last executing test programs: 6.928300269s ago: executing program 1 (id=4653): syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x77c, &(0x7f0000001180)="$eJzs3c9rHFUcAPDvbJKmTauJIGg9BQQNlG5Mja2CYMWDCBYKerZdNttQs8mW7KY0IaBFBC+CigdBLz37o968+uOq/4UHsVRNixUPEpnNTrttdtNsmmSr+/nAJO/NzO6b776ZeW93HjMB9KzR9E8u4mBEfJBEDDfmJxExUE/1RxxfW+/GynIxnZJYXX3t96S+zvWV5WI0vSa1v5F5NCK+fzfiUG59udXFpZlCuVyab+THa7PnxquLS4fPzhamS9OluaMTk5NHjj1z7Oj2xfrnT0sHrnz48pNfHf/7nUcuv/9DEsfjQGNZcxzbZTRGG5/JQPoR3ual7S6sy5JubwBbkh6afWtHeRyM4eirpwCA/7O3ImIVAOgp/dp/AOg52e8A11eWi9nU3V8kdtfVFyNi71r82fXNtSX9jWt2e+vXQYeuJ7ddGUkiYmQbyh+NiM++eeOLdIodug4J0MrbFyPi9Mjo+vN/sm7MQqee2mDZnsb/0TvmO//B7vk27f8826r/l7vZ/4kW/Z/BFsfuVtz1+N+3DYVsIO3/Pd80tu1GU/wNI32N3AP1Pt9AcuZsuZSe2x6MiLEYGEzzE2vrthwGNXbtn2vtym/u//3x0Zufp+Wn/2+tkfu1f/D210wVaoV7jTtz9WLEY/2t4k9u1n/Spv97cpNlvPLce5+2W5bGn8abTevjj8bopJ2xeiniiZb1f6sqkw3HJ47Xd4fxbKdo4eufPxlqV35z/adTWn72XWA3pPU/tHH8I0nzeM1q52X8eGn4u3bL7h5/6/1/T/J6PZ31Iy4UarX5iYg9yavr5x+59dosn62fxj/2eOvjf6P9P/1OeHqT8fdf+e3Lrce/s9L4pzqq/84Tl2/M9LUrf3P1P1lPjTXmbOb8t9kNvJfPDgAAAAAAAAAAAAAAAAAAAAAAAAA2KxcRByLJ5W+mc7l8fu0Z3g/HUK5cqdYOnakszE1F/VnZIzGQy251Odx0P9SJxv3ws/yRO/JPR8RDEfHx4L4ku4/iVJdjBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM/jbP/0/9MtjtrQMAdszebm8AALDrtP8A0Hu0/wDQe7T/ANB7tP8A0Hu0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOywkydOpNPqXyvLxTQ/dX5xYaZy/vBUqTqTn10o5ouV+XP56UplulzKFyuzd3u/cqVybjLmFi6M10rV2nh1cenUbGVhrnbq7GxhunSqNLArUQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ6qLSzOFcrk0L7GFxOr9sRndT/Q1dqc7FyUR0ekbvhBdD6ezRHJ/bMY2J7p8YgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4j/g3AAD//5EOHsI=") open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000) renameat2(r0, &(0x7f0000000140)='./file1\x00', r0, &(0x7f0000000980)='./bus\x00', 0x5) 6.241001849s ago: executing program 1 (id=4662): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000013006bcc9e3be35c6e17aa31086b876c1d0000007ea60864160af36511002b0006000100300017d34460bc247581fff60a84c9f4d4938037e786a6d0001000000e4509c5bb5b64f69853000000009e79c7ad2600bb2b53e4", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 5.735614981s ago: executing program 1 (id=4667): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12012000f1048108cd060202d4920001000109021b1901000000f30904150001da40df000905", @ANYRES32], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 3.836582914s ago: executing program 5 (id=4685): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x10050, &(0x7f0000000800)={[{@jqfmt_vfsv1}, {@nouid32}, {@jqfmt_vfsold}, {@norecovery}, {@block_validity}, {@dioread_lock}]}, 0x3, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94Oz9557Zu73nQlz5tyZu/cGcGE9GRE3ImIsIp6JiKlie1qU2OuU/HH39+8t5iWJLHvp7SSSYlt3X5eL5bXiaRMR8Y2vRnw3ORp3a2d3baHRqG8W9enWevJOlu3eXF1fWKmv1Dfm5mafm39+/tb8zFD6WY2IF77815/88JdfeeG3n33lT7f/fuN7eVr/zbJXo6cfw9TpeqX9WnSNR8TmKIKVZLzdw45bJecCAMDx8vn+hyPik+35/1SMtWdzAAAAwHmSfWEy3kkiMgAAAODcSiNiMpK0VpzvO1mcsXotIj4aV9NGc6v1meXm9sZS3hZRjUq6vNqoz8RE+9yBalSSvD5bnGPbrT/bU5+LiEcj4sdTV9r12mKzsVT2lx8AAABwQVzrOf7/91Sa1mpF417JyQEAAADDUy07AQAAAGDkHP8DAADA+VfN+tyh66h09JkAAAAAI/C1F1/MS9a9//XSyzvba82Xby7Vt9Zq69uLtcXm5p3aSrO50r5m3/pJ+2s0m3c+Fxvbd6db9a3W9NbO7u315vZG6/bqoVtgAwAAAGfo0U+88cckIvY+f6VdcpeKtkpENnbwweNlZAiMygc6p+cvo8sDOHsHP9+vlJgHcPZM6eHiqpSdAFC6k/4D0MCTd34//FwAAIDRuP6xwb//v71camrAiBW//yenugAIcK6MlZ0AUJrO73/vZR1lZwOcpcpxMwAHBXDupcP5/f+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSZZXG/WZiPhQRLw1Vbmc12fbz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3u8HLiX/mWovI+KVn73007sLrdbmbL79n+9vb71ebH+2jG8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNP9/XuL97Msy/bvLZ5l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjB56XRMTYEOLvvRYRj/WLn+RpRbXI4lD8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK4+/uavpwfGfy3i8fH+4083fpLvr0/8p07Zx+98c3d3UFv2i4jr/ca/5HCs6db6nemtnd2bq+sLK/WV+sbc3Oxz88/P35qfmV5ebdSLf/vG+NHHf/Peg9q7R/p/9Zjxt93/Aa//06fs/7tv3t3/SGe15y8Tlfh5lt14qv/f/7F88emj8buffZ8qPgfyev4apq9/q2/8J371hycG5Zb3f2lA/yd6+n+5p/83Ttn/Z77+/T+f8qEAwBnY2tldW2g06ptWDq5E9aFI4+FdyeedpaeRRBL5yluHmhbKT6yz8mrxHltodN9tQ9rz74qDo1EmX9J4BAAAjM6DSX9vS1JOQgAAAAAAAAAAAAAAAAAAAHABnXgZsEFNaUQ82PLtHxxzNbLemHvldBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Fj/CwAA//8GI9aV") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x8004587d, &(0x7f0000000140)={0x1, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) readlink(&(0x7f00000000c0)='./file2\x00', &(0x7f0000000880)=""/202, 0xca) 3.724635473s ago: executing program 4 (id=4687): r0 = epoll_create1(0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40088a01, &(0x7f0000000000)=0x100) r1 = socket(0x10, 0x803, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)={0x60000005}) 3.430539563s ago: executing program 4 (id=4690): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) syz_mount_image$iso9660(&(0x7f0000000d40), &(0x7f0000000b40)='./file0\x00', 0x0, &(0x7f0000000b80)=ANY=[], 0x1, 0x59a, &(0x7f0000000180)="$eJzs3M9v29YdAPDHxG5UFwsGFFvSNEDZtIfsEFeSFwdGd4hGUzZbSRRIunBOQ7E4XTC7A9YNWHPLpVuBDTvtPPS6v2D/VP8GD9SPVLLjKE26yAU+H8B+j+KXfN9HEO9BhB4DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCiZLvZbEWhlw329uOzJdtF3n/G/un5/jtXzFmd+R+iEKL6LzQa4er4o6tvfhf7s/rfjXBlvHUlNOqiER698fOffvjmyoX6wNUoCs9I6JX44stHv//08PDgj8tOZEl20kFW5lm/s5PGWZnHW5ubzQ92u2XczXppea+s0n6cFGmnyov4ZnI3hLC1Eafr9/K9wc52p5fGN5NfxK2trTu32s3mZvzR+jDtFGU++OCj9TLZzXq9bLAziql332q/E+7UN+LHWRVXaaMfxw8eHh5sLEqyDmo9T1B7UVC72W63Wu12a/P21u07zWZjcrc++WCleUI4ecjK8m9aXrnXJjfKaGM6xr32w43i8GKOk38uOwUAAADg/ywaPWOPRs/lr45q3ayXNudijqOlpQcAAAD8AEZf7a9MHgCEcDVEp7//AwAAAD9uf3vmGrsQRaEcXoqmS1WG++9HR5261jm6OP7o4skzVt1r0eXJSUbF5spkK0mvR2+Ng96aRn87KR4syiMqitXo8cslEP4ero1jrt0fl/ene8atrHWzXrqe5L0PW6HTuXyhSverP3/+8C8hFMXxxa8H/ctRePDw8GD9t384vD/K5XF9lsdHk19InPqhxHwul8JMLn96su5x0uO78z1eHT2IqXv99aC/Nm63Odv/C+PDL3yP/n8V3h7HvL02Ltfm+9+o22ytP6X3s1m0hvvvX5o09pw9P5HF9XHM9Zvv1cV7Nyd7VmeyaC/Koj17/V/oWpyRxey12FiUxcZLZgGwLA9OzkKn5v9T8+7pUW68pv8Zo9yC2b2ewhfO7r8Li1r5Krw7jnn32sp3M9KJEb25aERvPue8HsLTs/hPuPHvf4WwF25Mg8+aY+t2/zE3q0ZH39QHfHOq3elK87LXPj4O4fXJ5pePbj08+vSzg88OPm+3Nzabv2w2b7fD6qgbk8LcA8BTpMW30Vr116gosuFvWltbrU61m8ZFnnwcF9n2Thpngyotkt3OYCeNh0Ve5UneqyufZNtpGZd7w2FeVHE3L+JhXmb7oze/xJNXv5RpvzOosqQc9tJOmcZJPqg6SRVvZ2USD/d+3cvK3bQYHVwO0yTrZkmnyvJBXOZ7RZKux3GZpjOB2XY6qLJuVlcH8bDI+p3iXvxJ3tvrp/F2WiZFNqzy8QmnbWWDbl70R6ddX/bFBoBz4osweYPdk1fZfe9KaCyIWXYfAYB5J2fpS2dGvv7qkgIAAAAAAAAAAAAAAObMLtf71eSVPi+9InC5lbtvPG3XO8tPbLYSQlg5B2mcw0oUQjgHaZyoNF5NW9P3PJ0VszrZ/6JN1Bd3cfBP6phljUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLb/BQAA//8qPo3G") stat(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000740)) 3.316981507s ago: executing program 1 (id=4691): capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) shmctl$SHM_LOCK(0x0, 0xb) shmctl$SHM_UNLOCK(0x0, 0xc) 3.041618624s ago: executing program 1 (id=4694): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000007300)=[{{&(0x7f00000003c0)={0xa, 0x4e21, 0x0, @private0}, 0x1c, &(0x7f0000000400)=[{&(0x7f0000000480)="7f", 0x1}], 0x1}}], 0x1, 0x0) listen(r0, 0xfff) accept(r0, 0xfffffffffffffffd, &(0x7f0000000440)=0x34000) 2.858978393s ago: executing program 4 (id=4695): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0) syz_usb_disconnect(r0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0x0) 2.834347984s ago: executing program 5 (id=4697): r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000"], 0x0) r1 = syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x0) syz_usb_disconnect(r0) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, 0x0) 2.760284968s ago: executing program 2 (id=4698): syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x208008, &(0x7f0000000000)=ANY=[], 0x80, 0x14e, &(0x7f0000000e40)="$eJzs2r9Kw0AcB/AfWBE6OjoFKlHQ/Ne66ljcfIPQ5tLgxZREkPYFxElQOAdfQvAJfISMbroI+hKRmKMmUWxRIR2+n+W+8Gvvfr0rN50WR6HFEo1oe3R19LIaR6HSdfb6zGIuFXpEpOQhzbIbnb54mtbTjPRvPtCs9bdi7Gz64vCCBdyzm24JAAAAAAAAAAAAAAAAAAAAAADmpLZlaA9FeM4C7lmlajKeHLuce3HSUHuNUxX5houY4Lf5/jiV+tYrkbqfp0AcxHndrH7/WoaNoeDP9f01TsORkYwnWhC6vud7J7btdM0d09y1jY+5jPqM6p3sidLs3tQpk6b10nuzx3nem8nzb60F4vKsvtrn+SMg/DX0WvhH/S4s0UK0UQozbpXWzHtnUbSXi3Gw4nQe8vtP70d8IIv/u2dyJaqWmvrhAPCz9wAAAP//MKk80A==") chdir(0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000) symlinkat(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r0, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 2.696001009s ago: executing program 1 (id=4699): r0 = syz_usb_connect$cdc_ecm(0x0, 0x5a, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, [@acm={0x4}]}, {[{}], {{0x9, 0x5, 0x82, 0x2, 0x400}}}}}]}}]}}, 0x0) syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09"], 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[], 0x0) 2.571475933s ago: executing program 2 (id=4700): syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0000f5", 0x2, 0x2f, 0x0, @local, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10}, 0x24) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "e4"}], 0x18, 0xe000}, 0x5}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{0x10}, {0x18, 0x110, 0xc, 'c'}], 0x28, 0x500}}], 0x2, 0x0) 2.414136657s ago: executing program 2 (id=4704): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="050000000300000000a9de51", @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0) read(r0, &(0x7f0000001480)=""/4096, 0x38) 2.203949842s ago: executing program 2 (id=4706): mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuseblk(&(0x7f0000002440), &(0x7f0000002480)='./file0\x00', &(0x7f00000024c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESHEX=r0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file0\x00', 0x10000fe, &(0x7f0000000240)=ANY=[@ANYRES16=r0, @ANYRES8=0x0, @ANYRESDEC=r0, @ANYBLOB="2a10afe0b9399b7e1189d061e253ae0765c8a1dce13f1fe82a5baa833c1074c9df193e1ab30d4bad7364d8ad8e8e8d9282da3d2d6c4c8119215260fefa0f5d4bddb30ebc877094e17f7dc85f9d2e7c4626c1180df66b227ff4d34c316a32f858d6c1d5a43ae030400ee292f21793545e50e3319304c0d6660b6ead7b046341c8203569fe77b9242ac979878c28b7ae2425eea70310802055b9bc38d48b3ebfc7bdea7638a26296e407708c79", @ANYRES32, @ANYRES64=r0, @ANYRESDEC, @ANYRESHEX, @ANYRESOCT=r0], 0x1, 0x321, &(0x7f0000000580)="$eJzs3M9LI2cYwPEnP4xJxEwOpaWF4kt7aXsYNO25EIpCaaCiplQLhVEnbcg0kUywpJRqT72W/ge99CAevQnd/Qe87G33spe9eVnYw8oiO0vmhyY6ibuj2fjj+wGZd+Z5n/F9yRieN5j38Pu/f6lVbL1itCSeVhITETkSyUtcAjH/GHfbKem2LZ9OPHv44eLyyjfFUml2Qam54tLnBaVUbur/X3/P+N32x+Ug/+Ph08KTg3cP3j98ufRz1VZVW9UbLWWo1cbjlrFqmWq9atd0peYt07BNVa3bZtOLN7x4xWpsbLSVUV+fzG40TdtWRr2tamZbtRqq1Wwr4yejWle6rqvJrIRJhV69q8o7CwtGMWLy2hUPBlG9cBxnQNiJFY2EiGTORco7Qx0XAAC4ls7U/wm3pI9U/0vOrf87nU/r/92P7rcmvtvL+fX/fiqs/v/ikXevnvo/LSJXWv+nQ2Z/viK68bbepPOl6n9cD1Pn17SxnrNms2hk/b9f158/7E67Dep/AAAAAAAAAAAAAAAAAAAAAABugiPH0RzH0YKj//PZaQ/v2ijHiOHp8/pr4/43poJz9k24nRaXVyTtfnEvmROx/tosb5a9ox8POk6LJsfu8+DrtIOnQnXk5Z615edvbZYTbqRYkapYYsqMaJI/m+84c1+XZmeUpzd/TLLd+QXR5J3w/EJofko++bgrXxdNHqxJQyxZ7zzXx85J/h8zSn31belMfsbtBwAAAADAbaCrE6Hrd13vF/fyT9bXvZ8PiHStz6dD1+dJ7YPkaOcOAAAAAMBdYbd/qxmWZTYHNDJycZ/ojWS09LFBfRJdM+wJyXbfKaf8HYKHN9MBjeAfKWqprlBa/vUvR7lzMP/hjDkuUbKmxBn3RnWZ3x58bNSvj8wP+/VK9gm9989/z6PdOebv2tsd+nIvfcFMh9YYe603DydxyXcfAAAAAG9TUPRnbPc0NurxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwFw3YBix5VduJjXqOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHXxKgAA//8OdP/w") 2.202946215s ago: executing program 0 (id=4707): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="dc00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c000280050001000000000008000480040003800800084000000000080008400000000734000f8008000240000000050800024000000b8608000340000047510800034000000003080001"], 0xdc}}, 0x0) 1.850899179s ago: executing program 0 (id=4708): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000bc0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001d00000008000300", @ANYRES32=r2, @ANYBLOB="20002f80080002"], 0x3c}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) 1.848036483s ago: executing program 2 (id=4709): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, r1, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1000}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @udp=r0}]}, 0x3c}}, 0x0) 1.64139208s ago: executing program 0 (id=4710): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r1 = dup(r0) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000080)=0x800) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000000)={0x30}, 0x30) 1.592947451s ago: executing program 2 (id=4711): r0 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a00000008241c00000008000905810300020000000904010000020d000009040101"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x80, 0x1c, {0x1, 0x313, 0xe, 0x5, 0x7, 0x10, 0xf801, 0x9, 0x5, 0x1, 0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0}) 1.442737847s ago: executing program 0 (id=4712): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f00000002c0), &(0x7f0000000140)) 1.170853471s ago: executing program 3 (id=4714): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000002a00000045000000a400020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) sendto$inet6(r1, &(0x7f0000000900)="7800000018002507b9409b14ffff00000204be04020b06050e0209095c0006003f00064c0a0000000d0085a168d0bf46d32345653600648d0a000500eb16000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a23000400160004000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) 1.103448039s ago: executing program 3 (id=4715): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$TUNSETNOCSUM(r0, 0x400454ca, 0x20000000) 1.093001221s ago: executing program 5 (id=4716): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001f80)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x64, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0xba2ceb09c15e9291}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {}, 0x3, 0x8}}]}}]}, 0x64}}, 0x0) 986.582054ms ago: executing program 3 (id=4717): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2810000, &(0x7f0000000680)={[{@user_xattr}, {@noquota}, {@jqfmt_vfsold}, {@jqfmt_vfsv1}, {@block_validity}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x401}}, {@noquota}, {@min_batch_time={'min_batch_time', 0x3d, 0x8}}, {@delalloc}, {@user_xattr}, {@noauto_da_alloc}]}, 0x1, 0x54f, &(0x7f0000000b00)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbZdnamc8HbnvOvTc995t7v6fn5iQkgKE1kf0oRLwcEd8kEQfbto1GvnFibb/V+1dnsyWJRuPTv5JI8nWt/ZP89/688lJE/PZVxPHCxnZryysLpXI5Xczrk/XKpcna8sqJC5XSfDqfXpyemTn19sz0e+++M7BY3zj7z/ef3P7w1NdHV7/75e6hm0mcjgP5tvY4nsC19spETOTPyVicfmTHqQE0tpMk230A9GUkz/OxyPqAgzGSZz3w//dlRDSAIZXIfxhSrXFA695+QPfBz417H6zdAG2Mf3TttZHY07w32reaPHRnlN3vjg+g/ayNX/+8dTNbYnCvQwBs6dr1iDg5Orqx/0vy/q9/J3vY59E29H/w7NzOxj9vdhr/FNbHP9Fh/LO/Q+72Y+v8L9wdQDNdZeO/9zuOf9cnrcZH8toLzTHfWHL+QjnN+rYXI+JYjO3O6pvN55xavdPotq19/JctWfutsWB+HHdHdz/8mLlSvfQkMbe7dz3ilY7j32T9/Ccdzn/2fJztsY0j6a3Xum3bOv6nq/FTxOsdz/+DGa1k8/nJyeb1MNm6Kjb6+8aR37u1v93xZ+d/3+bxjyft87W1x2/jxz3/pt229Xv970o+a5Z35euulOr1xamIXcnHG9dPP3hsq97aP4v/2NHN+79O1//eiPi8x/hvHP751f7jf7qy+Oce6/w/fuHOR1/80K393s7/W83SsXxNL/1frwf4JM8dAAAAAAAA7DSFiDgQSaG4Xi4UisW193ccjn2FcrVWP36+unRxLpqflR2PsUJrpvtg2/shpvL3w7bq04/UZyLiUER8O7K3WS/OVstz2x08AAAAAAAAAAAAAAAAAAAA7BD7u3z+P/PHyHYfHfDU+cpvGF5b5v8gvukJ2JH8/4fhJf9heMl/GF7yH4aX/IfhJf9heMl/GF7yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbq7Jkz2dJYvX91NqvPXV5eWqhePjGX1haKlaXZ4mx18VJxvlqdL6fF2Wplq79XrlYvTU3H0pXJelqrT9aWV85VqksX6+cuVErz6bl07JlEBQAAAAAAAAAAAAAAAAAAAM+X2vLKQqlcThcVFPoqjO6Mw1AYcGG7eyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOC/AAAA///ktDiZ") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 822.648953ms ago: executing program 4 (id=4718): pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x0) request_key(&(0x7f0000000080)='id_resolver\x00', &(0x7f00000000c0)={'syz', 0x0}, &(0x7f0000000100)='\x00', r1) 783.151658ms ago: executing program 5 (id=4719): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0xb}, @NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac=@broadcast}]}, 0x30}}, 0x0) 638.466136ms ago: executing program 3 (id=4720): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffff, 0x0, "cf0da7087b9539556f7ab2a8bf68b63bfcbea9"}) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0x8683) ioctl$TCSETAF(r0, 0x5408, &(0x7f00000002c0)={0x6b7, 0x0, 0x0, 0x0, 0x0, "2bf6081b90893985"}) 637.329428ms ago: executing program 4 (id=4721): r0 = syz_open_dev$sg(&(0x7f0000000440), 0x0, 0x181801) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000a00)="c3d20c7ccf073600040000000000005800ecff1300", 0x15}], 0x1) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000100)) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r0]) 570.701197ms ago: executing program 5 (id=4722): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)={0x2c, r0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @default=0x9b4}], @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0xc}]]}, 0x2c}}, 0x0) 421.23935ms ago: executing program 5 (id=4723): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) writev(r0, &(0x7f00000003c0)=[{&(0x7f00000000c0)="1a", 0x1}, {&(0x7f0000000140)="fa791027e01b4d51411c754af98e6e4427d85564937fa989c20892b2cac8664dd5bc099f9664a3", 0x27}], 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006573bb08ac051992da610200000109021b000100000000090400000103b80000090581"], 0x0) 352.367381ms ago: executing program 4 (id=4724): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, 0x0, 0xff00) 286.976565ms ago: executing program 0 (id=4725): mknod(&(0x7f0000000000)='./file0\x00', 0x8000, 0xe02) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x2c) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000140)=""/18, 0x12}], 0x1) preadv(r0, &(0x7f0000001540)=[{&(0x7f0000000080)=""/189, 0xbd}], 0x1, 0x1000, 0x0) 245.395277ms ago: executing program 3 (id=4726): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) 143.421162ms ago: executing program 0 (id=4727): r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) clock_adjtime(0x0, &(0x7f0000000040)={0x200d54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}) ioctl$TFD_IOC_SET_TICKS(r0, 0x40085400, &(0x7f0000000000)=0x9) 0s ago: executing program 3 (id=4728): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea629fb1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @local}]}, 0x2c}}, 0x0) kernel console output (not intermixed with test programs): .824719][T14682] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 463.849376][T14682] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 463.892327][T14849] bridge0: port 2(bridge_slave_1) entered blocking state [ 463.942228][T14849] bridge0: port 2(bridge_slave_1) entered disabled state [ 463.949726][T14849] bridge_slave_1: entered allmulticast mode [ 463.965038][T14997] program syz.5.3654 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 463.984779][T14849] bridge_slave_1: entered promiscuous mode [ 464.071770][T15000] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3656'. [ 464.187371][T14849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 464.238309][T14849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 464.434561][T15016] ALSA: mixer_oss: invalid OSS volume '' [ 464.490182][T14849] team0: Port device team_slave_0 added [ 464.503903][T15012] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3659'. [ 464.661679][T15020] netlink: 209840 bytes leftover after parsing attributes in process `syz.1.3665'. [ 464.697790][T14849] team0: Port device team_slave_1 added [ 464.824022][T14849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 464.840097][T14849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 464.885296][T14849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 465.060766][T14849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 465.067757][T14849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 465.109970][T14849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 465.237387][T14849] hsr_slave_0: entered promiscuous mode [ 465.258379][T14849] hsr_slave_1: entered promiscuous mode [ 465.279197][T14849] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 465.297158][T14849] Cannot create hsr debugfs directory [ 465.492617][T15039] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3674'. [ 465.531176][T15039] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3674'. [ 465.649294][T15029] loop1: detected capacity change from 0 to 32768 [ 465.674280][T15029] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.3669 (15029) [ 465.730168][T15029] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 465.759775][T15029] BTRFS info (device loop1): using sha256 (sha256-ni) checksum algorithm [ 465.768255][T15029] BTRFS info (device loop1): using free-space-tree [ 465.916451][T14682] 8021q: adding VLAN 0 to HW filter on device bond0 [ 465.950396][T14682] 8021q: adding VLAN 0 to HW filter on device team0 [ 465.981047][ T5244] Bluetooth: hci4: unexpected event for opcode 0x0c57 [ 466.160756][ T7111] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 466.200334][ T1283] bridge0: port 1(bridge_slave_0) entered blocking state [ 466.207622][ T1283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 466.247470][ T1283] bridge0: port 2(bridge_slave_1) entered blocking state [ 466.254727][ T1283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 466.340868][T15037] loop3: detected capacity change from 0 to 32768 [ 466.371272][T15037] XFS: ikeep mount option is deprecated. [ 466.444988][T15037] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 466.587976][T15037] XFS (loop3): Ending clean mount [ 466.620212][T15037] XFS (loop3): Quotacheck needed: Please wait. [ 466.830945][ T29] audit: type=1326 audit(1724333891.376:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15081 comm="syz.1.3680" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54f0f79e79 code=0x0 [ 466.864106][T15037] XFS (loop3): Quotacheck: Done. [ 466.920739][T14849] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 466.938666][T14849] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 466.992022][T14849] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 467.035362][T14849] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 467.152367][T14426] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 467.222361][ T5226] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 467.263446][T14682] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 467.427759][ T5226] usb 1-1: Using ep0 maxpacket: 32 [ 467.440808][ T5226] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 467.476796][ T5226] usb 1-1: config 0 has no interface number 0 [ 467.490964][ T5226] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 467.538414][ T5226] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 467.558980][ T5226] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 467.562021][T14849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 467.585203][ T5226] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.625468][ T5226] usb 1-1: config 0 descriptor?? [ 467.667523][T14849] 8021q: adding VLAN 0 to HW filter on device team0 [ 467.723201][ T1283] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.730497][ T1283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 467.815029][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.822323][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 467.847401][ T5290] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 468.052011][ T5290] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 468.090719][ T5290] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 468.118929][ T5290] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 468.138790][ T5290] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 468.186315][ T5290] usb 6-1: SerialNumber: syz [ 468.244542][ T5226] input: HID 28bd:0094 Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.1/0003:28BD:0094.003C/input/input51 [ 468.399315][ T5226] uclogic 0003:28BD:0094.003C: input,hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.0-1/input1 [ 468.400212][T14682] veth0_vlan: entered promiscuous mode [ 468.451545][ T5226] usb 1-1: USB disconnect, device number 27 [ 468.461978][ T5290] usb 6-1: 0:2 : does not exist [ 468.540067][T14682] veth1_vlan: entered promiscuous mode [ 468.565203][ T5290] usb 6-1: USB disconnect, device number 17 [ 468.691306][T15121] delete_channel: no stack [ 468.700096][T14682] veth0_macvtap: entered promiscuous mode [ 468.717657][T15119] delete_channel: no stack [ 468.743689][T14682] veth1_macvtap: entered promiscuous mode [ 468.767902][T15123] loop3: detected capacity change from 0 to 512 [ 468.787654][T14682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.803597][T14682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.815743][T14682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.826571][T15123] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 468.840078][T14682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.858233][T14682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.869940][T14682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.880674][T14682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.889989][T15123] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.3696: iget: bad i_size value: -67835469387268086 [ 468.891921][T14682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.915806][T14682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.928681][T14682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.943222][T14682] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 468.960593][T15123] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3696: couldn't read orphan inode 15 (err -117) [ 468.975547][T15123] EXT4-fs (loop3): mounted filesystem f7ff0000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 468.988281][T15123] ext2 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 469.010760][T14682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.055820][T14682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.078753][T14682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.090403][T15123] EXT4-fs error (device loop3): ext4_add_entry:2435: inode #2: comm syz.3.3696: Directory hole found for htree leaf block 0 [ 469.113004][T14682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.135778][T14682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.158545][T14682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.180366][T14682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.188939][T15131] loop5: detected capacity change from 0 to 1024 [ 469.198040][T14682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.215269][T15131] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 469.222902][T14682] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 469.253676][T15131] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869) [ 469.254682][T14426] EXT4-fs (loop3): unmounting filesystem f7ff0000-0000-0000-0000-000000000000. [ 469.273601][T15131] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 469.320900][T14682] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.351724][T14682] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.360477][T15131] EXT4-fs error (device loop5): ext4_ext_check_inode:520: inode #3: comm syz.5.3699: pblk 82 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 469.365204][T15131] EXT4-fs (loop5): no journal found [ 469.411500][T14682] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.440338][T14682] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.441605][T15131] EXT4-fs (loop5): can't get journal size [ 469.492365][T15131] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 469.572195][T14849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 469.608083][ T29] audit: type=1326 audit(1724333894.337:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15141 comm="syz.0.3704" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5e0ad79e79 code=0x0 [ 469.659492][ T7119] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 469.750014][ T5244] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 469.759842][ T5244] Bluetooth: hci4: Injecting HCI hardware error event [ 469.769474][ T5244] Bluetooth: hci4: hardware error 0x00 [ 469.907995][T14849] veth0_vlan: entered promiscuous mode [ 469.969707][T14849] veth1_vlan: entered promiscuous mode [ 470.007974][T15153] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.3708'. [ 470.084249][T14815] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 470.092120][T14815] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 470.159986][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 470.178405][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 470.230383][T14849] veth0_macvtap: entered promiscuous mode [ 470.294775][T14849] veth1_macvtap: entered promiscuous mode [ 470.353135][T14849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 470.379596][T14849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.409066][T14849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 470.468055][T14849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.498391][T14849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 470.519932][T14849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.530920][ T51] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 470.550688][T14849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 470.573247][T14849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.592362][T14849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 470.612635][T14849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.633234][T14849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 470.658058][T14849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.687015][T14849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 470.708277][ T51] usb 4-1: Using ep0 maxpacket: 8 [ 470.725012][T15165] netlink: 'syz.4.3532': attribute type 10 has an invalid length. [ 470.725494][ T51] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 470.788147][T14849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.810225][ T51] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 470.829749][T14849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.841402][ T51] usb 4-1: New USB device found, idVendor=054c, idProduct=0ce6, bcdDevice= 0.00 [ 470.858105][ T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.866517][T14849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.892503][T15171] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3717'. [ 470.906682][ T51] usb 4-1: config 0 descriptor?? [ 470.911903][T14849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.922926][T15171] openvswitch: netlink: Tunnel attr 8192 out of range max 16 [ 470.935532][T14849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.948064][T14849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.986398][T14849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 471.017122][T14849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 471.036871][T14849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 471.058215][T14849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 471.096775][T14849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 471.189506][T14849] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.211515][T14849] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.236008][T14849] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.253930][T15161] loop1: detected capacity change from 0 to 32768 [ 471.267275][T14849] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.298873][T15161] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.3713 (15161) [ 471.319296][ T51] hid (null): unknown global tag 0xe [ 471.350104][T15161] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 471.358270][ T51] playstation 0003:054C:0CE6.003D: unknown main item tag 0x0 [ 471.374074][T15161] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 471.390940][ T51] playstation 0003:054C:0CE6.003D: unknown global tag 0xe [ 471.398100][ T51] playstation 0003:054C:0CE6.003D: item 0 0 1 14 parsing failed [ 471.410091][T15161] BTRFS info (device loop1): using free-space-tree [ 471.433735][ T51] playstation 0003:054C:0CE6.003D: Parse failed [ 471.463795][ T51] playstation 0003:054C:0CE6.003D: probe with driver playstation failed with error -22 [ 471.532446][ T51] usb 4-1: USB disconnect, device number 28 [ 471.638416][T15194] loop5: detected capacity change from 0 to 1024 [ 471.656840][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 471.673249][T15198] loop0: detected capacity change from 0 to 256 [ 471.687532][ T5244] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 471.697429][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 471.744878][ T7111] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 471.766896][T14815] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 471.784870][T14815] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 471.967169][T14815] hfsplus: b-tree write err: -5, ino 4 [ 472.184602][T15202] sch_tbf: burst 4 is lower than device lo mtu (65550) ! [ 472.421585][T15211] syzkaller0: tun_chr_ioctl cmd 1074812117 [ 472.447153][T15207] syz.3.3727 (15207) used greatest stack depth: 18128 bytes left [ 472.578608][T15173] loop4: detected capacity change from 0 to 40427 [ 472.616722][T15216] CUSE: unknown device info "ju|:i|l [ 472.616722][T15216] D ^M`ESP2EQxy;vأ+:yGY2z& [ 472.616722][T15216] Z9,vu3~cY r(%o)jWe-7#"j-h0u}߻oLx-XzAT " [ 472.639553][T15217] loop2: detected capacity change from 0 to 2048 [ 472.647500][T15173] F2FS-fs (loop4): Small segment_count (9 < 1 * 24) [ 472.647533][T15173] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 472.680198][T15216] CUSE: DEVNAME unspecified [ 472.685610][ T5290] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 472.721426][T15173] F2FS-fs (loop4): Found nat_bits in checkpoint [ 472.744716][T15217] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 472.841576][T15173] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 472.856053][T15173] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 472.905614][ T5290] usb 6-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 472.926291][ T5290] usb 6-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 472.926570][T14849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 472.965540][ T5290] usb 6-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 472.987383][T15173] syz.4.3718: attempt to access beyond end of device [ 472.987383][T15173] loop4: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 473.001905][ T5290] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.033967][ T5290] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 473.113739][T15232] nftables ruleset with unbound set [ 473.143768][T14682] syz-executor: attempt to access beyond end of device [ 473.143768][T14682] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 473.168295][T14682] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 473.263928][ T5290] gspca_sn9c2028: read1 error -32 [ 473.282812][ T5290] gspca_sn9c2028: read1 error -32 [ 473.483423][ T5290] usb 6-1: USB disconnect, device number 18 [ 473.497513][T15238] loop2: detected capacity change from 0 to 2048 [ 473.566306][T15238] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 473.670471][T15219] loop3: detected capacity change from 0 to 32768 [ 473.688792][T15219] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3730 (15219) [ 473.722425][T15219] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 473.754498][T15219] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm [ 473.768588][T15219] BTRFS info (device loop3): using free-space-tree [ 473.795425][T14849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 474.198501][T14426] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 475.517482][ T4633] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 475.732063][ T4633] usb 4-1: Using ep0 maxpacket: 8 [ 475.755622][ T4633] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 475.776856][ T4633] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 475.788551][T15322] sp0: Synchronizing with TNC [ 475.806733][ T4633] usb 4-1: Product: syz [ 475.810960][ T4633] usb 4-1: Manufacturer: syz [ 475.815661][ T4633] usb 4-1: SerialNumber: syz [ 475.852202][ T4633] usb 4-1: config 0 descriptor?? [ 475.884296][ T4633] gspca_main: se401-2.14.0 probing 047d:5003 [ 476.278298][ T4633] gspca_se401: Wrong descriptor type [ 476.461064][T15309] loop4: detected capacity change from 0 to 32768 [ 476.510209][ T935] usb 4-1: USB disconnect, device number 29 [ 476.755207][T15337] program syz.2.3769 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 477.554624][T15353] loop4: detected capacity change from 0 to 512 [ 477.623141][T15353] ext4: Bad value for 'max_batch_time' [ 477.769155][T15353] loop4: detected capacity change from 0 to 512 [ 477.918823][T15353] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 477.971258][T15353] ext4 filesystem being mounted at /6/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 478.038526][T15335] loop5: detected capacity change from 0 to 40427 [ 478.074146][T15335] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 478.090109][ T29] audit: type=1800 audit(1724333903.456:358): pid=15353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3770" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 478.112085][T15335] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 478.142429][T15335] F2FS-fs (loop5): Found nat_bits in checkpoint [ 478.252490][T14682] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 478.284940][T15339] loop1: detected capacity change from 0 to 32768 [ 478.364202][T15335] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 478.399911][T15339] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 478.416608][T15335] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 478.541750][T15335] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 478.648590][T15335] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 478.726540][T15339] XFS (loop1): Ending clean mount [ 478.762086][T15394] loop3: detected capacity change from 0 to 1024 [ 478.772164][T15339] XFS (loop1): Quotacheck needed: Please wait. [ 478.789618][T15395] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3787'. [ 478.837596][T15395] netlink: 160 bytes leftover after parsing attributes in process `syz.4.3787'. [ 478.915892][ T79] hfsplus: b-tree write err: -5, ino 4 [ 478.940886][ T4633] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 479.052592][T15339] XFS (loop1): Quotacheck: Done. [ 479.190544][ T4633] usb 1-1: Using ep0 maxpacket: 32 [ 479.201335][ T4633] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 479.240331][ T4633] usb 1-1: New USB device found, idVendor=05ac, idProduct=0243, bcdDevice= 0.40 [ 479.250025][ T4633] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.283590][ T4633] usb 1-1: Product: syz [ 479.292428][ T4633] usb 1-1: Manufacturer: syz [ 479.297043][ T4633] usb 1-1: SerialNumber: syz [ 479.332489][ T4633] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input52 [ 479.386839][ T7111] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 479.563707][ T4658] bcm5974 1-1:1.0: could not read from device [ 479.595786][T15405] loop2: detected capacity change from 0 to 2048 [ 479.664799][T15405] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 479.674580][ T4633] usb 1-1: USB disconnect, device number 28 [ 480.285790][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.405852][T15401] loop4: detected capacity change from 0 to 40427 [ 480.445107][T15401] F2FS-fs (loop4): Invalid log blocks per segment (4278190089) [ 480.460187][T15401] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 480.477390][T15401] F2FS-fs (loop4): invalid crc value [ 480.492470][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.506611][T15401] F2FS-fs (loop4): Found nat_bits in checkpoint [ 480.597612][ T4633] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 480.699674][T15401] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 480.707433][T15401] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 480.736913][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.842680][ T4633] usb 6-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice=51.8f [ 480.895931][ T4633] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.907811][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.928587][ T4633] usb 6-1: Product: syz [ 480.951384][ T4633] usb 6-1: Manufacturer: syz [ 480.976879][ T4633] usb 6-1: SerialNumber: syz [ 481.019005][ T4633] usb 6-1: config 0 descriptor?? [ 481.064488][ T4633] as10x_usb: device has been detected [ 481.080994][ T4633] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 481.167083][ T4633] usb 6-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 481.296450][ T29] audit: type=1326 audit(1724333906.890:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15432 comm="syz.2.3806" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8766b79e79 code=0x0 [ 481.351093][ T5242] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 481.357349][ T4633] as10x_usb: error during firmware upload part1 [ 481.386187][ T5242] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 481.397643][ T5242] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 481.401770][ T4633] Registered device Elgato EyeTV DTT Deluxe [ 481.412432][ T11] bridge_slave_1: left allmulticast mode [ 481.429768][ T5242] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 481.436508][ T4633] usb 6-1: USB disconnect, device number 19 [ 481.448725][ T11] bridge_slave_1: left promiscuous mode [ 481.454552][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 481.467129][ T5242] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 481.475035][ T5242] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 481.505321][ T11] bridge_slave_0: left allmulticast mode [ 481.511328][ T11] bridge_slave_0: left promiscuous mode [ 481.517174][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 481.571145][ T4633] Unregistered device Elgato EyeTV DTT Deluxe [ 481.595640][ T4633] as10x_usb: device has been disconnected [ 482.183613][T15449] loop5: detected capacity change from 0 to 164 [ 482.545939][ T4633] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 482.615487][T15464] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3818'. [ 482.628055][T15464] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3818'. [ 482.732617][ T1256] ieee802154 phy0 wpan0: encryption failed: -22 [ 482.739008][ T1256] ieee802154 phy1 wpan1: encryption failed: -22 [ 482.788767][ T4633] usb 5-1: config 0 has no interfaces? [ 482.794316][ T4633] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 482.808502][ T4633] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.836961][ T4633] usb 5-1: config 0 descriptor?? [ 482.947730][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 482.965995][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 482.983620][ T11] bond0 (unregistering): Released all slaves [ 482.998086][T15439] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3807'. [ 483.008579][T15439] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3807'. [ 483.024996][T15439] macsec2: entered allmulticast mode [ 483.065405][ T5290] usb 5-1: USB disconnect, device number 17 [ 483.382412][T15477] loop1: detected capacity change from 0 to 128 [ 483.395953][ T5244] Bluetooth: hci3: command tx timeout [ 483.456473][T15477] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 483.491632][T15477] ext4 filesystem being mounted at /479/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 483.698390][ T7111] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 483.757148][ T51] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 483.864937][T15490] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 483.896389][T15494] netlink: 260 bytes leftover after parsing attributes in process `syz.1.3829'. [ 483.928834][ T11] hsr_slave_0: left promiscuous mode [ 483.953204][ T11] hsr_slave_1: left promiscuous mode [ 483.962372][ T51] usb 1-1: Using ep0 maxpacket: 16 [ 483.974191][ T51] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice=93.b9 [ 483.991017][ T51] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.005864][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 484.022898][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 484.030255][ T51] usb 1-1: Product: syz [ 484.036850][ T51] usb 1-1: Manufacturer: syz [ 484.041475][ T51] usb 1-1: SerialNumber: syz [ 484.052740][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 484.061681][ T51] usb 1-1: config 0 descriptor?? [ 484.070358][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 484.170999][ T11] veth1_macvtap: left promiscuous mode [ 484.184217][ T11] veth0_macvtap: left promiscuous mode [ 484.192901][ T11] veth1_vlan: left promiscuous mode [ 484.203886][ T11] veth0_vlan: left promiscuous mode [ 484.264464][T15505] loop4: detected capacity change from 0 to 64 [ 484.301546][ T51] speedtch 1-1:0.0: speedtch_bind: wrong device class 141 [ 484.340264][ T51] speedtch 1-1:0.0: usbatm_usb_probe: bind failed: -19! [ 484.537085][T15481] loop0: detected capacity change from 0 to 64 [ 484.572028][T15481] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 484.598881][T15511] loop4: detected capacity change from 0 to 1024 [ 484.607466][T15481] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 484.632511][ T5290] usb 1-1: USB disconnect, device number 29 [ 484.707440][ T35] hfsplus: b-tree write err: -5, ino 4 [ 485.332054][ T5244] Bluetooth: hci3: command tx timeout [ 485.565434][ T11] team0 (unregistering): Port device team_slave_1 removed [ 485.713651][ T11] team0 (unregistering): Port device team_slave_0 removed [ 486.232414][T15534] loop4: detected capacity change from 0 to 32768 [ 486.331488][T15534] ERROR: (device loop4): dbAlloc: the hint is outside the map [ 486.331488][T15534] [ 486.362313][T15534] ERROR: (device loop4): remounting filesystem as read-only [ 486.411124][T15535] ERROR: (device loop4): dbAlloc: the hint is outside the map [ 486.411124][T15535] [ 486.487981][ T110] blkno = 5002c, nblocks = 1 [ 486.492623][ T110] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map [ 486.492623][ T110] [ 486.706813][T15527] pimreg: entered allmulticast mode [ 486.741618][T15531] pimreg: left allmulticast mode [ 486.914889][T15539] loop2: detected capacity change from 0 to 1024 [ 487.211196][T15546] netlink: 148 bytes leftover after parsing attributes in process `syz.5.3852'. [ 487.213203][T15434] chnl_net:caif_netlink_parms(): no params data found [ 487.271591][ T5244] Bluetooth: hci3: command tx timeout [ 487.292051][T15547] loop1: detected capacity change from 0 to 64 [ 487.647641][T15558] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3856'. [ 487.669116][T15563] loop2: detected capacity change from 0 to 1024 [ 487.678856][T15434] bridge0: port 1(bridge_slave_0) entered blocking state [ 487.711336][T15434] bridge0: port 1(bridge_slave_0) entered disabled state [ 487.736309][T15434] bridge_slave_0: entered allmulticast mode [ 487.750970][T15434] bridge_slave_0: entered promiscuous mode [ 487.769554][T15434] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.793857][T15434] bridge0: port 2(bridge_slave_1) entered disabled state [ 487.824443][T15434] bridge_slave_1: entered allmulticast mode [ 487.841106][T15434] bridge_slave_1: entered promiscuous mode [ 487.983607][T15434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 488.029124][T15434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 488.239225][T15576] netlink: 'syz.5.3865': attribute type 1 has an invalid length. [ 488.258703][T15576] netlink: 9344 bytes leftover after parsing attributes in process `syz.5.3865'. [ 488.278213][T15434] team0: Port device team_slave_0 added [ 488.320221][T15434] team0: Port device team_slave_1 added [ 488.604245][T15434] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 488.627986][T15434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 488.695956][T15434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 488.970785][T15434] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 488.979470][T15566] loop1: detected capacity change from 0 to 32768 [ 489.007423][T15434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 489.086156][T15434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 489.090065][T15566] non-latin1 character 0x163 found in JFS file name [ 489.118742][T15566] mount with iocharset=utf8 to access [ 489.209794][ T5244] Bluetooth: hci3: command tx timeout [ 489.407806][T15434] hsr_slave_0: entered promiscuous mode [ 489.452791][T15434] hsr_slave_1: entered promiscuous mode [ 489.480314][T15434] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 489.498821][T15434] Cannot create hsr debugfs directory [ 489.502569][T15612] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3883'. [ 489.518660][T15612] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3883'. [ 489.756672][T15621] loop0: detected capacity change from 0 to 512 [ 489.790107][T15622] loop2: detected capacity change from 0 to 1024 [ 489.798494][T15621] EXT4-fs: Ignoring removed oldalloc option [ 489.804808][T15621] EXT4-fs: Ignoring removed oldalloc option [ 489.857801][T15621] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 489.927109][T15621] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #16: comm syz.0.3888: invalid indirect mapped block 83886080 (level 1) [ 489.931158][T15622] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 489.968366][T15621] EXT4-fs (loop0): Remounting filesystem read-only [ 489.976125][T15621] EXT4-fs (loop0): 1 orphan inode deleted [ 489.984468][T15621] EXT4-fs (loop0): 1 truncate cleaned up [ 489.999109][T15621] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 490.137497][T14849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 490.220467][ T5222] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 490.282731][T15632] loop1: detected capacity change from 0 to 8 [ 490.306641][T15632] SQUASHFS error: lzo decompression failed, data probably corrupt [ 490.333158][T15634] loop2: detected capacity change from 0 to 256 [ 490.347259][T15632] SQUASHFS error: Failed to read block 0x91: -5 [ 490.353547][T15632] SQUASHFS error: Unable to read metadata cache entry [8f] [ 490.412270][T15632] SQUASHFS error: Unable to read inode 0x11f [ 491.094927][T15656] loop4: detected capacity change from 0 to 512 [ 491.127505][T15656] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.3902: bg 0: block 5: invalid block bitmap [ 491.144726][T15650] bridge0: port 1(bridge_slave_0) entered disabled state [ 491.178869][T15656] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 491.232584][T15656] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.3902: attempt to clear invalid blocks 9508352 len 1 [ 491.255272][T15656] EXT4-fs (loop4): 1 orphan inode deleted [ 491.280916][T15656] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 491.321401][T15659] loop2: detected capacity change from 0 to 256 [ 491.402095][T15659] FAT-fs (loop2): Directory bread(block 64) failed [ 491.419016][T15659] FAT-fs (loop2): Directory bread(block 65) failed [ 491.436513][T15659] FAT-fs (loop2): Directory bread(block 66) failed [ 491.458829][T15659] FAT-fs (loop2): Directory bread(block 67) failed [ 491.501070][T15434] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 491.508241][T15659] FAT-fs (loop2): Directory bread(block 68) failed [ 491.522945][T14682] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 491.532552][T15659] FAT-fs (loop2): Directory bread(block 69) failed [ 491.539253][T15659] FAT-fs (loop2): Directory bread(block 70) failed [ 491.570442][T15434] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 491.600212][T15659] FAT-fs (loop2): Directory bread(block 71) failed [ 491.614884][T15659] FAT-fs (loop2): Directory bread(block 72) failed [ 491.631283][T15659] FAT-fs (loop2): Directory bread(block 73) failed [ 491.652797][T15434] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 491.685515][T15434] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 491.744372][T15666] loop1: detected capacity change from 0 to 512 [ 491.768811][T15666] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.3907: bad orphan inode 15 [ 491.804696][T15666] ext4_test_bit(bit=14, block=5) = 0 [ 491.856592][T15666] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 491.908372][T15673] program syz.5.3909 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 491.942407][T15666] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters [ 491.972893][T15666] EXT4-fs error (device loop1): ext4_free_inode:355: comm syz.1.3907: bit already cleared for inode 13 [ 492.012186][T15675] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 492.149524][ T7111] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 492.153336][T15434] 8021q: adding VLAN 0 to HW filter on device bond0 [ 492.299970][T15434] 8021q: adding VLAN 0 to HW filter on device team0 [ 492.351903][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 492.359119][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 492.466586][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 492.473897][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 492.671894][T15661] loop0: detected capacity change from 0 to 32768 [ 492.749882][T15685] netlink: 'syz.1.3916': attribute type 1 has an invalid length. [ 492.789269][T15685] netlink: 'syz.1.3916': attribute type 2 has an invalid length. [ 492.815125][T15685] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3916'. [ 493.588792][T15434] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 493.827856][T15434] veth0_vlan: entered promiscuous mode [ 493.891190][T15434] veth1_vlan: entered promiscuous mode [ 494.067293][T15434] veth0_macvtap: entered promiscuous mode [ 494.115997][T15434] veth1_macvtap: entered promiscuous mode [ 494.239876][T15434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.286359][T15434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.336155][T15434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.364003][T15434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.392455][T15434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.429819][T15434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.459389][T15434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.485178][T15434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.514370][T15434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.567773][T15434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.607489][T15434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.636547][T15434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.649407][T15434] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 494.737190][T15434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.767612][T15434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.792978][T15434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.821884][T15434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.839360][T15434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.861605][T15434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.886154][T15434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.915125][T15434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.942242][T15434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.980534][T15434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.030316][T15434] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 495.088115][T15434] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.137927][T15434] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.146781][T15434] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.181878][T15434] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.309133][T15717] loop2: detected capacity change from 0 to 32768 [ 495.337529][T15717] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3927 (15717) [ 495.389525][T15717] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 495.451177][T15717] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 495.505629][T15717] BTRFS info (device loop2): using free-space-tree [ 495.570852][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 495.591463][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 495.799537][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 495.815541][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 495.896235][T15725] loop1: detected capacity change from 0 to 32768 [ 495.959100][T15753] loop0: detected capacity change from 0 to 1024 [ 496.094800][T15755] loop3: detected capacity change from 0 to 128 [ 496.100790][T15734] loop5: detected capacity change from 0 to 32768 [ 496.183600][T14849] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 496.273300][ T29] audit: type=1800 audit(1724333922.951:360): pid=15755 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3797" name="bus" dev="loop3" ino=1048877 res=0 errno=0 [ 496.360861][ T29] audit: type=1804 audit(1724333923.015:361): pid=15755 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3797" name="/newroot/0/file1/bus" dev="loop3" ino=1048877 res=1 errno=0 [ 496.660544][T15736] loop4: detected capacity change from 0 to 32768 [ 497.182018][T15772] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3944'. [ 497.713632][T15782] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3948'. [ 497.818072][T15786] loop0: detected capacity change from 0 to 16 [ 497.884372][T15786] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 498.216061][T15805] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3959'. [ 498.259906][T15801] loop0: detected capacity change from 0 to 2048 [ 498.304204][T15801] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 498.363887][T15808] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 499.272814][T15834] netlink: 'syz.5.3973': attribute type 10 has an invalid length. [ 499.318469][T15834] netlink: 55 bytes leftover after parsing attributes in process `syz.5.3973'. [ 499.345847][T15836] sctp: [Deprecated]: syz.3.3974 (pid 15836) Use of int in maxseg socket option. [ 499.345847][T15836] Use struct sctp_assoc_value instead [ 499.346997][T15838] netlink: 148 bytes leftover after parsing attributes in process `syz.0.3975'. [ 499.441121][T15838] netlink: 'syz.0.3975': attribute type 2 has an invalid length. [ 499.468190][T15800] loop4: detected capacity change from 0 to 32768 [ 499.501024][T15838] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3975'. [ 499.634122][T15800] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 499.703590][T15849] serio: Serial port ttynull [ 499.792019][T15856] loop0: detected capacity change from 0 to 512 [ 499.817962][T15800] XFS (loop4): Ending clean mount [ 499.858910][T15856] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 500.028877][T15856] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.3980: bg 0: block 425: padding at end of block bitmap is not set [ 500.058183][T15866] loop2: detected capacity change from 0 to 256 [ 500.080831][T14682] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 500.115430][T15856] EXT4-fs (loop0): Remounting filesystem read-only [ 500.128401][T15866] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xc7ed6b72, utbl_chksum : 0xe619d30d) [ 500.817996][ T5222] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 500.821534][T15879] loop4: detected capacity change from 0 to 64 [ 501.037907][T15883] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.3992'. [ 501.083547][T15884] overlayfs: workdir and upperdir must reside under the same mount [ 501.116897][T15881] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.3992'. [ 501.362475][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.614085][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.856375][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.184250][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.483418][ T11] bridge_slave_1: left allmulticast mode [ 502.489148][ T11] bridge_slave_1: left promiscuous mode [ 502.502559][T15905] netlink: 'syz.2.4003': attribute type 3 has an invalid length. [ 502.510747][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.518154][T15905] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.4003'. [ 502.522491][ T5242] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 502.545182][ T5242] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 502.555334][ T5242] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 502.585863][ T11] bridge_slave_0: left allmulticast mode [ 502.591601][ T11] bridge_slave_0: left promiscuous mode [ 502.598009][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.614195][ T5242] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 502.633646][ T5242] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 502.643767][ T5242] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 502.878948][T15912] loop5: detected capacity change from 0 to 4096 [ 502.950301][T15920] loop3: detected capacity change from 0 to 512 [ 502.989701][T15920] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 503.071517][T15920] EXT4-fs (loop3): 1 truncate cleaned up [ 503.084946][T15912] overlayfs: upper fs does not support tmpfile. [ 503.108040][T15920] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 503.133234][T15912] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 503.158022][T15912] overlayfs: conflicting lowerdir path [ 503.336911][T15434] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 503.697169][ T5337] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 503.817960][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 503.851250][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 503.870318][ T11] bond0 (unregistering): Released all slaves [ 503.893984][ T11] bond1 (unregistering): Released all slaves [ 503.900889][ T5337] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 503.920952][ T5337] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 503.936798][ T5337] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.955640][ T5337] usb 6-1: config 0 descriptor?? [ 504.055378][ T11] tipc: Left network mode [ 504.275764][ T11] IPVS: stopping master sync thread 14195 ... [ 504.409025][ T5337] keytouch 0003:0926:3333.003E: fixing up Keytouch IEC report descriptor [ 504.442928][ T5337] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.003E/input/input53 [ 504.569380][T15956] loop1: detected capacity change from 0 to 64 [ 504.569839][ T5242] Bluetooth: hci0: command tx timeout [ 504.608019][ T5226] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 504.624996][ T5337] keytouch 0003:0926:3333.003E: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0 [ 504.802616][ T5226] usb 5-1: Using ep0 maxpacket: 8 [ 504.824566][ T5226] usb 5-1: config 0 has no interfaces? [ 504.880194][ T5226] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 504.897281][ T5226] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.925799][ T9] usb 6-1: USB disconnect, device number 20 [ 504.926985][ T5226] usb 5-1: Product: syz [ 504.951759][ T5226] usb 5-1: Manufacturer: syz [ 504.956657][ T5226] usb 5-1: SerialNumber: syz [ 504.966084][ T5226] usb 5-1: config 0 descriptor?? [ 504.976077][ T11] hsr_slave_0: left promiscuous mode [ 505.004732][ T11] hsr_slave_1: left promiscuous mode [ 505.051540][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 505.071881][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 505.082852][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 505.090285][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 505.131087][ T11] batadv0: left allmulticast mode [ 505.136368][ T11] batadv0: left promiscuous mode [ 505.143537][ T11] veth1_macvtap: left promiscuous mode [ 505.150332][ T11] veth0_macvtap: left promiscuous mode [ 505.156059][ T11] veth1_vlan: left promiscuous mode [ 505.161564][ T11] veth0_vlan: left promiscuous mode [ 505.175944][ T5226] usb 5-1: USB disconnect, device number 18 [ 506.148619][T15992] loop4: detected capacity change from 0 to 2048 [ 506.244354][T15992] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.4040: bad orphan inode 8192 [ 506.276061][T15992] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 506.447931][ T11] team0 (unregistering): Port device team_slave_1 removed [ 506.484968][T14682] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 506.509480][ T5242] Bluetooth: hci0: command tx timeout [ 506.566839][ T11] team0 (unregistering): Port device team_slave_0 removed [ 506.810872][T15999] loop4: detected capacity change from 0 to 4096 [ 507.147187][T16004] loop4: detected capacity change from 0 to 64 [ 507.609062][ T935] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 507.783917][T15974] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4032'. [ 507.810911][ T935] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 507.834603][ T935] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 507.880105][ T935] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 507.899465][ T935] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 507.942862][ T935] usb 5-1: SerialNumber: syz [ 508.115225][T16020] dccp_invalid_packet: P.Data Offset(68) too large [ 508.124899][T16018] loop5: detected capacity change from 0 to 1024 [ 508.170955][ T935] usb 5-1: 0:2 : does not exist [ 508.238957][ T935] usb 5-1: USB disconnect, device number 19 [ 508.386694][T15903] chnl_net:caif_netlink_parms(): no params data found [ 508.447950][ T5242] Bluetooth: hci0: command tx timeout [ 508.687663][T15972] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 508.714832][T15972] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 509.338909][T16026] loop2: detected capacity change from 0 to 32768 [ 509.414088][ T11] IPVS: stop unused estimator thread 0... [ 509.441229][T16026] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 509.625998][T16051] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4056'. [ 509.626146][T15972] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 509.640249][T16051] bond0: Removing last arp target with arp_interval on [ 509.668502][T16026] XFS (loop2): Ending clean mount [ 509.678502][T15972] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 509.814078][T15903] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.860531][T15972] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 509.864511][T15903] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.873977][T15972] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 509.901618][T14849] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 509.938469][T15903] bridge_slave_0: entered allmulticast mode [ 509.961307][T16032] loop3: detected capacity change from 0 to 32768 [ 509.972355][T15903] bridge_slave_0: entered promiscuous mode [ 510.066097][T16032] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 510.296776][T15903] bridge0: port 2(bridge_slave_1) entered blocking state [ 510.331528][T15903] bridge0: port 2(bridge_slave_1) entered disabled state [ 510.339104][T15903] bridge_slave_1: entered allmulticast mode [ 510.386167][ T5242] Bluetooth: hci0: command tx timeout [ 510.413787][T16032] XFS (loop3): Ending clean mount [ 510.431657][T15903] bridge_slave_1: entered promiscuous mode [ 510.542963][T16045] loop4: detected capacity change from 0 to 32768 [ 510.589747][T16045] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4054 (16045) [ 510.627657][T15434] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 510.652057][T16045] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 510.662870][T16045] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 510.671528][T16045] BTRFS info (device loop4): using free-space-tree [ 510.731192][T15972] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 510.737321][T15972] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 510.835460][T15903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 510.879631][T15903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 511.025599][T16105] loop5: detected capacity change from 0 to 4096 [ 511.047491][T16105] ntfs3: loop5: Different NTFS sector size (4096) and media sector size (512). [ 511.146379][T14682] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 511.179574][T15972] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 511.185554][T15972] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 511.194823][T16105] ntfs3: loop5: failed to convert "c46c" to cp775 [ 511.229522][T15903] team0: Port device team_slave_0 added [ 511.239344][T15903] team0: Port device team_slave_1 added [ 511.361146][ T935] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 511.410975][T15903] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 511.419383][T15903] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 511.467455][T15903] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 511.500687][T15903] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 511.522128][T15903] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 511.583375][ T935] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 511.643874][ T935] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 511.658801][T15903] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 511.709107][ T935] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 511.750843][ T935] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.797886][T16109] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 511.853362][ T935] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 512.069587][T15903] hsr_slave_0: entered promiscuous mode [ 512.097331][T16131] vxcan1: tx address claim with dlc 1 [ 512.107700][ T4633] usb 3-1: USB disconnect, device number 21 [ 512.114512][T15903] hsr_slave_1: entered promiscuous mode [ 512.229348][T15903] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 512.250600][T15903] Cannot create hsr debugfs directory [ 512.657967][T16145] loop5: detected capacity change from 0 to 128 [ 512.700768][T16121] loop1: detected capacity change from 0 to 32768 [ 512.773027][T16145] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 512.821222][T16121] jfs_lookup: dtSearch returned -5 [ 512.859973][T16145] ext4 filesystem being mounted at /651/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 513.084949][T16161] loop4: detected capacity change from 0 to 64 [ 513.117132][ T7119] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 513.170152][T16165] Process accounting resumed [ 513.226775][T16161] hfs: request for non-existent node 237 in B*Tree [ 513.256928][T16161] hfs: request for non-existent node 237 in B*Tree [ 513.282773][T16161] hfs: request for non-existent node 237 in B*Tree [ 513.304396][T16161] hfs: request for non-existent node 237 in B*Tree [ 513.319170][T16161] hfs: request for non-existent node 237 in B*Tree [ 513.337576][T16161] hfs: request for non-existent node 237 in B*Tree [ 513.432576][T16168] hfs: request for non-existent node 237 in B*Tree [ 513.455545][T16168] hfs: request for non-existent node 237 in B*Tree [ 513.728364][T16188] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4084'. [ 514.231535][T15903] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 514.305083][T15903] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 514.352044][T15903] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 514.425559][T15903] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 514.431114][ T29] audit: type=1326 audit(1724333942.446:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16199 comm="syz.3.4089" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9aa1d79e79 code=0x0 [ 514.440732][T16205] program syz.2.4090 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 514.935693][T15903] 8021q: adding VLAN 0 to HW filter on device bond0 [ 515.026758][T15903] 8021q: adding VLAN 0 to HW filter on device team0 [ 515.055452][T16225] loop1: detected capacity change from 0 to 512 [ 515.057624][T16226] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4096'. [ 515.094035][T16225] EXT4-fs: Ignoring removed nobh option [ 515.125227][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 515.132452][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 515.134170][T16225] fscrypt (loop1, inode 2): Error -61 getting encryption context [ 515.176123][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 515.183361][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 515.193069][T16225] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -61 [ 515.233323][T16225] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #13: comm syz.1.4097: casefold flag without casefold feature [ 515.298165][T16225] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.4097: couldn't read orphan inode 13 (err -117) [ 515.349646][T16240] loop3: detected capacity change from 0 to 128 [ 515.358360][T16225] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 515.411347][T16240] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 515.496814][T16244] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4103'. [ 515.530849][T16240] UDF-fs: error (device loop3): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 515.652081][ T5226] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 515.702601][ T7111] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 515.754067][T16242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 515.847876][ T5226] usb 6-1: Using ep0 maxpacket: 8 [ 515.905159][ T5226] usb 6-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=56.a0 [ 515.922370][ T5226] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.930418][ T5226] usb 6-1: Product: syz [ 515.935413][ T5226] usb 6-1: Manufacturer: syz [ 515.940515][ T5226] usb 6-1: SerialNumber: syz [ 515.951695][ T5226] usb 6-1: config 0 descriptor?? [ 515.990694][T16261] Process accounting resumed [ 516.135942][T16265] loop4: detected capacity change from 0 to 128 [ 516.202159][T16265] EXT4-fs (loop4): Test dummy encryption mode enabled [ 516.242276][T16265] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 516.265941][ T5226] kaweth 6-1:0.0: Firmware present in device. [ 516.275583][T16265] ext4 filesystem being mounted at /73/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 516.282993][ T5226] kaweth 6-1:0.0: Error reading configuration (-71), no net device created [ 516.327563][ T5226] kaweth 6-1:0.0: probe with driver kaweth failed with error -5 [ 516.366913][ T5226] usb 6-1: USB disconnect, device number 21 [ 516.545484][T15903] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 516.691213][T14682] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 516.844235][T15903] veth0_vlan: entered promiscuous mode [ 517.106039][T15903] veth1_vlan: entered promiscuous mode [ 517.399419][T15903] veth0_macvtap: entered promiscuous mode [ 517.414214][T16315] loop3: detected capacity change from 0 to 256 [ 517.446404][T15903] veth1_macvtap: entered promiscuous mode [ 517.519696][T15903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 517.551234][T16308] loop2: detected capacity change from 0 to 4096 [ 517.555919][T15903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.570081][T15903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 517.582373][T15903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.598496][T15903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 517.623004][T15903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.642403][T15903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 517.656697][T15903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.678186][T15903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 517.690316][T15903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.702515][T15903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 517.722882][T15903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.736136][T16321] loop5: detected capacity change from 0 to 2048 [ 517.754082][T15903] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 517.771225][T15903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 517.798100][T16321] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 517.801433][T15903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.821588][T16308] overlayfs: upper fs does not support tmpfile. [ 517.828363][T15903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 517.847538][T16308] overlayfs: workdir/#c already exists [ 517.852611][T15903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.873886][T16323] loop3: detected capacity change from 0 to 512 [ 517.879466][T15903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 517.892533][T16323] EXT4-fs: Ignoring removed i_version option [ 517.902259][T15903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.909398][T16323] EXT4-fs: Ignoring removed nobh option [ 517.925044][T15903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 517.945115][T16323] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 517.951840][T15903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.965689][T15903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 517.970495][T16323] EXT4-fs (loop3): 1 truncate cleaned up [ 517.976509][T15903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.979245][T15903] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 517.990886][T16323] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 518.081924][T15434] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 518.268049][T15903] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 518.285625][T15903] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 518.304341][T15903] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 518.326445][T15903] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 518.636938][T16341] pimreg: entered allmulticast mode [ 518.666712][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 518.676042][T16340] pimreg: left allmulticast mode [ 518.685300][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 518.871172][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 518.892449][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.686301][T16372] loop1: detected capacity change from 0 to 4096 [ 520.052892][ T29] audit: type=1326 audit(1724333948.486:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16389 comm="syz.5.4159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d01979e79 code=0x7ffc0000 [ 520.141750][ T29] audit: type=1800 audit(1724333948.508:364): pid=16372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4150" name="bus" dev="loop1" ino=33 res=0 errno=0 [ 520.222493][ T29] audit: type=1326 audit(1724333948.508:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16389 comm="syz.5.4159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d01979e79 code=0x7ffc0000 [ 520.280006][T16364] loop0: detected capacity change from 0 to 32768 [ 520.301039][ T29] audit: type=1326 audit(1724333948.550:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16389 comm="syz.5.4159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d01979e79 code=0x7ffc0000 [ 520.323778][T16364] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.3995 (16364) [ 520.360638][T16364] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 520.395774][ T29] audit: type=1326 audit(1724333948.550:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16389 comm="syz.5.4159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d01979e79 code=0x7ffc0000 [ 520.420748][T16364] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 520.431075][T16398] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 520.489347][T16364] BTRFS info (device loop0): using free-space-tree [ 520.520062][ T29] audit: type=1326 audit(1724333948.561:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16389 comm="syz.5.4159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d01979e79 code=0x7ffc0000 [ 520.588973][ T29] audit: type=1326 audit(1724333948.604:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16389 comm="syz.5.4159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d01979e79 code=0x7ffc0000 [ 520.692765][ T29] audit: type=1326 audit(1724333948.604:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16389 comm="syz.5.4159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0d01970e27 code=0x7ffc0000 [ 520.796771][ T29] audit: type=1326 audit(1724333948.604:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16389 comm="syz.5.4159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0d019157e9 code=0x7ffc0000 [ 520.797118][T16423] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 520.833645][ T29] audit: type=1326 audit(1724333948.604:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16389 comm="syz.5.4159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0d01970e27 code=0x7ffc0000 [ 521.088716][T16434] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.4171'. [ 521.137950][T16434] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 521.262359][T15903] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 521.454831][T16442] loop5: detected capacity change from 0 to 2048 [ 521.471413][T16445] loop1: detected capacity change from 0 to 164 [ 521.568074][T16448] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 521.698149][T16450] NILFS error (device loop5): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 521.722139][T16408] loop4: detected capacity change from 0 to 32768 [ 521.776466][T16453] loop2: detected capacity change from 0 to 2048 [ 521.811249][T16453] EXT4-fs: Ignoring removed bh option [ 521.821013][T16450] Remounting filesystem read-only [ 521.851802][T16450] NILFS error (device loop5): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 521.985063][T16453] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 522.073020][ T7119] NILFS (loop5): discard dirty page: offset=0, ino=6 [ 522.113385][ T7119] NILFS (loop5): discard dirty block: blocknr=35, size=1024 [ 522.139161][ T7119] NILFS (loop5): discard dirty block: blocknr=36, size=1024 [ 522.158585][ T4633] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 522.169585][ T7119] NILFS (loop5): discard dirty block: blocknr=37, size=1024 [ 522.194569][ T7119] NILFS (loop5): discard dirty block: blocknr=38, size=1024 [ 522.234781][ T7119] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 522.251464][ T7119] NILFS (loop5): discard dirty block: blocknr=39, size=1024 [ 522.288509][ T7119] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 522.297462][ T7119] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 522.333125][ T7119] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 522.352190][T14849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 522.362498][ T4633] usb 2-1: Using ep0 maxpacket: 8 [ 522.375258][ T4633] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 522.389270][ T4633] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 522.407539][ T4633] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 522.458414][T16470] loop3: detected capacity change from 0 to 1024 [ 522.470301][ T4633] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 522.480146][T16470] EXT4-fs: Ignoring removed orlov option [ 522.493664][ T4633] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.501876][ T4633] usb 2-1: Product: syz [ 522.507540][T16470] EXT4-fs: Ignoring removed nomblk_io_submit option [ 522.532407][ T4633] usb 2-1: Manufacturer: syz [ 522.546253][ T4633] usb 2-1: SerialNumber: syz [ 522.557674][T16470] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 522.913401][T16490] loop2: detected capacity change from 0 to 512 [ 522.948124][T16490] EXT4-fs: Ignoring removed oldalloc option [ 522.967323][T16490] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 522.983440][T16490] EXT4-fs (loop2): 1 truncate cleaned up [ 522.994282][T16490] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 523.075012][T14849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 523.173838][T15434] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 523.239919][ T4633] usb 2-1: 0:2 : does not exist [ 523.438653][ T4633] usb 2-1: USB disconnect, device number 21 [ 524.067111][T16524] macsec2: entered promiscuous mode [ 524.073381][T16524] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode [ 524.082586][T16524] macsec2: entered allmulticast mode [ 524.088038][T16524] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode [ 524.111253][T16524] mac80211_hwsim hwsim16 wlan0: left allmulticast mode [ 524.122522][T16524] mac80211_hwsim hwsim16 wlan0: left promiscuous mode [ 524.185002][T16523] mkiss: ax0: crc mode is auto. [ 524.237928][ T935] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 524.431787][ T935] usb 1-1: Using ep0 maxpacket: 32 [ 524.448649][ T935] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 524.488619][ T935] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 524.525251][ T935] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 524.556852][ T935] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 524.586246][ T935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.620310][ T935] usb 1-1: config 0 descriptor?? [ 524.644321][T16520] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 524.688691][ T935] hub 1-1:0.0: USB hub found [ 524.891890][ T935] hub 1-1:0.0: 2 ports detected [ 525.086982][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 525.105193][ T935] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 525.130941][ T935] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 525.197953][ T935] usbhid 1-1:0.0: can't add hid device: -71 [ 525.214145][ T935] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 525.267716][ T935] usb 1-1: USB disconnect, device number 30 [ 525.709613][T16534] loop1: detected capacity change from 0 to 32768 [ 525.812355][T16534] XFS (loop1): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 525.839734][T16571] tun0: tun_chr_ioctl cmd 1074025675 [ 525.845129][T16571] tun0: persist disabled [ 525.882536][T16546] loop2: detected capacity change from 0 to 32768 [ 525.953234][T16546] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 526.024418][T16534] XFS (loop1): Ending clean mount [ 526.210900][T16546] XFS (loop2): Ending clean mount [ 526.216955][ T7111] XFS (loop1): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 526.244448][T16546] XFS (loop2): Quotacheck needed: Please wait. [ 526.316117][T16592] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 526.344122][T16594] loop3: detected capacity change from 0 to 8 [ 526.362209][T16592] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 526.445265][T16546] XFS (loop2): Quotacheck: Done. [ 526.454981][T16594] SQUASHFS error: Failed to read block 0x2d7: -5 [ 526.495545][T16594] SQUASHFS error: Unable to read metadata cache entry [2d5] [ 526.800172][T14849] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 527.502129][T16613] loop0: detected capacity change from 0 to 4096 [ 527.547498][T16613] ntfs3: loop0: ino=3, Correct links count -> 2. [ 528.105796][T16637] loop0: detected capacity change from 0 to 164 [ 528.154174][T16637] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 528.199258][T16637] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 528.295350][T16632] loop5: detected capacity change from 0 to 4096 [ 528.369506][T16632] ntfs3: loop5: Different NTFS sector size (4096) and media sector size (512). [ 528.473105][T16643] wg1: entered promiscuous mode [ 528.498607][T16632] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 528.523233][T16645] option changes via remount are deprecated (pid=16644 comm=syz.0.4257) [ 528.545024][T16632] ntfs3: loop5: Failed to load $MFT (-22). [ 528.725008][T16615] loop3: detected capacity change from 0 to 40427 [ 528.835267][T16615] F2FS-fs (loop3): Found nat_bits in checkpoint [ 529.072865][ T9] kernel write not supported for file /uhid (pid: 9 comm: kworker/0:1) [ 529.081628][T16615] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 529.113226][T16660] loop1: detected capacity change from 0 to 4096 [ 529.167662][T16660] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 529.284964][T16660] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 529.406593][T16671] loop0: detected capacity change from 0 to 2048 [ 529.424778][T15434] syz-executor: attempt to access beyond end of device [ 529.424778][T15434] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 529.475675][T15434] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 529.482635][T15434] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 529.553975][ T35] ntfs3: loop1: ino=5, ntfs3_write_inode failed, -22. [ 529.655489][T16671] loop0: detected capacity change from 0 to 256 [ 529.688801][ T935] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 529.892484][ T935] usb 3-1: config 0 has no interfaces? [ 529.901449][ T935] usb 3-1: New USB device found, idVendor=eb1a, idProduct=e350, bcdDevice=f8.fa [ 529.926557][T16686] loop5: detected capacity change from 0 to 2048 [ 529.931306][ T935] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 529.972889][ T935] usb 3-1: config 0 descriptor?? [ 529.983723][T16686] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 529.984720][T16683] loop4: detected capacity change from 0 to 4096 [ 530.083933][T16691] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 530.261918][ T5337] usb 3-1: USB disconnect, device number 22 [ 530.811515][T16715] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4287'. [ 530.961030][T16720] binder: 16718:16720 ioctl c018620c 200005c0 returned -1 [ 531.118068][T16729] program syz.3.4294 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 531.227665][T16731] loop5: detected capacity change from 0 to 512 [ 531.341781][T16731] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 531.365545][T16745] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4299'. [ 531.369635][T16731] ext4 filesystem being mounted at /686/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 531.399783][T16742] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4301'. [ 531.629565][ T7119] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 531.719949][T16759] loop2: detected capacity change from 0 to 1024 [ 531.803531][T16759] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 532.017813][T16762] loop3: detected capacity change from 0 to 4096 [ 532.026737][T16768] loop0: detected capacity change from 0 to 512 [ 532.074346][T16762] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 532.164685][T16770] loop5: detected capacity change from 0 to 1024 [ 532.237946][T16762] ntfs3: loop3: Failed to initialize $Extend/$ObjId. [ 532.256671][T16770] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 532.497862][T16790] loop1: detected capacity change from 0 to 1024 [ 532.529514][T16790] EXT4-fs: Ignoring removed i_version option [ 532.561648][ T7119] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 532.675672][T16790] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 532.724187][T16798] netlink: 209836 bytes leftover after parsing attributes in process `syz.5.4322'. [ 532.733881][T16798] openvswitch: netlink: Duplicate key (type 0). [ 532.867228][T16795] binder: 16793:16795 ioctl 400c620e 200003c0 returned -22 [ 533.012458][T16799] loop4: detected capacity change from 0 to 4096 [ 533.051155][T16799] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 533.183351][T16805] loop5: detected capacity change from 0 to 8192 [ 533.207358][T16805] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 533.244262][T16799] ntfs3: loop4: failed to convert "c46c" to maciceland [ 533.364512][ T7111] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 533.482798][ T4633] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 533.678119][ T4633] usb 3-1: Using ep0 maxpacket: 8 [ 533.689408][ T4633] usb 3-1: unable to get BOS descriptor or descriptor too short [ 533.698980][ T4633] usb 3-1: config 8 has an invalid interface number: 255 but max is 0 [ 533.724414][ T4633] usb 3-1: config 8 has no interface number 0 [ 533.730959][ T4633] usb 3-1: config 8 interface 255 has no altsetting 0 [ 533.774020][ T4633] usb 3-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf [ 533.799144][ T4633] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 533.827137][ T4633] usb 3-1: Product: syz [ 533.831368][ T4633] usb 3-1: Manufacturer: syz [ 533.835998][ T4633] usb 3-1: SerialNumber: syz [ 534.570470][T16845] sp0: Synchronizing with TNC [ 534.738661][ T4633] eth%d: CATC EL1210A NetMate USB Ethernet at usb-dummy_hcd.2-1, 00:00:00:00:00:00. [ 534.758320][T16819] loop4: detected capacity change from 0 to 32768 [ 534.836683][T16819] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4334 (16819) [ 534.852596][ T4633] usb 3-1: USB disconnect, device number 23 [ 534.908462][T16819] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 534.971108][T16819] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 535.012163][T16819] BTRFS info (device loop4): using free-space-tree [ 535.621176][T14682] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 535.640729][T16876] loop0: detected capacity change from 0 to 4096 [ 535.830800][T16883] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 535.902168][ T29] kauditd_printk_skb: 31 callbacks suppressed [ 535.902195][ T29] audit: type=1800 audit(1724333965.470:404): pid=16876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.4352" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 536.016154][ T29] audit: type=1800 audit(1724333965.470:405): pid=16876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.4352" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 536.267808][T16889] team0: Port device macvlan2 added [ 536.443354][T16896] loop4: detected capacity change from 0 to 1024 [ 536.677158][T16905] netlink: 'syz.0.4366': attribute type 3 has an invalid length. [ 536.811711][T16906] hfsplus: inconsistency in B*Tree (1,0,1,0,2) [ 536.837337][T16906] hfsplus: xattr searching failed [ 536.864137][T16906] syz.4.4354: attempt to access beyond end of device [ 536.864137][T16906] loop4: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 536.925353][T16906] Buffer I/O error on dev loop4, logical block 2889, async page read [ 536.958769][T16906] syz.4.4354: attempt to access beyond end of device [ 536.958769][T16906] loop4: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 536.982376][T16911] loop3: detected capacity change from 0 to 4096 [ 536.997513][T16906] Buffer I/O error on dev loop4, logical block 2889, async page read [ 537.029161][ T29] audit: type=1800 audit(1724333966.693:406): pid=16906 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4354" name="file1" dev="loop4" ino=20 res=0 errno=0 [ 537.090006][T16917] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 537.363317][T16887] loop2: detected capacity change from 0 to 40427 [ 537.486627][T16887] F2FS-fs (loop2): Found nat_bits in checkpoint [ 537.719181][T16887] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 537.920557][T14849] syz-executor: attempt to access beyond end of device [ 537.920557][T14849] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 537.947220][T14849] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 538.291591][ T5337] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 538.517132][ T5337] usb 4-1: config 0 has no interfaces? [ 538.524777][ T5337] usb 4-1: New USB device found, idVendor=046d, idProduct=20ee, bcdDevice= 0.00 [ 538.580766][ T5337] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.617787][ T5337] usb 4-1: config 0 descriptor?? [ 538.851047][ T5288] usb 4-1: USB disconnect, device number 30 [ 539.363305][ T5337] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 539.543568][T16980] loop3: detected capacity change from 0 to 1024 [ 539.563331][ T5337] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 539.587353][ T5337] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 539.633809][T16982] loop2: detected capacity change from 0 to 256 [ 539.639913][ T5337] usb 5-1: config 0 descriptor?? [ 539.658202][ T5337] cp210x 5-1:0.0: cp210x converter detected [ 539.671878][T16983] syz.3.4398: attempt to access beyond end of device [ 539.671878][T16983] loop3: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 539.716982][T16982] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 540.002953][ T1256] ieee802154 phy0 wpan0: encryption failed: -22 [ 540.009705][ T1256] ieee802154 phy1 wpan1: encryption failed: -22 [ 540.037408][ T5337] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 540.075599][ T5337] usb 5-1: cp210x converter now attached to ttyUSB0 [ 540.109380][T16985] loop0: detected capacity change from 0 to 4096 [ 540.145937][T16990] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 540.229256][T16974] loop5: detected capacity change from 0 to 32768 [ 540.265246][ T4633] usb 5-1: USB disconnect, device number 20 [ 540.273986][T16974] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.4395 (16974) [ 540.296191][ T4633] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 540.333188][ T4633] cp210x 5-1:0.0: device disconnected [ 540.335715][T16974] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 540.372298][T16974] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm [ 540.391297][T16974] BTRFS info (device loop5): using free-space-tree [ 540.621562][T16976] loop1: detected capacity change from 0 to 32768 [ 540.670709][T16976] BTRFS: device /dev/loop1 (7:1) using temp-fsid 3e629eca-2920-476c-9e0b-fe2c432952d0 [ 540.692409][ T29] audit: type=1800 audit(1724333970.620:407): pid=16974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4395" name="bus" dev="loop5" ino=263 res=0 errno=0 [ 540.696712][T16976] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4396 (16976) [ 540.805926][T16976] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 540.835865][T16976] BTRFS info (device loop1): using sha256 (sha256-ni) checksum algorithm [ 540.864584][T16976] BTRFS info (device loop1): using free-space-tree [ 540.971835][ T7119] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 541.047167][T17044] loop3: detected capacity change from 0 to 512 [ 541.208640][T17044] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4413: bg 0: block 393: padding at end of block bitmap is not set [ 541.256510][T17044] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 541.307813][T17044] EXT4-fs (loop3): 2 truncates cleaned up [ 541.331954][T17044] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 541.380023][ C1] vkms_vblank_simulate: vblank timer overrun [ 541.405843][ T7111] BTRFS info (device loop1): last unmount of filesystem 3e629eca-2920-476c-9e0b-fe2c432952d0 [ 541.441732][ T29] audit: type=1804 audit(1724333971.425:408): pid=17044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4413" name="/newroot/101/file0/.log" dev="loop3" ino=18 res=1 errno=0 [ 541.484376][T17054] TCP: request_sock_TCP: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 541.571392][T15434] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 542.606742][ T4633] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 542.830830][ T4633] usb 3-1: Using ep0 maxpacket: 8 [ 542.848624][ T4633] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 542.858323][ T4633] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 542.866435][ T4633] usb 3-1: Product: syz [ 542.914305][ T4633] usb 3-1: Manufacturer: syz [ 542.919083][ T4633] usb 3-1: SerialNumber: syz [ 542.952965][ T4633] usb 3-1: config 0 descriptor?? [ 542.988150][ T4633] gspca_main: sq930x-2.14.0 probing 2770:930c [ 543.061316][T17084] block nbd0: NBD_DISCONNECT [ 543.499707][T17091] loop4: detected capacity change from 0 to 128 [ 543.698185][T17078] loop3: detected capacity change from 0 to 32768 [ 543.727239][ T4633] gspca_sq930x: ucbus_write failed -71 [ 543.782075][T17078] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 543.872631][T17109] loop5: detected capacity change from 0 to 512 [ 543.958085][ T4633] gspca_sq930x: Sensor ov9630 not yet treated [ 543.964309][ T4633] sq930x 3-1:0.0: probe with driver sq930x failed with error -22 [ 543.997730][T17078] XFS (loop3): Ending clean mount [ 544.005986][T17109] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 544.049002][ T4633] usb 3-1: USB disconnect, device number 24 [ 544.060866][T17109] ext4 filesystem being mounted at /703/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 544.243001][T15434] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 544.827351][T17131] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.4448'. [ 544.872000][T17131] openvswitch: netlink: Multiple metadata blocks provided [ 545.333951][T17146] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4454'. [ 545.415733][T17139] loop1: detected capacity change from 0 to 4096 [ 545.444430][T17139] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 545.595958][T17139] ntfs3: loop1: Failed to initialize $Extend/$ObjId. [ 545.808792][ T7119] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 545.903793][T17160] netlink: 'syz.0.4459': attribute type 1 has an invalid length. [ 545.951428][T17160] netlink: 9324 bytes leftover after parsing attributes in process `syz.0.4459'. [ 545.998447][T17160] netlink: 'syz.0.4459': attribute type 1 has an invalid length. [ 546.045922][ T4633] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 546.290501][ T4633] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 546.337047][ T4633] usb 4-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 546.385090][ T4633] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.423264][ T4633] usb 4-1: config 0 descriptor?? [ 546.451732][ T4633] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 546.692168][ T4633] usb 4-1: USB disconnect, device number 31 [ 546.773121][T17192] loop5: detected capacity change from 0 to 1024 [ 546.823813][T17192] EXT4-fs: Ignoring removed i_version option [ 546.903788][T17192] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 547.414488][T17215] loop3: detected capacity change from 0 to 1024 [ 547.487611][T17215] syz.3.4484: attempt to access beyond end of device [ 547.487611][T17215] loop3: rw=2049, sector=5778, nr_sectors = 2 limit=1024 [ 547.542505][T17215] Buffer I/O error on dev loop3, logical block 2889, lost async page write [ 547.598686][T17220] syz.3.4484: attempt to access beyond end of device [ 547.598686][T17220] loop3: rw=2049, sector=5778, nr_sectors = 2 limit=1024 [ 547.616888][T17219] loop2: detected capacity change from 0 to 2048 [ 547.630439][T17220] Buffer I/O error on dev loop3, logical block 2889, lost async page write [ 547.680128][ T7119] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 547.715565][T17219] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 547.789419][T17219] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 547.817673][T17219] UDF-fs: Scanning with blocksize 512 failed [ 547.850966][T17219] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 547.945320][T17224] program syz.5.4488 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 547.989507][T17227] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4490'. [ 548.755451][T17256] loop2: detected capacity change from 0 to 1024 [ 548.855442][T17256] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 549.124129][T14849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 549.594112][T17238] loop5: detected capacity change from 0 to 32768 [ 549.655466][T17238] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.4494 (17238) [ 549.719882][T17238] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 549.774833][T17238] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 549.783610][T17238] BTRFS info (device loop5): using free-space-tree [ 550.314091][T17259] loop3: detected capacity change from 0 to 32768 [ 550.351580][T17253] loop0: detected capacity change from 0 to 32768 [ 550.442683][ T7119] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 550.564145][T17259] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 550.583044][T17253] XFS (loop0): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 550.694429][T17286] loop2: detected capacity change from 0 to 32768 [ 550.730937][T17286] XFS (loop2): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 550.782476][T17253] XFS (loop0): Ending clean mount [ 551.043675][T17286] XFS (loop2): Ending clean mount [ 551.073753][T17259] XFS (loop3): Ending clean mount [ 551.095150][T17286] XFS (loop2): Quotacheck needed: Please wait. [ 551.112747][T15903] XFS (loop0): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 551.230555][T17286] XFS (loop2): Quotacheck: Done. [ 551.379157][T15434] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 551.935590][T17339] loop1: detected capacity change from 0 to 2048 [ 552.026445][T14849] XFS (loop2): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 552.052388][T17339] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 552.107830][T17339] ext4 filesystem being mounted at /584/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 552.341204][ T7111] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 552.839681][T17365] ip6gretap1: entered allmulticast mode [ 552.889853][T17367] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 553.263505][T17369] loop4: detected capacity change from 0 to 256 [ 553.354132][T17369] exfat: Deprecated parameter 'utf8' [ 553.359520][T17369] exfat: Deprecated parameter 'namecase' [ 553.475540][T17369] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d) [ 553.785906][T17358] loop0: detected capacity change from 0 to 32768 [ 554.096199][T17391] loop4: detected capacity change from 0 to 128 [ 554.134397][T17391] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 554.178260][T17391] ext4 filesystem being mounted at /146/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 554.283870][T17398] bridge0: port 4(hsr_slave_0) entered blocking state [ 554.299668][T17398] bridge0: port 4(hsr_slave_0) entered disabled state [ 554.430239][T14682] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 554.499152][T17404] bond0: Unable to set peer notification delay as MII monitoring is disabled [ 554.983112][T17419] netlink: 1036 bytes leftover after parsing attributes in process `syz.1.4556'. [ 555.013518][T17419] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 555.959581][T17448] loop3: detected capacity change from 0 to 256 [ 556.470633][T17456] loop0: detected capacity change from 0 to 4096 [ 556.506423][T17465] netlink: 'syz.3.4577': attribute type 1 has an invalid length. [ 556.580768][T17466] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 556.788320][T17472] loop3: detected capacity change from 0 to 512 [ 556.834378][T17472] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 556.887715][T17472] EXT4-fs (loop3): 1 truncate cleaned up [ 556.910345][T17472] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 556.965212][T17450] loop2: detected capacity change from 0 to 32768 [ 557.013431][T17450] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4570 (17450) [ 557.027563][T17472] EXT4-fs error (device loop3): swap_inode_boot_loader:384: inode #5: comm syz.3.4580: iget: bad extra_isize 46 (inode size 256) [ 557.061979][T17450] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 557.101489][T17450] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 557.143669][T17450] BTRFS info (device loop2): using free-space-tree [ 557.272432][T15434] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 557.399402][T17450] BTRFS info (device loop2): rebuilding free space tree [ 557.759006][T14849] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 557.967262][ T935] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 558.021067][T17485] loop0: detected capacity change from 0 to 32768 [ 558.049911][T17485] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.4585 (17485) [ 558.108674][T17485] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 558.144881][T17485] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 558.161112][T17485] BTRFS info (device loop0): using free-space-tree [ 558.168434][ T935] usb 5-1: Using ep0 maxpacket: 16 [ 558.201741][ T935] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 558.215752][ T935] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 558.231432][ T935] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 558.254346][ T935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.263895][ T935] usb 5-1: Product: syz [ 558.268778][ T935] usb 5-1: Manufacturer: syz [ 558.273393][ T935] usb 5-1: SerialNumber: syz [ 558.281620][ T935] usb 5-1: config 0 descriptor?? [ 558.332159][ T935] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 558.371247][ T935] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 558.574693][ T29] audit: type=1800 audit(1724333989.814:409): pid=17485 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.4585" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 558.613042][T17506] loop5: detected capacity change from 0 to 32768 [ 558.702206][T17506] add_index: next_index = 0. Resetting! [ 558.727333][T17506] non-latin1 character 0x3ff found in JFS file name [ 558.737766][T17506] mount with iocharset=utf8 to access [ 558.756852][T15903] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 558.830575][T17538] loop1: detected capacity change from 0 to 512 [ 558.850517][T17538] EXT4-fs: Ignoring removed i_version option [ 558.877970][ T935] em28xx 5-1:0.0: chip ID is em2870 [ 558.885873][T17538] EXT4-fs: Ignoring removed i_version option [ 558.901456][T17540] overlayfs: failed to create directory ./file0/work (errno: 13); mounting read-only [ 558.913152][T17540] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 558.973373][T17538] EXT4-fs (loop1): Test dummy encryption mode enabled [ 559.000296][T17538] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 559.142529][ T5337] usb 5-1: USB disconnect, device number 21 [ 559.149700][ T5337] em28xx 5-1:0.0: Disconnecting em28xx [ 559.162191][ T5337] em28xx 5-1:0.0: Freeing device [ 559.195328][T17538] EXT4-fs (loop1): 1 truncate cleaned up [ 559.215514][T17538] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 559.577167][T17558] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4597'. [ 559.607990][T17538] fscrypt (loop1): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 559.677467][T17553] fscrypt (loop1): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 559.953926][ T7111] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 560.265866][T17587] bond0: Unable to set up delay as MII monitoring is disabled [ 561.029856][T17575] loop4: detected capacity change from 0 to 32768 [ 561.067421][T17575] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4604 (17575) [ 561.133574][T17575] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 561.170236][T17575] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 561.193801][T17575] BTRFS info (device loop4): using free-space-tree [ 561.274039][T17577] loop5: detected capacity change from 0 to 40427 [ 561.363126][T17577] F2FS-fs (loop5): Found nat_bits in checkpoint [ 561.467097][ T9] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 561.510890][T17577] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 561.605695][T14682] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 561.648929][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 561.656629][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 561.704918][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 561.740240][ T9] usb 4-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.40 [ 561.758450][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.780706][ T9] usb 4-1: Product: syz [ 561.784922][ T9] usb 4-1: Manufacturer: syz [ 561.819534][ T9] usb 4-1: SerialNumber: syz [ 561.825634][ T7119] syz-executor: attempt to access beyond end of device [ 561.825634][ T7119] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 561.843236][ T7119] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 562.053287][ T9] usbhid 4-1:1.0: can't add hid device: -22 [ 562.081339][ T9] usbhid 4-1:1.0: probe with driver usbhid failed with error -22 [ 562.164740][ T4633] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 562.171396][T17610] loop0: detected capacity change from 0 to 40427 [ 562.191060][T17610] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 562.209194][T17610] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 562.292771][T17610] F2FS-fs (loop0): Found nat_bits in checkpoint [ 562.301613][ T935] usb 4-1: USB disconnect, device number 32 [ 562.454741][ T4633] usb 3-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 562.478180][ T4633] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 562.505686][ T4633] usb 3-1: Product: syz [ 562.538294][T17643] loop4: detected capacity change from 0 to 2048 [ 562.540941][ T4633] usb 3-1: Manufacturer: syz [ 562.549952][ T4633] usb 3-1: SerialNumber: syz [ 562.553263][T17610] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 562.558159][ T4633] usb 3-1: config 0 descriptor?? [ 562.590483][T17610] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 562.703634][T17643] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 562.791080][ T4633] cx82310_eth 3-1:0.0: probe with driver cx82310_eth failed with error -22 [ 562.863451][ T29] audit: type=1804 audit(1724333994.406:410): pid=17643 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4622" name="/newroot/153/file0/file0/file0" dev="loop4" ino=1313 res=1 errno=0 [ 563.176629][ T4633] cxacru 3-1:0.0: usbatm_usb_probe: bind failed: -19! [ 563.449133][ T5226] usb 3-1: USB disconnect, device number 25 [ 563.965726][T17669] loop3: detected capacity change from 0 to 2048 [ 564.014644][T17669] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 564.052015][T17669] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 564.086170][T17669] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 564.424115][T17680] loop3: detected capacity change from 0 to 256 [ 564.492873][T17680] FAT-fs (loop3): Directory bread(block 64) failed [ 564.525991][T17674] loop0: detected capacity change from 0 to 4096 [ 564.533186][T17680] FAT-fs (loop3): Directory bread(block 65) failed [ 564.548134][T17680] FAT-fs (loop3): Directory bread(block 66) failed [ 564.554745][T17680] FAT-fs (loop3): Directory bread(block 67) failed [ 564.602755][T17680] FAT-fs (loop3): Directory bread(block 68) failed [ 564.640797][T17680] FAT-fs (loop3): Directory bread(block 69) failed [ 564.648490][T17680] FAT-fs (loop3): Directory bread(block 70) failed [ 564.657898][T17661] loop5: detected capacity change from 0 to 32768 [ 564.686869][T17665] loop4: detected capacity change from 0 to 32768 [ 564.708005][T17680] FAT-fs (loop3): Directory bread(block 71) failed [ 564.735727][T17680] FAT-fs (loop3): Directory bread(block 72) failed [ 564.746183][T17661] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 564.756625][T17680] FAT-fs (loop3): Directory bread(block 73) failed [ 564.765246][T17665] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4636 (17665) [ 564.815278][T17674] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 564.847517][T17665] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 564.899555][T17665] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 564.987414][T17665] BTRFS info (device loop4): using free-space-tree [ 565.157086][T17661] XFS (loop5): Ending clean mount [ 565.292182][T17716] netlink: 928 bytes leftover after parsing attributes in process `syz.0.4649'. [ 565.362584][T17716] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4649'. [ 565.423068][ T7119] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 565.424719][T14682] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 565.503375][T17722] loop2: detected capacity change from 0 to 2048 [ 565.527768][T17723] loop1: detected capacity change from 0 to 2048 [ 565.562154][T17722] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 565.658338][T17723] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 565.757290][T17735] binder: 17734:17735 ioctl 400c620e 20000380 returned -22 [ 565.862840][T17723] EXT4-fs error (device loop1): __ext4_new_inode:1070: comm syz.1.4653: reserved inode found cleared - inode=1 [ 565.935018][T17737] netlink: 'syz.3.4659': attribute type 3 has an invalid length. [ 565.980596][T17737] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.4659'. [ 566.088335][ T7111] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 566.372253][T17750] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4662'. [ 566.400936][T17753] loop0: detected capacity change from 0 to 128 [ 566.418343][T17750] netlink: 'syz.1.4662': attribute type 1 has an invalid length. [ 566.533809][T17753] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 566.560359][T17745] ./file0: Can't open blockdev [ 566.568450][T17753] ext4 filesystem being mounted at /92/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 566.687580][T17753] EXT4-fs warning (device loop0): ext4_group_extend:1885: will only finish group (8193 blocks, 8129 new) [ 566.749673][T17753] EXT4-fs warning (device loop0): ext4_group_extend:1890: can't read last block, resize aborted [ 566.764444][T17761] netlink: 'syz.4.4666': attribute type 4 has an invalid length. [ 566.836204][T17764] loop3: detected capacity change from 0 to 256 [ 566.897152][ T5226] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 566.923822][T15903] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 567.100727][ T5226] usb 2-1: Using ep0 maxpacket: 8 [ 567.136052][ T5226] usb 2-1: config index 0 descriptor too short (expected 6427, got 27) [ 567.188938][ T5226] usb 2-1: config 0 has an invalid interface number: 21 but max is 0 [ 567.229891][ T5226] usb 2-1: config 0 has no interface number 0 [ 567.250710][ T5226] usb 2-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 567.308391][ T5226] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 567.356960][ T5226] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 567.406403][T17741] loop2: detected capacity change from 0 to 32768 [ 567.418058][ T5226] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 567.458273][ T5226] usb 2-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 567.486478][ T5226] usb 2-1: Product: syz [ 567.516854][ T5226] usb 2-1: config 0 descriptor?? [ 567.534741][T17758] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 568.052474][ T935] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 568.144007][ T5226] input: syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.21/input/input55 [ 568.211560][T17792] loop2: detected capacity change from 0 to 64 [ 568.243720][ T935] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 568.267464][ T935] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 568.287097][ T935] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 568.304798][ T935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 568.329512][ T935] usb 1-1: SerialNumber: syz [ 568.388190][ T9] usb 2-1: USB disconnect, device number 22 [ 568.388215][ C1] keyspan_remote 2-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19 [ 568.411251][T17797] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 568.577610][ T935] usb 1-1: 0:2 : does not exist [ 568.606433][T17801] loop5: detected capacity change from 0 to 512 [ 568.629261][ T935] usb 1-1: USB disconnect, device number 31 [ 568.678046][T17801] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 568.781826][T17801] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 568.798028][T17801] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 568.827551][T17801] System zones: 0-1, 15-15, 18-18, 34-34 [ 568.833704][T17801] EXT4-fs (loop5): orphan cleanup on readonly fs [ 568.927006][T17814] loop2: detected capacity change from 0 to 2048 [ 568.937490][T17801] Quota error (device loop5): v2_read_header: Failed header read: expected=8 got=0 [ 568.956966][T17801] EXT4-fs warning (device loop5): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 568.998584][T17801] EXT4-fs (loop5): Cannot turn on quotas: error -22 [ 569.016558][T17816] loop4: detected capacity change from 0 to 736 [ 569.046842][T17801] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.4685: bg 0: block 40: padding at end of block bitmap is not set [ 569.057285][T17814] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 569.089210][T17801] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 569.173539][T17801] EXT4-fs (loop5): 1 truncate cleaned up [ 569.209011][T17801] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 569.270711][T14849] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 569.365042][T17801] EXT4-fs (loop5): shut down requested (1) [ 569.518652][ T7119] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 569.640308][T17834] loop2: detected capacity change from 0 to 24 [ 569.898136][ T4633] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 569.917444][ T5226] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 569.928428][ T5337] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 570.068657][T17852] ALSA: mixer_oss: invalid OSS volume '' [ 570.103353][ T4633] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 570.115723][ T5337] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 570.130350][ T5337] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 570.131696][ T4633] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.158602][ T5337] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 570.168253][ T5226] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0 [ 570.201887][ T5337] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 570.209457][ T4633] usb 5-1: Product: syz [ 570.219829][T17855] netlink: 88 bytes leftover after parsing attributes in process `syz.0.4707'. [ 570.229811][ T5337] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.229993][ T4633] usb 5-1: Manufacturer: syz [ 570.238820][T17855] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4707'. [ 570.261191][ T5226] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 570.270279][ T5226] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.288912][ T4633] usb 5-1: SerialNumber: syz [ 570.301577][ T5337] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 570.312436][T17857] loop2: detected capacity change from 0 to 128 [ 570.320333][ T4633] usb 5-1: config 0 descriptor?? [ 570.325563][ T5226] usb 2-1: Product: syz [ 570.327262][ T5337] usb 6-1: invalid MIDI out EP 0 [ 570.329893][ T5226] usb 2-1: Manufacturer: syz [ 570.366870][ T5226] usb 2-1: SerialNumber: syz [ 570.388118][T17836] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 570.398088][ T5226] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 570.530676][T17861] netlink: 'syz.0.4708': attribute type 2 has an invalid length. [ 570.568924][ T5337] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 570.602444][ T5337] usb 6-1: USB disconnect, device number 22 [ 570.672256][T17836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 570.683221][ T4633] usb 5-1: USB disconnect, device number 22 [ 570.711409][T17836] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 570.735384][ T935] usb 2-1: USB disconnect, device number 23 [ 571.053583][ T5226] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 571.137484][T17872] netlink: 'syz.3.4714': attribute type 6 has an invalid length. [ 571.235831][ T5288] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 571.281765][ T5226] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 571.299487][ T5226] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 571.324220][ T5226] usb 3-1: config 1 has no interface number 0 [ 571.340614][ T5226] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 571.361916][ T5226] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 571.395560][ T5226] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 571.418127][T17879] loop3: detected capacity change from 0 to 1024 [ 571.425371][ T5226] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.439640][ T5288] usb 2-1: config index 0 descriptor too short (expected 301, got 72) [ 571.450219][ T5288] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 571.464219][ T5226] usb 3-1: Product: syz [ 571.468428][ T5226] usb 3-1: Manufacturer: syz [ 571.485832][ T5226] usb 3-1: SerialNumber: syz [ 571.490560][ T5288] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 571.507323][ T5288] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 571.530422][T17879] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 571.553541][ T5288] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 571.630717][ T5288] usb 2-1: config 16 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 571.679232][T15434] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 571.690290][ T5288] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 571.737696][ T5288] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.804910][T17836] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 571.814944][T17890] program syz.4.4721 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 572.024791][ T5288] usb 2-1: usb_control_msg returned -71 [ 572.030499][ T5288] usbtmc 2-1:16.0: can't read capabilities [ 572.047115][ T5288] usbtmc 2-1:16.0: Failed to submit iin_urb [ 572.064455][ T5288] usbtmc 2-1:16.0: probe with driver usbtmc failed with error -90 [ 572.085327][ T5288] usb 2-1: USB disconnect, device number 24 [ 572.236558][ T5337] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 572.432675][ T5337] usb 6-1: Using ep0 maxpacket: 8 [ 572.439970][ T5337] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 572.456286][ T5337] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 572.484092][ T5337] usb 6-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=61.da [ 572.495253][ T5337] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 572.513998][ T5337] usb 6-1: Manufacturer: syz [ 572.531381][ T5337] usb 6-1: config 0 descriptor?? [ 572.548744][ T5337] appledisplay 6-1:0.0: Submitting URB failed [ 572.559610][ T5337] appledisplay 6-1:0.0: probe with driver appledisplay failed with error -5 [ 572.614926][T17910] loop4: detected capacity change from 0 to 2048 [ 572.757166][ T5337] usb 6-1: USB disconnect, device number 23 [ 597.261177][ T1256] ieee802154 phy0 wpan0: encryption failed: -22 [ 597.267733][ T19] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-...D } 2643 jiffies s: 33833 root: 0x2/. [ 597.279925][ T1256] ieee802154 phy1 wpan1: encryption failed: -22 [ 597.293795][ T19] rcu: blocking rcu_node structures (internal RCU debug): [ 597.302136][ T19] Sending NMI from CPU 0 to CPUs 1: [ 597.307382][ C1] NMI backtrace for cpu 1 [ 597.307397][ C1] CPU: 1 UID: 0 PID: 17905 Comm: syz.0.4727 Not tainted 6.11.0-rc4-syzkaller-00033-g872cf28b8df9 #0 [ 597.307430][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 597.307443][ C1] RIP: 0010:lock_is_held_type+0x10e/0x190 [ 597.307485][ C1] Code: 95 c0 31 db 44 39 f0 0f 94 c3 eb 05 bb 01 00 00 00 48 c7 c7 e0 e6 0a 8c e8 cf 1a 00 00 b8 ff ff ff ff 65 0f c1 05 e2 cb 4b 74 <83> f8 01 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 [ 597.307505][ C1] RSP: 0018:ffffc90000a18c48 EFLAGS: 00000057 [ 597.307524][ C1] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffff88806d470000 [ 597.307540][ C1] RDX: ffff88806d470000 RSI: ffffffff8c0ae6e0 RDI: ffffffff8c606d40 [ 597.307557][ C1] RBP: 0000000000000000 R08: ffffffff89bd8d61 R09: fffff52000143180 [ 597.307574][ C1] R10: dffffc0000000000 R11: fffff52000143180 R12: 0000000000000046 [ 597.307590][ C1] R13: ffff88806d470000 R14: 00000000ffffffff R15: ffff88801f083300 [ 597.307611][ C1] FS: 00007f83185ff6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 597.307632][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 597.307648][ C1] CR2: 0000000020000440 CR3: 0000000049498000 CR4: 0000000000350ef0 [ 597.307666][ C1] Call Trace: [ 597.307676][ C1] [ 597.307687][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 597.307716][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 597.307753][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 597.307780][ C1] ? nmi_handle+0x2a/0x5a0 [ 597.307816][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 597.307846][ C1] ? nmi_handle+0x151/0x5a0 [ 597.307868][ C1] ? nmi_handle+0x2a/0x5a0 [ 597.307892][ C1] ? lock_is_held_type+0x10e/0x190 [ 597.307927][ C1] ? default_do_nmi+0x63/0x160 [ 597.307956][ C1] ? exc_nmi+0x123/0x1f0 [ 597.307985][ C1] ? end_repeat_nmi+0xf/0x53 [ 597.308019][ C1] ? advance_sched+0x131/0xca0 [ 597.308048][ C1] ? lock_is_held_type+0x10e/0x190 [ 597.308084][ C1] ? lock_is_held_type+0x10e/0x190 [ 597.308120][ C1] ? lock_is_held_type+0x10e/0x190 [ 597.308156][ C1] [ 597.308164][ C1] [ 597.308175][ C1] ? __pfx_advance_sched+0x10/0x10 [ 597.308200][ C1] advance_sched+0x148/0xca0 [ 597.308227][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 597.308258][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 597.308293][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 597.308334][ C1] ? __pfx_advance_sched+0x10/0x10 [ 597.308359][ C1] __hrtimer_run_queues+0x59d/0xd50 [ 597.308386][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 597.308437][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 597.308463][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 597.308493][ C1] ? ktime_get_update_offsets_now+0x22d/0x250 [ 597.308532][ C1] hrtimer_interrupt+0x396/0x990 [ 597.308576][ C1] __sysvec_apic_timer_interrupt+0x112/0x3f0 [ 597.308617][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 597.308652][ C1] [ 597.308660][ C1] [ 597.308670][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 597.308699][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 [ 597.308734][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 de f6 39 f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 73 2c a2 f5 65 8b 05 b4 00 43 74 85 c0 74 43 48 c7 04 24 0e 36 [ 597.308753][ C1] RSP: 0018:ffffc900044979c0 EFLAGS: 00000206 [ 597.308772][ C1] RAX: 94bc89d13263ae00 RBX: 1ffff92000892f3c RCX: ffffffff94f2b903 [ 597.308790][ C1] RDX: dffffc0000000000 RSI: ffffffff8c0ad560 RDI: 0000000000000001 [ 597.308806][ C1] RBP: ffffc90004497a50 R08: ffffffff9017f16f R09: 1ffffffff202fe2d [ 597.308824][ C1] R10: dffffc0000000000 R11: fffffbfff202fe2e R12: dffffc0000000000 [ 597.308842][ C1] R13: 1ffff92000892f38 R14: ffffc900044979e0 R15: 0000000000000246 [ 597.308874][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 597.308909][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 597.308938][ C1] ? ttwu_do_activate+0x200/0x7e0 [ 597.308978][ C1] try_to_wake_up+0x8fb/0x1470 [ 597.309013][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 597.309050][ C1] ? __pfx_try_to_wake_up+0x10/0x10 [ 597.309085][ C1] ? __pfx_lock_release+0x10/0x10 [ 597.309117][ C1] ? plist_del+0x3f1/0x410 [ 597.309149][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 597.309179][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 597.309210][ C1] wake_up_q+0xc8/0x120 [ 597.309243][ C1] futex_wake+0x523/0x5c0 [ 597.309288][ C1] ? __pfx_futex_wake+0x10/0x10 [ 597.309338][ C1] do_futex+0x392/0x560 [ 597.309374][ C1] ? __pfx_do_futex+0x10/0x10 [ 597.309419][ C1] __se_sys_futex+0x3f9/0x480 [ 597.309456][ C1] ? __pfx___se_sys_futex+0x10/0x10 [ 597.309487][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 597.309524][ C1] ? do_syscall_64+0x100/0x230 [ 597.309550][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 597.309583][ C1] ? __x64_sys_futex+0x21/0xf0 [ 597.309615][ C1] do_syscall_64+0xf3/0x230 [ 597.309644][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 597.309672][ C1] RIP: 0033:0x7f8318b79e79 [ 597.309693][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 597.309712][ C1] RSP: 002b:00007f83185ff0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 597.309734][ C1] RAX: ffffffffffffffda RBX: 00007f8318d15f88 RCX: 00007f8318b79e79 [ 597.309751][ C1] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8318d15f8c [ 597.309766][ C1] RBP: 00007f8318d15f80 R08: 7fffffffffffffff R09: 0000000000000000 [ 597.309783][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8318d15f8c [ 597.309798][ C1] R13: 0000000000000000 R14: 00007ffd06ff0660 R15: 00007ffd06ff0748 [ 597.309827][ C1]