazone [ 468.987483][ T9018] Trying to free block not in datazone [ 469.309273][ T9028] loop2: detected capacity change from 0 to 256 [ 469.391478][ T5863] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 469.564673][ T9032] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 469.591251][ T5863] usb 2-1: Using ep0 maxpacket: 32 [ 469.627545][ T5863] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 469.638709][ T5863] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 469.650766][ T5863] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 469.662112][ T5863] usb 2-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 469.676004][ T5863] usb 2-1: config 0 interface 0 has no altsetting 0 [ 469.688727][ T5863] usb 2-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 469.700276][ T5863] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.829006][ T5863] usb 2-1: config 0 descriptor?? [ 469.870422][ T5867] hid-generic 0005:0B57:0008.000D: collection stack underflow [ 469.878442][ T5867] hid-generic 0005:0B57:0008.000D: item 0 0 0 12 parsing failed [ 469.915158][ T5867] hid-generic 0005:0B57:0008.000D: probe with driver hid-generic failed with error -22 [ 470.304590][ T5863] corsair-cpro 0003:1B1C:0C10.000E: unknown main item tag 0x0 [ 470.313311][ T5863] corsair-cpro 0003:1B1C:0C10.000E: unknown main item tag 0x0 [ 470.322262][ T5863] corsair-cpro 0003:1B1C:0C10.000E: collection stack underflow [ 470.330067][ T5863] corsair-cpro 0003:1B1C:0C10.000E: item 0 0 0 12 parsing failed [ 470.363485][ T5863] corsair-cpro 0003:1B1C:0C10.000E: probe with driver corsair-cpro failed with error -22 [ 470.487872][ T5863] usb 2-1: USB disconnect, device number 18 [ 472.266720][ T9056] loop0: detected capacity change from 0 to 65536 [ 472.307912][ T9056] XFS (loop0): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 472.457202][ T9056] XFS (loop0): Ending clean mount [ 472.579501][ T5803] XFS (loop0): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 472.756984][ T9079] netlink: 5636 bytes leftover after parsing attributes in process `syz.5.1190'. [ 473.327575][ T9087] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1194'. [ 473.337113][ T9087] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1194'. [ 473.400279][ T9089] loop1: detected capacity change from 0 to 256 [ 473.587842][ T30] audit: type=1800 audit(1756146206.200:11): pid=9089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1195" name="file1" dev="loop1" ino=1048641 res=0 errno=0 [ 474.804683][ T9116] sctp: [Deprecated]: syz.2.1206 (pid 9116) Use of int in maxseg socket option. [ 474.804683][ T9116] Use struct sctp_assoc_value instead [ 474.876216][ T9110] loop4: detected capacity change from 0 to 4096 [ 475.014390][ T9118] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 475.330938][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 475.337629][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 475.476539][ T9126] loop2: detected capacity change from 0 to 1024 [ 475.566137][ T9126] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a002c118, mo2=0002] [ 475.595393][ T9126] System zones: 0-1, 3-12 [ 475.615141][ T9126] EXT4-fs (loop2): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 476.007088][ T8470] EXT4-fs (loop2): unmounting filesystem 00000000-0500-0000-0000-000000000000. [ 476.320067][ T9141] loop0: detected capacity change from 0 to 1024 [ 476.417207][ T9145] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1217'. [ 476.595669][ T9143] loop2: detected capacity change from 0 to 4096 [ 476.682121][ T3758] hfsplus: b-tree write err: -5, ino 4 [ 480.014560][ T9205] loop5: detected capacity change from 0 to 32768 [ 480.029089][ T9205] (syz.5.1243,9205,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 480.043412][ T9205] (syz.5.1243,9205,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 480.151449][ T9205] JBD2: Ignoring recovery information on journal [ 480.266035][ T9205] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 480.286003][ T9205] (syz.5.1243,9205,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC. [ 480.321591][ T9205] (syz.5.1243,9205,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x1cec3d0f, computed 0xd2ffbdfe. Applying ECC. [ 480.383708][ T9205] (syz.5.1243,9205,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xdf8356d3, computed 0xb8c23ae4. Applying ECC. [ 480.397546][ T9205] (syz.5.1243,9205,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xdf8356d3, computed 0x2acb7e3c [ 480.431726][ T9205] (syz.5.1243,9205,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 480.440394][ T9205] (syz.5.1243,9205,1):ocfs2_quota_read:201 ERROR: status = -5 [ 480.453702][ T9205] Quota error (device loop5): find_block_dqentry: Can't read quota tree block 6 [ 480.463502][ T9205] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 480.473203][ T9205] (syz.5.1243,9205,1):ocfs2_acquire_dquot:890 ERROR: status = -5 [ 480.481433][ T9205] (syz.5.1243,9205,1):ocfs2_mknod:317 ERROR: status = -5 [ 480.488729][ T9205] (syz.5.1243,9205,1):ocfs2_mknod:505 ERROR: status = -5 [ 480.496095][ T9205] (syz.5.1243,9205,1):ocfs2_mkdir:661 ERROR: status = -5 [ 480.676757][ T8098] ocfs2: Unmounting device (7,5) on (node local) [ 480.844261][ T9214] loop1: detected capacity change from 0 to 1024 [ 480.857091][ T9213] sctp: [Deprecated]: syz.4.1247 (pid 9213) Use of int in maxseg socket option. [ 480.857091][ T9213] Use struct sctp_assoc_value instead [ 481.194329][ T14] hfsplus: b-tree write err: -5, ino 4 [ 481.929624][ T9226] loop5: detected capacity change from 0 to 256 [ 482.011632][ T9226] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 482.127684][ T9226] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d) [ 483.448587][ T9247] program syz.0.1263 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 483.700802][ T9255] loop2: detected capacity change from 0 to 256 [ 483.868986][ T9255] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 484.024746][ T9255] exFAT-fs (loop2): error, data size is invalid(10) [ 484.031695][ T9255] exFAT-fs (loop2): Filesystem has been set read-only [ 484.292678][ T9253] loop5: detected capacity change from 0 to 4096 [ 484.301692][ T9253] ntfs3: Unknown parameter 'ÿÿÿÿ0x000000000000000018446744073709551615' [ 485.829494][ T9287] loop2: detected capacity change from 0 to 1764 [ 485.856636][ T9285] loop0: detected capacity change from 0 to 4096 [ 486.052548][ T9285] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 486.208183][ T9285] ntfs3(loop0): ino=1a, mi_enum_attr [ 486.214535][ T9285] ntfs3(loop0): ino=1a, mi_enum_attr [ 486.220099][ T9285] ntfs3(loop0): Failed to initialize $Extend/$Reparse. [ 486.861706][ T9306] netlink: 'syz.2.1287': attribute type 3 has an invalid length. [ 487.241320][ T5863] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 487.443585][ T5863] usb 2-1: Using ep0 maxpacket: 32 [ 487.524281][ T5863] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 487.535619][ T5863] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 487.676875][ T5863] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 487.686808][ T5863] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 487.695509][ T5863] usb 2-1: Product: syz [ 487.699858][ T5863] usb 2-1: Manufacturer: syz [ 487.822767][ T9314] loop0: detected capacity change from 0 to 512 [ 487.925130][ T5863] hub 2-1:4.0: USB hub found [ 488.057820][ T9314] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 488.073434][ T9314] ext4 filesystem being mounted at /270/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 488.206601][ T9321] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 488.228192][ T5863] hub 2-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 488.288786][ T5867] kernel read not supported for file /swradio8 (pid: 5867 comm: kworker/1:5) [ 488.514123][ T5803] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 490.193574][ T5863] usb 2-1: USB disconnect, device number 19 [ 490.599162][ T9363] pim6reg: entered allmulticast mode [ 490.644637][ T9367] pim6reg: left allmulticast mode [ 492.496508][ T9391] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 492.506846][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 492.726730][ T9383] loop2: detected capacity change from 0 to 40427 [ 492.764531][ T9383] F2FS-fs (loop2): invalid crc value [ 493.049214][ T9383] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 493.060414][ T9383] F2FS-fs (loop2): Start checkpoint disabled! [ 493.092616][ T9383] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 494.065610][ T9400] loop0: detected capacity change from 0 to 8192 [ 494.696387][ T3758] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 494.715112][ T3758] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 494.780516][ T3758] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 494.786048][ T9417] loop5: detected capacity change from 0 to 1024 [ 494.822256][ T3758] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 495.183959][ T14] hfsplus: b-tree write err: -5, ino 4 [ 495.648852][ T9431] loop1: detected capacity change from 0 to 128 [ 495.723969][ T9431] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002] [ 495.764685][ T9431] System zones: 1-3, 19-19, 35-36 [ 495.774456][ T9431] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 495.789847][ T9433] sctp: [Deprecated]: syz.4.1345 (pid 9433) Use of int in max_burst socket option. [ 495.789847][ T9433] Use struct sctp_assoc_value instead [ 495.812854][ T9431] ext4 filesystem being mounted at /288/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 496.258310][ T5813] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 497.059290][ T9442] loop5: detected capacity change from 0 to 32768 [ 497.165142][ T9442] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 497.436974][ T9442] XFS (loop5): Ending clean mount [ 497.514607][ T8098] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 498.828234][ T9482] loop5: detected capacity change from 0 to 512 [ 498.891424][ T9482] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 498.987182][ T9482] EXT4-fs (loop5): 1 truncate cleaned up [ 498.995107][ T9482] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 499.036320][ T9487] input: syz1 as /devices/virtual/input/input14 [ 499.063882][ T9482] EXT4-fs error (device loop5): ext4_empty_dir:3120: inode #2: block 13: comm syz.5.1357: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 499.127907][ T9482] EXT4-fs (loop5): Remounting filesystem read-only [ 499.245553][ T8098] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 499.530954][ T9496] sch_tbf: peakrate 64 is lower than or equals to rate 17038211371681383082 ! [ 499.817226][ T9502] loop2: detected capacity change from 0 to 64 [ 500.016098][ T9509] loop1: detected capacity change from 0 to 512 [ 500.041563][ T9509] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 500.109147][ T9509] EXT4-fs (loop1): 1 truncate cleaned up [ 500.117000][ T9509] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 500.230852][ T9509] EXT4-fs (loop1): shut down requested (1) [ 500.234775][ T9515] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 500.254084][ T9513] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'. [ 500.554031][ T5813] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 500.692041][ T9521] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1377'. [ 501.441906][ T5863] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 501.562152][ T9533] block nbd1: server does not support multiple connections per device. [ 501.571949][ T9533] block nbd1: shutting down sockets [ 501.680003][ T5863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 501.690181][ T5863] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 501.699663][ T5863] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.748813][ T5863] usb 2-1: config 0 descriptor?? [ 502.057715][ T9537] loop5: detected capacity change from 0 to 2048 [ 502.127338][ T9537] UDF-fs: error (device loop5): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 502.172185][ T9537] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 502.180123][ T9537] UDF-fs: Scanning with blocksize 512 failed [ 502.231431][ T5863] lenovo 0003:17EF:6047.000F: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.1-1/input0 [ 502.304988][ T9537] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 502.608219][ T5863] lenovo 0003:17EF:6047.000F: Failed to switch middle button: -71 [ 502.641631][ T5863] lenovo 0003:17EF:6047.000F: Fn-lock setting failed: -71 [ 502.668939][ T5863] lenovo 0003:17EF:6047.000F: Sensitivity setting failed: -71 [ 502.704887][ T5863] usb 2-1: USB disconnect, device number 20 [ 503.001256][ T9552] RDS: rds_bind could not find a transport for 0:0:200::1, load rds_tcp or rds_rdma? [ 503.202698][ T9558] loop5: detected capacity change from 0 to 1024 [ 503.235078][ T9556] loop2: detected capacity change from 0 to 512 [ 503.276319][ T9558] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 503.552710][ T9556] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 503.565750][ T9556] ext4 filesystem being mounted at /60/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 503.708114][ T8098] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 503.787962][ T9556] EXT4-fs error (device loop2): ext4_empty_dir:3077: inode #12: comm syz.2.1392: invalid size [ 503.927299][ T9556] EXT4-fs (loop2): Remounting filesystem read-only [ 504.256574][ T9578] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1401'. [ 504.282500][ T9578] erspan0: entered promiscuous mode [ 504.319538][ T8470] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 504.352356][ T3682] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 504.363584][ T3682] Quota error (device loop2): write_blk: dquota write failed [ 504.371437][ T3682] Quota error (device loop2): free_dqentry: Can't write quota data block 5 [ 504.797850][ T9588] netlink: 'syz.2.1403': attribute type 9 has an invalid length. [ 505.072989][ T9591] loop5: detected capacity change from 0 to 128 [ 505.136763][ T9591] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 505.262707][ T9591] ext4 filesystem being mounted at /109/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 505.360399][ T9591] EXT4-fs (loop5): shut down requested (0) [ 505.621762][ T8098] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 505.658923][ T9604] pim6reg: tun_chr_ioctl cmd 1074025681 [ 506.133655][ T9613] loop1: detected capacity change from 0 to 256 [ 506.164110][ T9613] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 506.175830][ T9613] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 506.256176][ T9613] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 506.346837][ T30] audit: type=1800 audit(1756146238.960:12): pid=9613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1416" name="file1" dev="loop1" ino=1048647 res=0 errno=0 [ 506.717756][ T9625] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 506.854626][ T9628] loop1: detected capacity change from 0 to 128 [ 506.933057][ T9628] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 506.946564][ T9628] ext4 filesystem being mounted at /302/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 506.967083][ T9632] loop5: detected capacity change from 0 to 64 [ 507.332341][ T5813] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 507.656619][ T9649] genirq: Flags mismatch irq 4. 00200000 (aio_iiro_16) vs. 00200080 (ttyS0) [ 509.219954][ T9683] loop2: detected capacity change from 0 to 512 [ 509.553515][ T9683] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.1443: iget: bad i_size value: 38620345925642 [ 509.757678][ T9683] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1443: couldn't read orphan inode 15 (err -117) [ 509.788862][ T9681] loop5: detected capacity change from 0 to 32768 [ 509.917597][ T9683] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 509.946418][ T9681] JBD2: Ignoring recovery information on journal [ 510.047321][ T9681] ocfs2: Mounting device (7,5) on (node local, slot 0) with writeback data mode. [ 510.064553][ T9681] ocfs2: Unmounting device (7,5) on (node local) [ 510.603235][ T9690] loop0: detected capacity change from 0 to 32768 [ 510.612469][ T9690] XFS: ikeep mount option is deprecated. [ 510.635979][ T9683] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.1443: bg 0: block 5: invalid block bitmap [ 510.689355][ T9690] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 510.695969][ T9683] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 510.710834][ T9683] EXT4-fs (loop2): This should not happen!! Data will be lost [ 510.710834][ T9683] [ 510.720908][ T9683] EXT4-fs (loop2): Total free blocks count 0 [ 510.727076][ T9683] EXT4-fs (loop2): Free/Dirty block details [ 510.733753][ T9683] EXT4-fs (loop2): free_blocks=0 [ 510.738892][ T9683] EXT4-fs (loop2): dirty_blocks=1 [ 510.744342][ T9683] EXT4-fs (loop2): Block reservation details [ 510.750469][ T9683] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 511.034077][ T9690] XFS (loop0): Ending clean mount [ 511.047893][ T9690] XFS (loop0): Quotacheck needed: Please wait. [ 511.091704][ T9690] XFS (loop0): Quotacheck: Done. [ 511.221317][ T5803] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 511.346850][ T8470] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 511.492828][ T9706] loop5: detected capacity change from 0 to 4096 [ 511.715511][ T9706] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 511.958143][ T9706] ntfs3(loop5): ino=1a, mi_enum_attr [ 511.964321][ T9706] ntfs3(loop5): ino=1a, mi_enum_attr [ 511.969830][ T9706] ntfs3(loop5): Failed to initialize $Extend/$Reparse. [ 512.143487][ T9706] ntfs3(loop5): ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" attr_set_size [ 512.171226][ C1] vkms_vblank_simulate: vblank timer overrun [ 512.983085][ T9729] loop1: detected capacity change from 0 to 128 [ 513.112195][ T9732] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1465'. [ 513.322066][ T9737] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1467'. [ 513.779827][ T9745] loop0: detected capacity change from 0 to 256 [ 514.025590][ T9745] FAT-fs (loop0): Directory bread(block 64) failed [ 514.032718][ T9745] FAT-fs (loop0): Directory bread(block 65) failed [ 514.039643][ T9745] FAT-fs (loop0): Directory bread(block 66) failed [ 514.046527][ T9745] FAT-fs (loop0): Directory bread(block 67) failed [ 514.053534][ T9745] FAT-fs (loop0): Directory bread(block 68) failed [ 514.060219][ T9745] FAT-fs (loop0): Directory bread(block 69) failed [ 514.067178][ T9745] FAT-fs (loop0): Directory bread(block 70) failed [ 514.074033][ T9745] FAT-fs (loop0): Directory bread(block 71) failed [ 514.081025][ T9745] FAT-fs (loop0): Directory bread(block 72) failed [ 514.087799][ T9745] FAT-fs (loop0): Directory bread(block 73) failed [ 514.256599][ T9745] syz.0.1470: attempt to access beyond end of device [ 514.256599][ T9745] loop0: rw=524288, sector=1160, nr_sectors = 4 limit=256 [ 514.272111][ T9745] syz.0.1470: attempt to access beyond end of device [ 514.272111][ T9745] loop0: rw=0, sector=1160, nr_sectors = 4 limit=256 [ 514.286142][ T30] audit: type=1800 audit(1756146246.860:13): pid=9745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1470" name="file1" dev="loop0" ino=1048649 res=0 errno=0 [ 514.369865][ T9745] syz.0.1470: attempt to access beyond end of device [ 514.369865][ T9745] loop0: rw=0, sector=1160, nr_sectors = 4 limit=256 [ 514.477585][ T9753] loop2: detected capacity change from 0 to 128 [ 514.577902][ T9753] EXT4-fs (loop2): Test dummy encryption mode enabled [ 514.807522][ T9753] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 514.906018][ T9759] loop5: detected capacity change from 0 to 512 [ 514.921060][ T9753] ext4 filesystem being mounted at /72/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 515.082324][ T9759] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 515.095481][ T9759] ext4 filesystem being mounted at /122/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 515.417228][ T8098] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 515.633647][ T9753] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))" [ 516.161631][ T8470] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 516.476258][ T9783] loop1: detected capacity change from 0 to 512 [ 516.563400][ T9787] loop5: detected capacity change from 0 to 256 [ 516.579105][ T9783] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 516.691699][ T30] audit: type=1800 audit(1756146249.290:14): pid=9783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1487" name="file0" dev="loop1" ino=13 res=0 errno=0 [ 516.832014][ T9787] FAT-fs (loop5): Directory bread(block 64) failed [ 516.838972][ T9787] FAT-fs (loop5): Directory bread(block 65) failed [ 516.846161][ T9787] FAT-fs (loop5): Directory bread(block 66) failed [ 516.852992][ T9787] FAT-fs (loop5): Directory bread(block 67) failed [ 516.859834][ T9787] FAT-fs (loop5): Directory bread(block 68) failed [ 516.866656][ T9787] FAT-fs (loop5): Directory bread(block 69) failed [ 516.873664][ T9787] FAT-fs (loop5): Directory bread(block 70) failed [ 516.880377][ T9787] FAT-fs (loop5): Directory bread(block 71) failed [ 516.891585][ T9787] FAT-fs (loop5): Directory bread(block 72) failed [ 516.898311][ T9787] FAT-fs (loop5): Directory bread(block 73) failed [ 516.991348][ T5813] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 518.274977][ T9815] input: syz0 as /devices/virtual/input/input16 [ 519.071179][ T5863] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 519.286730][ T5863] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 519.298108][ T5863] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 519.308522][ T5863] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 519.317871][ T5863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.458883][ T9825] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 519.511697][ T5863] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 519.786536][ T5863] usb 3-1: USB disconnect, device number 11 [ 519.856656][ T9846] capability: warning: `syz.5.1514' uses 32-bit capabilities (legacy support in use) [ 520.232297][ T9848] loop1: detected capacity change from 0 to 4096 [ 520.248522][ T9848] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 520.441656][ T9848] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 520.482839][ T9848] ntfs3(loop1): mft corrupted [ 520.487892][ T9848] ntfs3(loop1): Failed to load $Extend (-22). [ 520.495119][ T9848] ntfs3(loop1): Failed to initialize $Extend. [ 520.593927][ T9848] ntfs3(loop1): ino=1e, mi_enum_attr [ 520.599695][ T9848] ntfs3(loop1): ino=1e, mi_enum_attr [ 520.605892][ T9848] ntfs3(loop1): ino=1e, "file1" mi_enum_attr [ 520.612424][ T9848] ntfs3(loop1): ino=1e, "file1" mi_enum_attr [ 520.648429][ T9848] ntfs3(loop1): ino=1e, "file1" mi_enum_attr [ 520.847593][ T9862] loop5: detected capacity change from 0 to 8 [ 521.011139][ T30] audit: type=1326 audit(1756146253.610:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9863 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd87eb8ebe9 code=0x7ffc0000 [ 521.105949][ T30] audit: type=1326 audit(1756146253.670:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9863 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd87eb8ebe9 code=0x7ffc0000 [ 521.128903][ T30] audit: type=1326 audit(1756146253.680:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9863 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd87eb8ebe9 code=0x7ffc0000 [ 521.151811][ T30] audit: type=1326 audit(1756146253.710:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9863 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd87eb8ebe9 code=0x7ffc0000 [ 521.174522][ T30] audit: type=1326 audit(1756146253.710:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9863 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd87eb8ebe9 code=0x7ffc0000 [ 521.197242][ T30] audit: type=1326 audit(1756146253.710:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9863 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd87eb85ba7 code=0x7ffc0000 [ 521.220112][ T30] audit: type=1326 audit(1756146253.710:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9863 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd87eb2ade9 code=0x7ffc0000 [ 521.242753][ T30] audit: type=1326 audit(1756146253.710:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9863 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd87eb85ba7 code=0x7ffc0000 [ 521.265345][ T30] audit: type=1326 audit(1756146253.710:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9863 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd87eb2ade9 code=0x7ffc0000 [ 521.288607][ T30] audit: type=1326 audit(1756146253.710:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9863 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd87eb85ba7 code=0x7ffc0000 [ 522.324394][ T9893] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1534'. [ 522.985156][ T9904] loop1: detected capacity change from 0 to 1024 [ 523.055128][ T9906] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1540'. [ 523.111163][ T9904] hfsplus: xattr searching failed [ 523.124125][ T9904] hfsplus: xattr searching failed [ 523.146756][ T9904] hfsplus: xattr searching failed [ 523.172256][ T9904] hfsplus: b-tree write err: -5, ino 3 [ 523.369778][ T1143] hfsplus: bad catalog file entry [ 523.392830][ T1143] hfsplus: b-tree write err: -5, ino 3 [ 523.596785][ T9912] loop2: detected capacity change from 0 to 1024 [ 523.823387][ T14] hfsplus: b-tree write err: -5, ino 4 [ 524.184978][ T9926] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 524.191648][ T9926] syzkaller1: linktype set to 773 [ 524.568987][ T9930] loop5: detected capacity change from 0 to 1024 [ 524.806985][ T9934] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 524.815872][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 525.664896][ T9938] loop2: detected capacity change from 0 to 32768 [ 525.811835][ T9938] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io [ 525.811992][ T9938] allowing incompatible features above 0.0: (unknown version) [ 525.812085][ T9938] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 525.855336][ T9938] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0 [ 525.864368][ T9938] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 525.873786][ T9938] bcachefs (loop2): Version upgrade required: [ 525.873786][ T9938] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 525.873786][ T9938] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 525.873786][ T9938] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 525.947004][ C0] vkms_vblank_simulate: vblank timer overrun [ 525.969565][ T9938] bcachefs (loop2): dropping and reconstructing all alloc info [ 526.027747][ T9938] bcachefs (loop2): accounting_read... done [ 526.047607][ T9938] bcachefs (loop2): alloc_read... done [ 526.057452][ T9938] bcachefs (loop2): snapshots_read... done [ 526.071981][ T9938] bcachefs (loop2): check_allocations... [ 526.108825][ T9956] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1558'. [ 526.124112][ T9956] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1558'. [ 526.299609][ T9938] done [ 526.345786][ T9938] bcachefs (loop2): going read-write [ 526.351494][ T9938] bcachefs (loop2): insufficient writeable journal devices available: have 0, need 1 [ 526.351494][ T9938] rw journal devs: [ 526.464391][ T9938] bcachefs (loop2): done starting filesystem [ 526.534014][ T9968] sctp: [Deprecated]: syz.0.1562 (pid 9968) Use of struct sctp_assoc_value in delayed_ack socket option. [ 526.534014][ T9968] Use struct sctp_sack_info instead [ 526.663995][ T8470] bcachefs (loop2): shutting down [ 526.669180][ T8470] bcachefs (loop2): going read-only [ 526.674902][ T8470] bcachefs (loop2): finished waiting for writes to stop [ 526.709057][ T9967] input: syz1 as /devices/virtual/input/input17 [ 526.759404][ T8470] bcachefs (loop2): flushing journal and stopping allocators, journal seq 10 [ 526.784645][ T8470] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 10 [ 526.809501][ T8470] bcachefs (loop2): unclean shutdown complete, journal seq 10 [ 526.838529][ T9973] loop0: detected capacity change from 0 to 1024 [ 526.865418][ T8470] bcachefs (loop2): done going read-only, filesystem not clean [ 526.914679][ T8470] bcachefs (loop2): shutdown complete [ 526.945627][ T9973] hfsplus: bad catalog entry type [ 527.001025][ T5867] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 527.149973][ T14] hfsplus: b-tree write err: -5, ino 4 [ 527.195699][ T5867] usb 5-1: config 0 has no interfaces? [ 527.239505][ T5867] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 527.249335][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 527.257716][ T5867] usb 5-1: Product: syz [ 527.262219][ T5867] usb 5-1: Manufacturer: syz [ 527.323590][ T5867] usb 5-1: config 0 descriptor?? [ 527.543078][ T9970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 527.552660][ T9970] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 527.565912][ T5811] Bluetooth: hci4: Dropping invalid advertising data [ 527.572996][ T5811] Bluetooth: hci4: Malformed LE Event: 0x02 [ 527.585670][ T5867] usb 5-1: USB disconnect, device number 8 [ 527.772343][ T9988] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1574'. [ 528.172722][ T9994] loop5: detected capacity change from 0 to 1024 [ 528.237941][ T9994] EXT4-fs: inline encryption not supported [ 528.244855][ T9994] EXT4-fs: Ignoring removed bh option [ 528.444605][ T9994] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 528.793811][ T5867] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 528.897409][ T9992] loop1: detected capacity change from 0 to 40427 [ 528.913133][ T9992] F2FS-fs (loop1): Image doesn't support compression [ 528.920005][ T9992] F2FS-fs (loop1): build fault injection rate: 14 [ 528.926688][ T9992] F2FS-fs (loop1): build fault injection type: 0xeffa [ 528.936336][ T9992] F2FS-fs (loop1): invalid crc value [ 528.964617][ C1] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of bio_endio+0xde2/0xf30 [ 528.980120][ T9992] F2FS-fs (loop1): inject kvmalloc in f2fs_kvmalloc of f2fs_fill_super+0x797c/0xa750 [ 528.990039][ T9992] F2FS-fs (loop1): Failed to initialize F2FS node manager (-12) [ 528.999460][ T5867] usb 5-1: Using ep0 maxpacket: 32 [ 529.012538][ T8098] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 529.028917][ T5867] usb 5-1: config 0 interface 0 has no altsetting 0 [ 529.062945][ T5867] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 529.072613][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.081369][ T5867] usb 5-1: Product: syz [ 529.085703][ T5867] usb 5-1: Manufacturer: syz [ 529.090447][ T5867] usb 5-1: SerialNumber: syz [ 529.158399][ T5867] usb 5-1: config 0 descriptor?? [ 529.690272][ T5867] gs_usb 5-1:0.0: Configuring for 2 interfaces [ 530.088383][ T5867] gs_usb 5-1:0.0: Disabling termination support for channel 0 (-EPROTO) [ 530.150122][ T5867] gs_usb 5-1:0.0: Couldn't get bit timing const for channel 1 (-EPROTO) [ 530.264336][ T5867] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -71 [ 530.343828][ T5867] usb 5-1: USB disconnect, device number 9 [ 530.862068][T10022] loop5: detected capacity change from 0 to 16 [ 530.895026][T10022] erofs (device loop5): mounted with root inode @ nid 36. [ 531.235955][ T8098] syz-executor: attempt to access beyond end of device [ 531.235955][ T8098] loop5: rw=524288, sector=103079215096, nr_sectors = 64 limit=16 [ 531.251699][ T8098] syz-executor: attempt to access beyond end of device [ 531.251699][ T8098] loop5: rw=0, sector=103079215096, nr_sectors = 8 limit=16 [ 531.266053][ T8098] erofs (device loop5): failed to readdir of logical block 0 of nid 46 [ 531.362052][ T8098] erofs (device loop5): bogus i_mode (0) @ nid 281474976710655 [ 531.370375][ T8098] erofs (device loop5): bogus i_mode (0) @ nid 281474976710655 [ 531.822018][ T14] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.998841][ T14] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 532.031653][T10043] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1593'. [ 532.135310][ T14] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 532.270397][ T14] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 532.507233][ T14] bridge_slave_1: left allmulticast mode [ 532.513389][ T14] bridge_slave_1: left promiscuous mode [ 532.519855][ T14] bridge0: port 2(bridge_slave_1) entered disabled state [ 532.537541][ T14] bridge_slave_0: left allmulticast mode [ 532.543822][ T14] bridge_slave_0: left promiscuous mode [ 532.550376][ T14] bridge0: port 1(bridge_slave_0) entered disabled state [ 532.959180][ T14] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 532.979860][ T14] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 533.003511][ T14] bond0 (unregistering): Released all slaves [ 533.380334][ T14] hsr_slave_0: left promiscuous mode [ 533.390318][ T14] hsr_slave_1: left promiscuous mode [ 533.398188][ T14] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 533.405823][ T14] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 533.473933][ T14] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 533.481796][ T14] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 533.591308][ T14] veth1_macvtap: left promiscuous mode [ 533.597144][ T14] veth0_macvtap: left promiscuous mode [ 533.603665][ T14] veth1_vlan: left promiscuous mode [ 533.609168][ T14] veth0_vlan: left promiscuous mode [ 534.029207][T10054] loop2: detected capacity change from 0 to 1764 [ 534.222038][T10052] loop1: detected capacity change from 0 to 32768 [ 534.413722][T10052] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 534.471592][T10052] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 534.728005][T10059] loop0: detected capacity change from 0 to 2048 [ 534.751080][ T5804] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 534.789235][ T5804] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 534.798959][ T14] team0 (unregistering): Port device team_slave_1 removed [ 534.824026][ T14] team0 (unregistering): Port device team_slave_0 removed [ 534.834217][T10059] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 534.904835][ T5804] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 534.920322][ T5804] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 534.932814][ T5804] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 535.125815][ T5813] ocfs2: Unmounting device (7,1) on (node local) [ 536.318162][T10061] chnl_net:caif_netlink_parms(): no params data found [ 536.399724][T10083] loop1: detected capacity change from 0 to 512 [ 536.478587][T10083] EXT4-fs: Ignoring removed i_version option [ 536.534940][T10083] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 536.629984][T10083] EXT4-fs (loop1): 1 truncate cleaned up [ 536.638643][T10083] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 536.714336][T10091] loop2: detected capacity change from 0 to 2048 [ 536.746407][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 536.753170][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 536.784739][T10083] EXT4-fs (loop1): shut down requested (2) [ 536.894809][T10091] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 536.973452][ T5813] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 536.986979][T10091] ext4 filesystem being mounted at /93/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 537.045467][ T5811] Bluetooth: hci2: command tx timeout [ 537.308777][T10061] bridge0: port 1(bridge_slave_0) entered blocking state [ 537.316561][T10061] bridge0: port 1(bridge_slave_0) entered disabled state [ 537.333178][T10061] bridge_slave_0: entered allmulticast mode [ 537.342424][T10061] bridge_slave_0: entered promiscuous mode [ 537.361919][T10061] bridge0: port 2(bridge_slave_1) entered blocking state [ 537.374257][T10061] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.382151][T10061] bridge_slave_1: entered allmulticast mode [ 537.391558][T10061] bridge_slave_1: entered promiscuous mode [ 537.403523][ T8470] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 537.423329][T10105] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 537.432863][T10105] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 537.479176][T10105] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 537.543678][T10061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 537.547530][T10104] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 537.562233][T10104] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 537.590488][T10061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 537.884775][T10061] team0: Port device team_slave_0 added [ 537.919970][T10061] team0: Port device team_slave_1 added [ 538.016089][T10113] loop0: detected capacity change from 0 to 256 [ 538.091797][T10113] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 538.102812][T10113] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 538.139291][T10061] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 538.147226][T10061] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 538.174148][T10061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 538.238807][T10061] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 538.246185][T10061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 538.272499][T10061] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 538.387779][T10113] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 538.671573][T10061] hsr_slave_0: entered promiscuous mode [ 538.681293][T10061] hsr_slave_1: entered promiscuous mode [ 538.689986][T10061] debugfs: 'hsr0' already exists in 'hsr' [ 538.696109][T10061] Cannot create hsr debugfs directory [ 538.833040][T10122] loop1: detected capacity change from 0 to 512 [ 538.920431][T10122] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 539.135679][ T5811] Bluetooth: hci2: command tx timeout [ 539.148845][T10122] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1624: bg 0: block 321: padding at end of block bitmap is not set [ 539.968937][T10136] loop2: detected capacity change from 0 to 32768 [ 540.027993][T10061] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 540.080427][T10140] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1631'. [ 540.089627][T10061] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 540.147865][T10061] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 540.214099][T10061] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 540.325202][ T5813] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 541.036801][T10150] loop0: detected capacity change from 0 to 256 [ 541.217387][ T5811] Bluetooth: hci2: command tx timeout [ 541.393917][T10061] 8021q: adding VLAN 0 to HW filter on device bond0 [ 541.575883][T10061] 8021q: adding VLAN 0 to HW filter on device team0 [ 541.777688][ T3682] bridge0: port 1(bridge_slave_0) entered blocking state [ 541.785223][ T3682] bridge0: port 1(bridge_slave_0) entered forwarding state [ 541.806456][ T3682] bridge0: port 2(bridge_slave_1) entered blocking state [ 541.813971][ T3682] bridge0: port 2(bridge_slave_1) entered forwarding state [ 541.899983][T10155] loop0: detected capacity change from 0 to 512 [ 541.966985][T10157] loop2: detected capacity change from 0 to 128 [ 542.099401][T10155] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.1638: corrupted in-inode xattr: invalid ea_ino [ 542.268412][T10155] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1638: couldn't read orphan inode 15 (err -117) [ 542.316398][T10061] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 542.361284][T10155] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 543.010133][ T5803] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 543.280975][ T5811] Bluetooth: hci2: command tx timeout [ 543.699001][T10061] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 543.748265][T10181] loop0: detected capacity change from 0 to 1024 [ 543.769176][T10181] EXT4-fs: Ignoring removed orlov option [ 543.775282][T10181] EXT4-fs: Ignoring removed mblk_io_submit option [ 543.812645][T10181] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 543.872286][T10181] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 544.378608][ T5803] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 544.713137][T10201] loop8: detected capacity change from 0 to 8 [ 544.740235][T10201] Dev loop8: unable to read RDB block 8 [ 544.746307][T10201] loop8: unable to read partition table [ 544.786726][T10201] loop8: partition table beyond EOD, truncated [ 544.794851][T10201] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 544.996959][T10206] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 545.436841][T10061] veth0_vlan: entered promiscuous mode [ 545.527888][T10061] veth1_vlan: entered promiscuous mode [ 545.559794][T10216] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1659'. [ 545.797164][T10061] veth0_macvtap: entered promiscuous mode [ 545.881798][T10061] veth1_macvtap: entered promiscuous mode [ 546.076952][T10061] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 546.164746][T10061] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 546.267753][ T3682] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.327947][ T3682] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.359848][ T3682] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.383153][ T3682] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.531422][T10234] loop0: detected capacity change from 0 to 256 [ 548.293828][T10269] loop0: detected capacity change from 0 to 256 [ 548.319573][T10269] exfat: Deprecated parameter 'namecase' [ 548.325748][T10269] exfat: Deprecated parameter 'namecase' [ 548.464958][T10269] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 549.591070][T10294] loop2: detected capacity change from 0 to 1024 [ 550.039918][T10300] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 550.049614][T10300] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 550.059384][T10300] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 550.068846][T10300] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 550.077899][T10300] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 550.086962][T10300] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 550.096745][T10300] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 550.106090][T10300] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 550.115019][T10300] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 550.124106][T10300] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 550.205493][T10307] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1695'. [ 550.719113][T10064] hid-generic 0000:0005:0009.0010: unknown main item tag 0x0 [ 550.728037][T10064] hid-generic 0000:0005:0009.0010: unknown main item tag 0x0 [ 550.736814][T10064] hid-generic 0000:0005:0009.0010: unknown main item tag 0x0 [ 550.813371][T10064] hid-generic 0000:0005:0009.0010: hidraw0: HID v0.02 Device [syz0] on syz1 [ 551.084589][T10326] loop1: detected capacity change from 0 to 16 [ 551.126964][T10326] erofs (device loop1): mounted with root inode @ nid 36. [ 551.332143][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 551.340170][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 551.579528][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 551.587857][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 551.944729][T10338] loop6: detected capacity change from 0 to 8 [ 552.141171][T10345] loop1: detected capacity change from 0 to 1024 [ 552.442429][ T1143] hfsplus: b-tree write err: -5, ino 4 [ 552.630986][ T24] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 552.832311][ T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 1455, setting to 64 [ 552.844035][ T24] usb 3-1: config 0 interface 0 has no altsetting 0 [ 552.851001][ T24] usb 3-1: New USB device found, idVendor=09da, idProduct=022b, bcdDevice= 0.00 [ 552.862964][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.906151][ T24] usb 3-1: config 0 descriptor?? [ 552.914569][T10348] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 553.482137][ T24] a4tech 0003:09DA:022B.0011: unknown main item tag 0x2 [ 553.564650][ T24] a4tech 0003:09DA:022B.0011: hidraw0: USB HID v0.03 Device [HID 09da:022b] on usb-dummy_hcd.2-1/input0 [ 553.682867][ T24] usb 3-1: USB disconnect, device number 12 [ 555.305143][T10386] input: syz1 as /devices/virtual/input/input18 [ 555.982006][T10383] loop2: detected capacity change from 0 to 32768 [ 556.034625][T10383] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 556.111477][T10399] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1733'. [ 556.523999][T10383] XFS (loop2): Ending clean mount [ 556.536776][T10383] XFS (loop2): Quotacheck needed: Please wait. [ 556.576246][T10383] XFS (loop2): Quotacheck: Done. [ 556.725825][ T8470] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 556.861250][ T24] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 556.879391][T10411] loop6: detected capacity change from 0 to 1024 [ 556.912569][T10411] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 557.059266][T10413] loop0: detected capacity change from 0 to 8 [ 557.093378][ T24] usb 2-1: config 0 has no interfaces? [ 557.102949][T10415] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1741'. [ 557.114358][T10413] syz.0.1740: attempt to access beyond end of device [ 557.114358][T10413] loop0: rw=2048, sector=36028797018963960, nr_sectors = 16 limit=8 [ 557.129655][T10413] SQUASHFS error: Failed to read block 0xfffffffffffffffa: -5 [ 557.137608][T10413] unable to read xattr id index table [ 557.175901][ T24] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 557.185387][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 557.193647][ T24] usb 2-1: Product: syz [ 557.197962][ T24] usb 2-1: Manufacturer: syz [ 557.203055][ T24] usb 2-1: SerialNumber: syz [ 557.254586][ T24] usb 2-1: config 0 descriptor?? [ 557.504422][T10409] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 557.513679][T10409] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 557.579564][T10064] usb 2-1: USB disconnect, device number 21 [ 557.872341][T10418] loop6: detected capacity change from 0 to 512 [ 558.082091][T10418] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 558.095247][T10418] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 558.494899][T10061] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 559.462231][T10449] loop2: detected capacity change from 0 to 2048 [ 559.513040][T10449] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 559.523179][T10449] NILFS (loop2): mounting unchecked fs [ 559.558446][T10458] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1756'. [ 559.608147][T10449] NILFS (loop2): recovery complete [ 559.667831][T10459] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 560.189626][T10064] IPVS: starting estimator thread 0... [ 560.290998][T10471] IPVS: using max 288 ests per chain, 14400 per kthread [ 560.652562][T10479] loop0: detected capacity change from 0 to 512 [ 560.662161][T10479] EXT4-fs: Ignoring removed i_version option [ 560.668453][T10479] EXT4-fs: Ignoring removed mblk_io_submit option [ 560.761342][T10479] EXT4-fs (loop0): Test dummy encryption mode enabled [ 560.807538][T10479] EXT4-fs error (device loop0): ext4_orphan_get:1392: comm syz.0.1766: inode #13: comm syz.0.1766: iget: illegal inode # [ 560.894498][T10479] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1766: couldn't read orphan inode 13 (err -117) [ 560.913238][T10479] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 561.086292][T10494] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 561.199890][ T5803] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 561.301200][T10496] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1773'. [ 561.932041][T10507] loop0: detected capacity change from 0 to 512 [ 561.941073][T10507] EXT4-fs: Ignoring removed bh option [ 561.970211][T10507] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 562.013542][ T12] Bluetooth: hci5: Frame reassembly failed (-84) [ 562.041933][T10507] EXT4-fs (loop0): 1 truncate cleaned up [ 562.051390][T10507] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 562.066875][T10512] loop1: detected capacity change from 0 to 47 [ 562.091358][T10510] Bluetooth: hci5: Frame reassembly failed (-84) [ 562.194907][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 562.194981][ T30] audit: type=1800 audit(1756146295.821:37): pid=10507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1778" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 562.223160][ T30] audit: type=1804 audit(1756146295.831:38): pid=10507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1778" name="/newroot/368/file2/file2" dev="loop0" ino=16 res=1 errno=0 [ 562.468285][ T5803] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 563.889037][T10548] loop1: detected capacity change from 0 to 128 [ 564.080902][ T5811] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 564.081824][ T5804] Bluetooth: hci5: command 0x1003 tx timeout [ 564.387032][T10556] loop1: detected capacity change from 0 to 16 [ 564.413532][T10556] erofs (device loop1): mounted with root inode @ nid 36. [ 564.482077][ T30] audit: type=1800 audit(1756146298.101:39): pid=10556 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1800" name="file1" dev="loop1" ino=86 res=0 errno=0 [ 564.535097][T10560] loop2: detected capacity change from 0 to 64 [ 564.953528][ T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 564.983939][T10566] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1805'. [ 565.151568][ T24] usb 7-1: Using ep0 maxpacket: 32 [ 565.165470][ T24] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 565.174993][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 565.233207][ T24] usb 7-1: config 0 descriptor?? [ 565.501756][ T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 565.562457][ T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 565.608093][T10578] loop2: detected capacity change from 0 to 8 [ 565.614277][ T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 565.614406][ T24] usb 7-1: media controller created [ 565.691947][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 565.736074][T10563] ===================================================== [ 565.743996][T10563] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xcc/0x120 [ 565.751524][T10563] _copy_to_user+0xcc/0x120 [ 565.756210][T10563] i2cdev_ioctl_smbus+0x586/0x660 [ 565.761533][T10563] i2cdev_ioctl+0xa14/0xf40 [ 565.766232][T10563] __se_sys_ioctl+0x23c/0x400 [ 565.771240][T10563] __x64_sys_ioctl+0x97/0xe0 [ 565.776004][T10563] x64_sys_call+0x1cbc/0x3e20 [ 565.781062][T10563] do_syscall_64+0xd9/0x210 [ 565.785885][T10563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.792201][T10563] [ 565.794604][T10563] Uninit was stored to memory at: [ 565.799803][T10563] __i2c_smbus_xfer+0x254d/0x2f60 [ 565.805885][T10563] i2c_smbus_xfer+0x31d/0x4d0 [ 565.810920][T10563] i2cdev_ioctl_smbus+0x4a1/0x660 [ 565.816168][T10563] i2cdev_ioctl+0xa14/0xf40 [ 565.821001][T10563] __se_sys_ioctl+0x23c/0x400 [ 565.825886][T10563] __x64_sys_ioctl+0x97/0xe0 [ 565.831126][T10563] x64_sys_call+0x1cbc/0x3e20 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 565.836846][T10563] do_syscall_64+0xd9/0x210 [ 565.842034][T10563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.848210][T10563] [ 565.855666][T10563] Local variable msgbuf1.i created at: [ 565.861773][T10563] __i2c_smbus_xfer+0x86a/0x2f60 [ 565.866877][T10563] i2c_smbus_xfer+0x31d/0x4d0 [ 565.871883][T10563] [ 565.874292][T10563] Bytes 0-1 of 2 are uninitialized [ 565.879510][T10563] Memory access of size 2 starts at ffff8880404dfd06 [ 565.886522][T10563] Data copied to user address 0000200000000040 [ 565.893887][T10563] [ 565.896325][T10563] CPU: 0 UID: 0 PID: 10563 Comm: syz.6.1804 Not tainted syzkaller #0 PREEMPT(none) [ 565.905976][T10563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 565.916298][T10563] ===================================================== [ 565.923592][T10563] Disabling lock debugging due to kernel taint [ 565.929850][T10563] Kernel panic - not syncing: kmsan.panic set ... [ 565.936422][T10563] CPU: 0 UID: 0 PID: 10563 Comm: syz.6.1804 Tainted: G B syzkaller #0 PREEMPT(none) [ 565.947546][T10563] Tainted: [B]=BAD_PAGE [ 565.951801][T10563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 565.962012][T10563] Call Trace: [ 565.965413][T10563] [ 565.968441][T10563] __dump_stack+0x26/0x30 [ 565.972956][T10563] dump_stack_lvl+0x53/0x270 [ 565.977725][T10563] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 565.983718][T10563] dump_stack+0x1e/0x25 [ 565.988062][T10563] vpanic+0x361/0xc50 [ 565.992262][T10563] panic+0x15d/0x160 [ 565.996384][T10563] kmsan_report+0x31c/0x320 [ 566.001104][T10563] ? kmsan_internal_check_memory+0x1e1/0x230 [ 566.007268][T10563] ? kmsan_copy_to_user+0xf1/0x190 [ 566.012550][T10563] ? _copy_to_user+0xcc/0x120 [ 566.017374][T10563] ? i2cdev_ioctl_smbus+0x586/0x660 [ 566.022742][T10563] ? i2cdev_ioctl+0xa14/0xf40 [ 566.027586][T10563] ? __se_sys_ioctl+0x23c/0x400 [ 566.032588][T10563] ? __x64_sys_ioctl+0x97/0xe0 [ 566.037500][T10563] ? x64_sys_call+0x1cbc/0x3e20 [ 566.042535][T10563] ? do_syscall_64+0xd9/0x210 [ 566.047386][T10563] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.053624][T10563] ? __pfx_az6027_i2c_xfer+0x10/0x10 [ 566.059112][T10563] ? __i2c_transfer+0x11cd/0x3110 [ 566.064330][T10563] ? kmsan_get_metadata+0xfb/0x160 [ 566.069608][T10563] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 566.076105][T10563] ? kmsan_get_metadata+0xfb/0x160 [ 566.081394][T10563] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 566.087413][T10563] ? __i2c_smbus_xfer+0x1e93/0x2f60 [ 566.092764][T10563] ? kmsan_get_metadata+0xfb/0x160 [ 566.098054][T10563] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 566.104593][T10563] kmsan_internal_check_memory+0x1e1/0x230 [ 566.110611][T10563] kmsan_copy_to_user+0xf1/0x190 [ 566.115721][T10563] _copy_to_user+0xcc/0x120 [ 566.120390][T10563] i2cdev_ioctl_smbus+0x586/0x660 [ 566.125646][T10563] i2cdev_ioctl+0xa14/0xf40 [ 566.130349][T10563] ? kmsan_report+0x2e9/0x320 [ 566.135194][T10563] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 566.140401][T10563] __se_sys_ioctl+0x23c/0x400 [ 566.145265][T10563] __x64_sys_ioctl+0x97/0xe0 [ 566.150045][T10563] x64_sys_call+0x1cbc/0x3e20 [ 566.154971][T10563] do_syscall_64+0xd9/0x210 [ 566.159697][T10563] ? clear_bhb_loop+0x40/0x90 [ 566.164592][T10563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.170672][T10563] RIP: 0033:0x7f84ff98ebe9 [ 566.175214][T10563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 566.194990][T10563] RSP: 002b:00007f8500838038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 566.203566][T10563] RAX: ffffffffffffffda RBX: 00007f84ffbb5fa0 RCX: 00007f84ff98ebe9 [ 566.211677][T10563] RDX: 0000200000000180 RSI: 0000000000000720 RDI: 0000000000000004 [ 566.219808][T10563] RBP: 00007f84ffa11e19 R08: 0000000000000000 R09: 0000000000000000 [ 566.227896][T10563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 566.235983][T10563] R13: 00007f84ffbb6038 R14: 00007f84ffbb5fa0 R15: 00007ffff34b49b8 [ 566.244097][T10563] [ 566.247599][T10563] Kernel Offset: disabled [ 566.252005][T10563] Rebooting in 86400 seconds..