last executing test programs: 15m57.295471444s ago: executing program 2 (id=86): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'nr0\x00', 0x6132}) ioctl$TUNSETSNDBUF(r0, 0x400454d4, 0xfffffffffffffffe) 15m56.405246521s ago: executing program 2 (id=91): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2060, 0x0) fcntl$setlease(r0, 0x400, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000040), 0x0, 0x0, 0x0) 15m55.596301916s ago: executing program 2 (id=97): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0xf30, 0x111, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x2, 0x9, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0xc, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x6, {[@local=@item_012={0x0, 0x2, 0x7}, @global=@item_4={0x3, 0x1, 0x5, "b1e6850c"}]}}, &(0x7f0000000200)={0x0, 0x21, 0x9, {0x9, 0x21, 0x1, 0x4, 0x1, {0x22, 0xb61}}}}, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}) 15m53.011930196s ago: executing program 2 (id=107): r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x40000885) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file4\x00', 0x100, 0x74e) 15m52.363709598s ago: executing program 2 (id=112): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) fstat(r0, &(0x7f0000000300)) 15m51.761723973s ago: executing program 2 (id=115): timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000000040)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00') preadv(r0, &(0x7f0000002380)=[{&(0x7f0000000200)=""/122, 0x7a}], 0x1, 0x20, 0x0) 15m36.308373509s ago: executing program 32 (id=115): timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000000040)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00') preadv(r0, &(0x7f0000002380)=[{&(0x7f0000000200)=""/122, 0x7a}], 0x1, 0x20, 0x0) 6m51.037236226s ago: executing program 3 (id=2696): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004f40)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xe}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x94}}, 0x0) close(r0) 6m50.298170641s ago: executing program 3 (id=2700): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'bond0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'vlan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="400d0000000000003000128008000100687372002400028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r1], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) 6m49.369678705s ago: executing program 3 (id=2706): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x34, r1, 0x1, 0x4000000, 0x0, {0x1a}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 6m48.634127847s ago: executing program 3 (id=2712): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) unlinkat(r0, &(0x7f0000000b40)='./file1\x00', 0x200) 6m48.018421999s ago: executing program 3 (id=2716): syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./file1\x00', 0x4, &(0x7f0000001180)={[{@fat=@discard}, {@fat=@nfs}, {@dots}, {}, {@dots}, {@nodots}, {@fat=@discard}, {@dots}]}, 0x1, 0x245, &(0x7f0000001200)="$eJzs3cFqE1EUBuBjmjShG7sWFwNuXAX1DYJUEANCZBa6cqC6aUWYbkZXeQyfwedx5WN01d2IndC0tYpi0zvT+T4Ic+AncO4md3NO5u39Dwf7H4/e19+/xGSSxTBiGScRuzGIrWjcWT0Hp/V2nLcMAKBrFotilroHNqssZ8UoIsa/JPnXJA0BAAAAAAAAAADw3/5t/n8QYf4fADrP/P/tV5azYme1v3mR+X8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgnZO6vlv/4ZO6PwDg+rn/AaB/3P8A0D9/e/+P0rYJAFyjV6/fvJjN53uLLJtEHC+rvMqbZ5M/ez7fe5Sd2l1/67iq8q2z/HGTZxfzUeys8idX5tvx8EGT/8yevpxfysexv/njAwAAAAAAAAAAAAAAAAAAQCtMszNX7vdPp7/Lm+rc/wNc2t8fxr3hjR0DAAAAAAAAAAAAAAAAAAAAOu3o0+eD4vDwXanoUvFt2Io2WlSMoxVt3J4i9S8TAAAAAAAAAAAAAAAAAAD0z3rpN3UnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJDO+v3/mytSnxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADohx8BAAD//86jkvk=") sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000140)='\\\x00', 0x2}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) renameat2(0xffffffffffffff9c, &(0x7f0000000280)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) 6m46.097943441s ago: executing program 3 (id=2722): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x0) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f00000000c0)={0x4000, 0x1fe00}) 6m44.555737452s ago: executing program 33 (id=2722): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x0) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f00000000c0)={0x4000, 0x1fe00}) 6m26.989261021s ago: executing program 0 (id=2797): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x59, 0x77, 0xc, 0x40, 0x9c0, 0x203, 0xd332, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xfa, 0x10, 0xc9}}]}}]}}, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000700)={0x84, &(0x7f0000000280)={0x20, 0xd, 0x2, "1cc2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 6m23.877132283s ago: executing program 0 (id=2806): r0 = syz_io_uring_setup(0x487, &(0x7f0000000400)={0x0, 0x707c, 0x0, 0x4, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x40, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x2}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 6m22.66782972s ago: executing program 0 (id=2811): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x0, 0x0, 0x16, 0x0, "0af5a212a1bd3bbda613efd9c8b4965dca66db42f66a86e5781cf86717055a7c1d1408407e5a774ef95f2fc1b947e00f0000000200000034b0882e83d41b67cb9ff147c6d33a097d2269351b3ed300"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}}, 0x0, 0x0, 0x11, 0x0, "a1c1dd75a68473ba07d945c3b03e10950cd4b347113e55eb4285bf274bca67efbff2fdf98328de9434031348589bf28046d14810000000e3ffffff00"}, 0xd8) 6m22.045013864s ago: executing program 0 (id=2814): syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000140)='./file2\x00', 0x0, &(0x7f00000003c0)=ANY=[], 0x1, 0x1f3, &(0x7f0000001880)="$eJzslc+q00AUxr+ZxKT3Ij6AGxde8LowbXJB3Fy4d+PKheCfiwvBYtNSTa20XdiCaJ/AvTsXPoaiWxf6BlIF0U3dqOuRyUwmQ0mrMS0Knh90+k3m5MyZM5MzIAjiv+Xjhx8z8X3/cw3AcezA18+/OLkNt+zf174+fH3p4tGTm8/f+LNgq8inEL8/vwvg1aGDd+ZdIWynO/r/KrjR18BxVusjMARa3wLHda1jMNzQ+o6l+9I+CNrdJA5u95OWFA3ZhLKJ2t2EuYvxzacMLSs+Zo0Px5O7zSSJBxsUv8rf/JBj38SHmj1+ASrahpW/EByh1ntguGJs/Sw3KiXW+k+6+fqdlev3UHHZnwDkT9oFNrzqFJnw5FTLbbKFFgwBbF17H52o7ifb87KvO0iFU/p1rtIiT8XmP4AKAu7aHAq/4CT4q85PdfH2pRZ8pfGLA7V/JtRHql9u0oMlQ15JPzrzpj6JZwxnrPqpSsnT9Kqpj3r368Px5Fy31+zEnfheFO2db2wDiOppIVLtsvLnA1tpfdrO/RfeSRKPeXjQHI0GoWpNP1JtUcXlcDGfcuyexjHZl9XUW/D7zdIs/cmvgz1WvV27XConBEEQ/wCnwNKanNblTOjbxAwIEV3+y3ESBEEQBEEQBEEQBPHn/AwAAP//W8NQxQ==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000580)=""/174, 0xff56) 6m21.083361757s ago: executing program 0 (id=2820): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_TSC_KHZ_vm(r1, 0xaea2, 0x3) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) 6m20.606973478s ago: executing program 0 (id=2821): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb70d) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000bc0)) 6m18.041736056s ago: executing program 34 (id=2821): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb70d) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000bc0)) 3m31.736543591s ago: executing program 7 (id=3588): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) syz_emit_ethernet(0x103, &(0x7f0000000680)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0xf5, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x10, 0x6071, 0x0, 0xe7, {[@exp_fastopen={0xfe, 0x4}]}}, {"5f940092e636d6bea4f91e6fc228675819231ce183f58a14b21e0824111b457d810d4aaff9c1b0777d565d5bb170b34940016aee61f230135742c6b9127dade39f803561157b410850f8c59f2a9359b682990dadecff3fe22902028f37ae64a95732c9c104ddc5fd3f392dd8b115000767976ab748f8541052dd2a7e07acac85e9764a14efa9709a4bf5259f39c05a09bc1f49496fe992618987fd40b1bcf30b3857b4abbc80103a4a79d11620278b490e3af84b67b00933e39670993db3c5db7fe3f539b8d10bdc9e"}}}}}}, 0x0) 3m31.165341423s ago: executing program 7 (id=3582): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x4, 0xa}, {}, {0xfff2, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x200401c8}, 0x20004804) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="50020000", @ANYRES16=r1, @ANYBLOB="0100000000000000000001000000080001000000000004000480080002000100000010000c7d0c000b8008000a00b4ed000004000880c8000c8024000900f36aad4208000a156878badf10076800d5441e0f080009002bd49f3b0c00008008000a00697100002c"], 0x250}}, 0x2000c000) 3m30.474579884s ago: executing program 7 (id=3585): syz_clone3(&(0x7f000000dd80)={0xa00400, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58) nanosleep(&(0x7f0000000000)={0x77359400}, &(0x7f0000000080)) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) syz_clone3(&(0x7f000000dd80)={0xa04400, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x0, 0x0, 0x0}, 0x58) 3m28.937089872s ago: executing program 7 (id=3595): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x12c5008, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) 3m28.309470047s ago: executing program 7 (id=3597): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0xffffffffffffffff) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x3ec0) pselect6(0x40, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0xfffffffffffffff9, 0x80000000000, 0x0, 0xfffffffffffff30a, 0x5}, &(0x7f0000000000)={0x1c, 0x26d7, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x6, 0x9}, 0x0, 0x0, 0x0) 3m27.843812224s ago: executing program 7 (id=3600): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) 3m25.575653749s ago: executing program 35 (id=3600): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) 4.813374517s ago: executing program 5 (id=4650): getpid() r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x38, 0x24, 0xd0f, 0x3, 0x25dfdbfe, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x3}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) 4.552241244s ago: executing program 4 (id=4651): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) recvmmsg$unix(r0, &(0x7f0000001bc0)=[{{0x0, 0x0, &(0x7f0000002cc0)=[{&(0x7f0000004a80)=""/4083, 0xff3}], 0x1}}], 0x1, 0x0, 0x0) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000004980)=[{&(0x7f00000034c0)="58c0e8bae42c0fe8bdf795b00994db801593518c974db2203b74e695040d2c9f2c3496ab3aa08c45023c6c77fd6e9ccb4cf2c9885b536185f74d40ac385923d11990841b9596d9129f0a565ef205da3f7bbd5cb09b2210051ecdda6e20ea108eaea68ba58a53f446db1598ff59bf94bf4e1749edb4d065b82120033bcaf01889dd81381abe885032f2c2f15d73828d65d839652b4402312ba82d9df95c4966a81a6c0a24a3025a7feff0cec1e3b77e442304a4ca1fe6d516cde88d197fb26de0c5f24403db89870d65da4cb763ae49eaf38a155547e9aafcf04cb6dadc1e760e9c1da7acc9f6afbac76fb44750d5f607aa72a985be38d229b8a7f6f848c0fa91edc5243192d2ee40e65abe7caab40a5e2ba95a3e6a69eb1bd3769b54ee7aa5360430b7f5e51589106eba39e12861a1d0b8f13c154100d0fbb0ba760f41470cb6b1904cb85bd8c5e4394ac77ce0468cce003cda723f72aeda6c766ddf96fccdb018769e77c6c2c0786dc85dc9438a75ad96c9f87c8d9a6f0353ef8f43070e4232b955e3f9b182aa66ae59f06529c685efc18d0384f5d79174ba85959e434e7b833040dcbf739e17c083b4c67042ff783f9aae8522ebf118700400c80035f686057c9a95108316d7a37e2fb90691b44cbe0e77ec66d08f0cb6b86ca7e1530a5122cad2170154c68cee7611542774534e9ed151295e80ea9ede97e1a05845baccc45ae42fcd9171fb6517793507260e8273e0357feb85572d4d2b695ad16574568c4e17effb582c751bdbb172a7fcc5d2034b8469e95748158c27e68d2d226e57e0f8e37ed5714280a87a15422c1825a5a2f734ec1ea4a7a71ce13df577f904cae48ee8f6be9f4e5a6cd101267673727ce343690335c479e3fced545d62d66f2aa2e12c74321d1ae0713fbf678db1a4d98e2583de3e4c1207a1b3ef0528bf4c979e7f46a9981acee9307e11e487a41d8ef6408df077e184a4368d5e22e75b528d27e626541076df37f3869c0022c0c9b6d41cc6874ae1e9cef8c4816b84f7a93e2a404691abee20c1fe78a9c91b64e06f2a5b2ffe5c0386f1341b130bb071dafb680bdb76cc61da6a8dcf65a38410c4fff0c8feae4eb36688c84ea493b4b993ee476625385a750c6592287721be80af5e4917646d37e503296667918b4fc572d36f20f23032df0703dcfcdb2edd0318750252a2693c0e446b394f710d8aec13b792681b667ef092e78d779fbaa02c0462f58ee92761278a6a2de26d5514f118a88013fb5ee84a4e8951b7273686c47840e2941d41b632ed15912cb6cea9d4bd5b8b1f713c391612f641eb7b6ce66f4b1a97da59b8e90ac9a855a7ebf07a8372cda66ddf04b73aa2fc11ffeb276572d1ff23f0dea2e1abe5e38ae315df083103fc702a00bf38cd8b4f7d52b4e7944a7c99ffb743cb878280957c840d480d6adf64a06a37ef71fa1b4674e8e2844dafe919961791fe61be794b6e8e9866d97b96c97b8a5e0f32658b0a07f707aa24690652fdbf538c08e982c21dfed05975c8d1d1281c2f65c1fd71f19f78bbb800a21311a5c14a50b11c7de69abe9c347398cfdccfe6816ffaae09a982b3847833996e8798c7e807ebd61ee013f7d1711f148291b10d7ee47f8d9ca645df551451d9c41cf4057ce4b63060dab137445458f41b5839c612f3b3f8b39690a66ee2e7cf796052bf0b90e0e1be2fd87ee1f265ea3930a980d117573765357a57cd6263ecff5511107114c8311d9fe9665d4dfed59c74e04f6410bffb8c57224a4ba391ac0b9121f3083e0c4ad52c036d57dda6e1e21b184561dce5556cb1148d6894ec2bf9d6a52d5bafd1f59e52d4d30acadf9f3c11ffbc6ba17441f66dd10b8ebb27a2316be64111a8f11b3384ce89628ba1cea730934451ff7b29ab813bc6c8ecbd5538fc2d581a8b6848eea60db2836b29da9e7c1c813717b18b860bb5ff6120453797bfa5ce95d0236137d1f726463932c788b6eebe00437df73bb1088b198ff1ce72cba8157ab5ca82b7030dd76ba5dac3ac333de636aec4be333dd68d652257706a1eabdb304f01f763ece502b4f9cefb870cc96e258a8073c94ca67738811e6a4d2ebe92a7323fe2a29218e8ace1547c9580680c6f595f17ba6e56109ce31176157f08fe911b43ad111d84d919f4774e0896b0933041551e4116187ed93e4cf2fc7af572fe4ae6affec258007de3175ef99f44843213ea73f2b051bffb703cb19f6001dd5f4c4d5a248150e7ea96ec2a9fa196e60149767c6bb0d78370f7d61e67a6e8d60fd881fcbf2705480fd5579dbad96665488c85848f638ef036d01b13f43593ae7f99d52bd7f5994d663a9cdc01134a03dec835af6b3ec9ffd16ba2381a8575414b092cffba58b0d9e58e58c3a09be7d77a3cb23b74567bc8906b47edd552f48736e7cb41a4cefc73c1d9ba274d39042d4a2afe0aa0e6a06a7ae7933d8320d4b17511609f53dc4478e95895a1fbfe3b3c7727c0dc88e8726dfdfeba18998985e4f1268ac0f26ca69a65f4d82dcf4e451af14413f643a2c3f3bb00c3f1af5a56bc231023144d1995f9713f288622a5fac78a55824ce5791a2562e1d017b30ab0b599fa440812db16af0cf945d9257faf66ee1f48d9b247cb9b8b7c43f8bbc1959e250d944ba96f1d2f6017d8b83980ec4ab3f52eeeadd3b46eddfc0150745f06c215198124d6643799ba166f5825f3f2fe4ff4dbcc98a90027088dddcd47e8555baccfe469333ac72c8b733a4969adc9c640c633d880f51f78c5a3e491bfcdf40263e384a1e18109fe34ba45e66af1d32c9ee873524c5acd5d94061152e7f3089afe6e8c35dc980de6a3adaf1bf371ded4f4f3099c505c685d08db26086ca314b5f142a977df96bfdd12d7c2674cd66fbc93b5e4befec9f90cbdbd65424b7a2a756af23c77e329a477ed8afc4bfd78c97c47a484ec60f391ce7a8fa976b4e138a2faca3825dffd62c706b75d66971b17200ff912ff7768ebb3921e705b582d7e418131cd5af63620e48f02cb4b8f6c55c5e07b2cd561c1edf76dac09d4322ff3ea949aa42db106d33252f45afaf0b9e339d5ff8c73d52823320af6c70eb826d1514b9d4f004ee890ebbef5b77d6fdecf56a5234c501a0abd38246191a1ef5184d89fc2c2f2ff863e2e4e1c409e6a26323c8ee968140570723fcf50ce391bfd9f52c674134a48e6a7349830e2136531f7e762341df774a698de5145e5c9a168b329dd21f2c3f400364eeb609ec6a3547b8ef1a47d1dce5b5e50485ac497b9415ea6a35ff7898cfa3cbae678e4b37c50a775a069fddd5d84931f5f80c77f6bd12a3f8da843d7c8a46c7a260f31a574f01eb0c9bba6c10d516a5fc5c1cff6ef1d0009469ab9046b1e0351a86b4b3faa9e486f86952810fcba2adce553f47aa6e52978d6038f79eff7bb5e3796322c7a2df67e4016e689a6cb2c3613220c0e04a06f7d331a089f4febd7302b50cfed8e688dbf709476014819841c6702ed733e047cf464396ef5bf38391d4ffc1aca22db9b37cdcdb170c5b4f51b2a4f6cb5fd71e84755100d3e783c0a2c563ea8f32d0dfcef47a241abf3480eb0c176fe2afbba8da4b6479d51323cd224528b8e4f766a2ff4f011f973b91479fbf1d0f15e939756de7276465f9fd759930a8d402e898c6dfd8f17b244e35a58d1c1f7cacca684eaa5e32c9eda766a6a36cc0f9cbaf149a61f3296449434310274564c189e4888a610f273328557cd2e7c3688281bcd5fda93be2a58b8cd642ac10e0ead96b9d414b362c20c0c39a1321766e29ef1f36f61701d5aefef6d80c535eee00ce70db2d0f148783bc586089233ed7188a42a1cc07f7645197f083b9f6a4e9cab281b0daa0ff13dee6d3868fe131e324d7cdf94ca5d6f900fd0b6ad2fa7ca58d14cf916c530d172fa627799e6471085495c6fe1aabd47e283e2679b6e14231e4d611afe5f488d96a28f948433cca579f36e08ca1132c70297b75cef74f685e32d7da1fb43ceb6b303f9faf742c818326e5c84c6d4e5c7da8a4bd0111728e3d8c75c2c29df3472a261fa2a8a8ef102a40a30fe9e6b4dd9012413800e49bb7bb2d83d23a4738441255a39946a7feed4f413bcf2c41798b46f9001e0b61d76d7fb20e25c2b067df3b6b3e4b30a1f1139f3c129e6614ab41c609f6a90cdc191982e6109c31eaeee196132b894d9fbeb45208580d82b6299acee3a4916f16858f4bd6778c22a250619304a849d0c8c47d59adb55c6637c30a41a4eeb276245e46713adf362090ca060ff0afec7710b673dfd844c7af0940547b8fba12ea3cff96a1c934efdde5eded84f82d2ce3fcb9a64f30bdcc9a8bed0dc0397eaa918a09bce93ec327385be756c35f856f0960dc3f3a0ae50593d32119b6823c9adef126d1885e76ccd6c0e29f5d5190287da3e6d678ccbf46a291926d7b34e5543383b506701cf06eb8b4222947752564f53329b4709024fa8529863953b98134d0e6670bec652a75449a28a0ffbcf30d83a492704182aa96fca299595a5fa963e0bdce00904bf68aed1072de1bb3a16d5fb038da134e95353693de0855df566ea974d51385dbece097f3b540ddf749116446e9ee11dd835d89cbee43171e817e9c8cd9a558330952ada17dff3b127888c5979acc60604a162c3792afa50ef777f8da7fa4749e592fe4ae1dd7e837d82aac1d6bc6af3c0bd6bbd5dd424f1cf8a0e6da91a36101b26e974b7b00eca70cf53a82cbfcd1c10ccc63de22e067b05ae031f3dd71cc5eca8661f6d048396cb9b62943722f362e2574e772a550b79b7819ef6ef628cb5ede6f3c971a6bc7a42e2da7705e1c95a6fd8d0fcbe09252c2fae46c349b87f7487a34aec214f169934930a90d67fa22d22d66d282f6a659a469f41ef632d00cb7456d34eff9b38f6a02421cdfcde851334bd061a1fe12f05cebb241eb67f4079720cf7c7ed7e05df968ad1698522464c1ab1922117f0c49de0554834bb459901ff3561df19b19ae5569c2208da078d17ad17f7748f333f931bb8554deb11da2810c8bf11b2928b2c0883517a78ec1bcdcabdbe61e48dccb8cc9373", 0xe06}], 0x1}}], 0x1, 0x9200000000000004) 4.524372932s ago: executing program 8 (id=4652): r0 = syz_io_uring_setup(0xc2d, &(0x7f0000000440)={0x0, 0x40000004, 0x100, 0x1, 0x109}, &(0x7f0000000080)=0x0, &(0x7f0000000240)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0xbe9, 0x10a5, 0x3, 0x0, 0x0) io_uring_enter(r0, 0x5e5, 0xf419, 0x1, 0x0, 0x0) 4.09579754s ago: executing program 1 (id=4653): openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) r0 = syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x86f7, 0x10100, 0x0, 0xaa}, &(0x7f0000002000)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r0, 0x48e9, 0x0, 0x2, 0x0, 0x0) 4.089395126s ago: executing program 5 (id=4654): r0 = msgget$private(0x0, 0x3ac) msgsnd(r0, &(0x7f0000000040)={0x2}, 0x8, 0x800) msgsnd(r0, &(0x7f0000000080)={0x1}, 0x8, 0x0) msgrcv(r0, 0x0, 0x0, 0x1, 0x5800) 4.088131536s ago: executing program 6 (id=4655): r0 = epoll_create1(0x0) r1 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, &(0x7f0000000080)=0xffffffffffffffff) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000040)={0x2}) 3.829566935s ago: executing program 4 (id=4656): syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) r0 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100, 0x10000, 0x2000000}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r0, 0x48e9, 0x0, 0x2, 0x0, 0x0) 3.502922006s ago: executing program 5 (id=4657): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/20, @ANYRES32=r2, @ANYBLOB="ebffffffffffffff280012800b00010065727370616e000018000280040012000500160001000000080015"], 0x48}}, 0x0) 3.420134363s ago: executing program 6 (id=4658): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'macvtap0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x70bd2c, 0xfffffdfc, {0x0, 0x0, 0x0, r1, {0xfff3}, {0x0, 0xfff1}, {0xfff3, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x48098}, 0x4000000) 3.3343173s ago: executing program 1 (id=4659): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a0300ea000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x40080) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000009b80)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_DELSET={0x2c, 0xb, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x54}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 3.106749036s ago: executing program 8 (id=4660): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@ipv6_newaddr={0x2c, 0x14, 0x119, 0x70bd26, 0x25dfdbf5, {0xa, 0xe7, 0x19, 0xff, r2}, [@IFA_ADDRESS={0x14, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4c051}, 0x8004) 2.945050812s ago: executing program 4 (id=4661): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000080)={0xc0d8, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) tkill(r0, 0xf) 2.671320044s ago: executing program 6 (id=4662): sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1802"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0) ioctl$EVIOCGLED(r0, 0x40284504, &(0x7f0000000000)=""/56) 2.600206511s ago: executing program 5 (id=4663): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) r0 = syz_io_uring_setup(0x239, &(0x7f0000001080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) 2.482520167s ago: executing program 1 (id=4664): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x90}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f000000c000/0x3000)=nil, &(0x7f000000d000/0x1000)=nil, 0x3000, 0x3}) 2.415596079s ago: executing program 8 (id=4665): getpid() r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x38, 0x24, 0xd0f, 0x3, 0x25dfdbfe, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x3}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) 1.880713994s ago: executing program 4 (id=4666): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000006c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x800) recvfrom$inet(r1, 0x0, 0x0, 0x100, 0x0, 0x0) 1.76729847s ago: executing program 5 (id=4667): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x8, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7177}]}, &(0x7f0000000180)=0xc) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000080)={r1, @in={{0x2, 0x4e21, @empty}}, 0x5, 0x0, 0x80000003, 0x0, 0xe2d8f2eb1d010935, 0x5, 0x7}, 0x9c) 1.732223697s ago: executing program 6 (id=4668): syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='personality\x00') r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000180), 0x2000090, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 1.656993541s ago: executing program 1 (id=4669): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x21081e, &(0x7f00000009c0)={[{@nomblk_io_submit}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@discard}]}, 0x1, 0x515, &(0x7f00000010c0)="$eJzs3U9sHFcZAPBv1vHfuHVaegAEbWgLAUVZ25s2qnqAckIIVUL0CFJq7I1leddredelNjk4Z65IROIER44cOOfEnQuCG5dwQOKPFRQjcRg0s7Nhbe8mq8T2ut7fTxrNm3mT+b4XZ97zvs3uC2BkXY2IvYiYiIiPI2KuOJ8UW3zQ3rLrHu/fXT7Yv7ucRJp+9M8kr8/ORdefyVwu7jkVET/4TsSPk+Nxmzu760u1WnWrOJ5v1Tfnmzu7N9bqS6vV1epGpXJr8dbCezffrZxYW9+oTxSlLz/8w943fpqlNVuc6W7HSWo3ffxJnMyliPjeaQQbgrGiPRPDToTnUoqIVyPizfz5n4ux/KcJAFxkaToX6Vz3MQBw0ZXyObCkVC7mAmajVCqX23N4r8VMqdZotq7faWxvrLTnyq7EeOnOWq26UMwVXoqI7Hgxr8vrk+y4cuT4ZkS8EhE/n5zOj8vLjdrKMH/xAYARdvnI+P/vyfb4DwBccFPDTgAAOHPGfwAYPcZ/ABg9xn8AGD3t8X962GkAAGfI638AGD3GfwAYKd//8MNsSw+K779e+WRne73xyY2VanO9XN9eLi83tjbLq43Gav6dPfVn3a/WaGwuvhPbn1755mazNd/c2b1db2xvtG7n3+t9uzqeX7V3Bi0DAPp55Y0Hf06yEfn96XyLrrUcxoeaGXDaSsNOABiasWEnAAyN1b5gdL3Aa3zTA3BB9Fii95CpXh8QStM0Pb2UgFN27QuDzP8nA/QQwGdN1/y//wUMI8b8P4wu8/8wutI0GXTN/xj0QgDgfPP7P9Dn3b1Xi/1vijcHfrRy9Ir7p5kVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnG+d9X/LxVrgs1EqlcsRL0XElRhP7qzVqgsR8XJE/GlyfDI7XhxyzgDAiyr9LSnW/7o29/bsoarXLz8pTkTET3750S8+XWq1tv4YMZH8a7JzvnW/OF/pHeC0WwAAPF1nnM73XS/kH+/fXe5sZ5nP378dEVPt+Af7E3FQxN951FmbeCrGI2LmURLdaxUnXXMXL2LvXkR8vlf7k5jN50DaK58ejZ/FfulM45cOxS/lde199nfxuRPIBUbNg6z/+aDX81eKq/m+9/OfnT2JtdOL/i+71fJB3gf+P36n/xvr0/9dHTTGO7//brs0fbzuXsQXL0V0Yh909T+d+Emf+G8PGP8vX3r9zX516a8irkXv+N2x5lv1zfnmzu6NtfrSanW1ulGpjMWthfduvluZz+eo5/uPBv94//rL/eqy9s/0iT/1jPZ/dcD2//q/H//wK0+J//W3esUvxWtPiZ+NiV8bMP7SzO+m+tVl8Vf6tP9ZP//r/W6aHF5Q/OFfd48tGw4ADE9zZ3d9qVarbiko5IXfxrlIo3ch+yd7DtLoWfjWqdw5nTtWNRG9L/7ZW+1n+khVmj5X9H49xknMugHnwZOHPiL+M+xkAAAAAAAAAAAAAACAns7i01HDbiMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX1/8CAAD//3ZK0g4=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x80) lseek(r0, 0x100, 0x1) getdents64(r0, 0x0, 0x0) 1.502807159s ago: executing program 8 (id=4670): capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x2}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x3f, 0x0, &(0x7f0000000a40)="e30080670000ec67838717bd86dde148f0630962bb87dd44fe42904bcee14db4241544716b9ea42231ed3373a3e29953e3bb017d9c1fd05dacf5bb80b4b7ee", 0x0, 0x407, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xc}, 0x50) r0 = syz_open_dev$sg(&(0x7f0000000140), 0xa, 0x0) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85) 1.166417694s ago: executing program 4 (id=4671): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket(0x10, 0x80003, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xb, "00000000000204000000000000000010"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) 963.782065ms ago: executing program 6 (id=4672): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r0, &(0x7f0000000580)={0x8, 0x120, 0xfa00, {0x1, {0x6, 0x100, "485c982af4db165c8dc547e4d293fcfb35b19bb2b5ad0eb78fe6c0d21a8bd80584d39dd2d7102d171dfdb12377c2b6ccac3186b733c6b13721c7536ebc3761f762936717127b0c66310359fcd29346d55894653de5d64b2739d9e4b7859be5ac35aa66055784bbbdf0b56a5363b630f8e6b3292414e8694a026965038bba72a2300f4d8148bd0e852273f99e2a84e62e1759fbf018fb88b11fa22813bbd2bef66447438e95a26c21e4c9bb1d5590b45f87ed045e9c502ca40ee0bbb7a37781f5fcde0a5e11883e893c869b1feb1bd74e0aa1978a4aa2d13af4908fa32ab2082f027affc45435bbcf631909dfbd62f044ce5d80cb53c9b551b33662e291d18980", 0x5, 0x3, 0x5, 0x4, 0x8, 0xc, 0x3}, r2}}, 0x128) 912.8741ms ago: executing program 1 (id=4673): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000380)={'syz1\x00', {0x1, 0x2, 0x1f7, 0xb06}, 0x25, [0x1000, 0x10001, 0x80, 0x10, 0xc, 0x827, 0x0, 0x1, 0xcf1, 0x2, 0x0, 0x8, 0x6, 0x100, 0xc776, 0x7, 0x7, 0xd, 0x7f, 0xfffffffd, 0xfffffffd, 0x6, 0x2, 0xa, 0xe, 0x1, 0x80000000, 0x4, 0x8, 0xb, 0x4, 0xa9, 0x956, 0x1, 0x88, 0x4, 0x8000, 0x7, 0xa, 0x0, 0x9de, 0x1, 0xf82d, 0x80000000, 0x7, 0x2, 0x7fff, 0x9, 0x40000000, 0x6, 0xb05, 0xc, 0x5, 0x5, 0x6, 0x4, 0x0, 0x3, 0x3, 0x9, 0x5, 0x6252, 0x0, 0x3fcc], [0x800, 0x96, 0x2fd1d58, 0x0, 0x401, 0x4, 0x1, 0x8, 0x7, 0x80, 0xfff, 0x2f, 0x9, 0x0, 0x10001, 0x0, 0xfffffbff, 0x6, 0x100, 0x4, 0x7fffffff, 0x1, 0x8001, 0x800, 0xd, 0x5, 0x1000, 0x8, 0x1, 0x9, 0x80000000, 0xc, 0x1, 0x0, 0xfa, 0x7, 0x9f9, 0x1, 0x2, 0xb342, 0x2, 0x451f, 0x1, 0x605f, 0xb2, 0xd4e5, 0x3, 0x80000001, 0x1, 0x2, 0x8, 0x0, 0x6c, 0x7, 0x101, 0xca8, 0x0, 0x7fffffff, 0xfffffffe, 0xffffff81, 0x5, 0x7, 0x5, 0xff], [0xfffffff5, 0x0, 0x0, 0x1dd, 0x6, 0x0, 0x80000349, 0x10000000, 0x80000001, 0xcb4, 0x4, 0x587a, 0x0, 0xe, 0x100, 0xa0000000, 0x0, 0x5, 0x4, 0x9, 0x6, 0x5, 0xcc, 0x7, 0x200, 0x8, 0x6, 0x6, 0x3, 0x10001, 0x7fff, 0x1, 0xfb, 0x2, 0x5, 0x1, 0x0, 0x1fd, 0x6, 0xf, 0x4, 0x2, 0x1000, 0xfa, 0x5, 0x2, 0x6, 0x0, 0x2, 0x3, 0x9, 0x0, 0x741, 0x3, 0x8, 0x2, 0xff, 0x0, 0x6, 0x7ff, 0xd, 0x7, 0x3], [0x2e, 0x9, 0x1000001, 0x1d47, 0x5, 0x0, 0x4, 0x0, 0x4, 0x2b, 0x6, 0x81, 0x8, 0x5, 0xa, 0x1, 0x7fff, 0x7, 0x4, 0x1, 0x2acd684b, 0x2, 0x0, 0x80000000, 0x9, 0x4, 0x41, 0x7, 0x2, 0x4, 0x80, 0x6, 0xda, 0x200, 0x0, 0x6, 0x2, 0xa0000, 0x5, 0x4, 0x8, 0x8, 0x5, 0xffffff2d, 0x4, 0xff, 0x6, 0x9, 0x8cb3, 0x7, 0x400, 0x7, 0x10000, 0x1c0000, 0x8, 0xaa3, 0x38e5, 0x0, 0x5, 0x2, 0x1, 0x1, 0x6, 0x4]}, 0x45c) 857.662779ms ago: executing program 8 (id=4674): r0 = io_uring_setup(0x5741, &(0x7f0000000240)={0x0, 0x7c27, 0x0, 0x40, 0xfffffffe}) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 313.828377ms ago: executing program 4 (id=4675): mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) syz_clone3(&(0x7f0000000380)={0x6000080, 0x0, 0x0, 0x0, {0x10}, 0x0, 0x0, 0x0, 0x0}, 0x58) 263.712233ms ago: executing program 6 (id=4676): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1b) 242.126804ms ago: executing program 5 (id=4677): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000100)={0x80000000, 0x0, 0xfffffffc}, 0x10) write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe0000000000000008000f00fd000000", 0x24) syz_genetlink_get_family_id$tipc(&(0x7f0000000280), r0) 203.696929ms ago: executing program 1 (id=4678): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18) sendmsg$inet(r0, &(0x7f0000001380)={&(0x7f0000001040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10, 0x0}, 0xf05701c918701f1f) 0s ago: executing program 8 (id=4679): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) close(0x3) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x1005, &(0x7f0000000e00)=""/4101, 0x0, 0xc}, 0x22) kernel console output (not intermixed with test programs): sim6 netdevsim3: renamed from eth3 [ 761.744862][ T5094] logitech 0003:046D:C295.0021: hidraw0: USB HID v0.02 Device [HID 046d:c295] on usb-dummy_hcd.4-1/input0 [ 761.807732][ T5094] logitech 0003:046D:C295.0021: no inputs found [ 761.953701][ T5094] usb 5-1: USB disconnect, device number 18 [ 762.019585][ T9247] hid (null): report_id 0 is invalid [ 762.122714][ T9247] asus 0003:0B05:1A30.0022: unknown main item tag 0x0 [ 762.180754][ T9247] asus 0003:0B05:1A30.0022: unknown main item tag 0x0 [ 762.207113][ T9247] asus 0003:0B05:1A30.0022: unknown main item tag 0x0 [ 762.215032][T12956] loop0: detected capacity change from 0 to 256 [ 762.255122][ T9247] asus 0003:0B05:1A30.0022: unknown main item tag 0x0 [ 762.267525][T12958] loop5: detected capacity change from 0 to 256 [ 762.310642][ T9247] asus 0003:0B05:1A30.0022: unknown main item tag 0x0 [ 762.338497][T12958] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 762.357427][ T9247] asus 0003:0B05:1A30.0022: unknown main item tag 0x0 [ 762.357603][ T9247] asus 0003:0B05:1A30.0022: unknown main item tag 0x0 [ 762.357761][ T9247] asus 0003:0B05:1A30.0022: unknown main item tag 0x0 [ 762.358037][ T9247] asus 0003:0B05:1A30.0022: unknown main item tag 0x0 [ 762.358302][ T9247] asus 0003:0B05:1A30.0022: unknown main item tag 0x0 [ 762.367109][ T5783] Bluetooth: hci3: command tx timeout [ 762.462779][T12958] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 762.512616][T12956] FAT-fs (loop0): unable to read block(536870912) for building NFS inode [ 762.538741][ T9247] asus 0003:0B05:1A30.0022: report_id 0 is invalid [ 762.610606][ T9247] asus 0003:0B05:1A30.0022: item 0 1 1 8 parsing failed [ 762.668575][ T9247] asus 0003:0B05:1A30.0022: Asus hid parse failed: -22 [ 762.743236][ T9247] asus 0003:0B05:1A30.0022: probe with driver asus failed with error -22 [ 762.821748][T12954] fido_id[12954]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 762.870923][ T9247] usb 2-1: USB disconnect, device number 20 [ 763.168995][T12867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 763.285474][T12867] 8021q: adding VLAN 0 to HW filter on device team0 [ 763.466621][ T513] bridge0: port 1(bridge_slave_0) entered blocking state [ 763.474203][ T513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 763.627722][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 763.635329][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 763.787870][T12967] loop0: detected capacity change from 0 to 256 [ 763.803008][ T36] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 763.855036][T12967] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 763.969953][T12967] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010364, chksum : 0x44009a1b, utbl_chksum : 0xe619d30d) [ 763.980205][ T36] usb 5-1: Using ep0 maxpacket: 8 [ 764.053877][ T36] usb 5-1: unable to get BOS descriptor or descriptor too short [ 764.093923][ T36] usb 5-1: config 1 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 764.131080][ T36] usb 5-1: config 1 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 1040, setting to 1024 [ 764.155812][ T36] usb 5-1: config 1 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 764.257060][ T36] usb 5-1: config 1 interface 0 has no altsetting 0 [ 764.331299][ T36] usb 5-1: New USB device found, idVendor=0461, idProduct=4e05, bcdDevice= 0.40 [ 764.355967][ T36] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 764.383801][ T36] usb 5-1: Product: syz [ 764.388164][ T36] usb 5-1: Manufacturer: syz [ 764.448931][ T36] usb 5-1: SerialNumber: syz [ 764.486504][T12971] loop5: detected capacity change from 0 to 1024 [ 764.507034][T12961] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 764.693558][T12971] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 764.835784][T12971] ext4 filesystem being mounted at /238/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 764.965954][T12971] EXT4-fs error (device loop5): ext4_map_blocks:818: inode #15: comm syz.5.2773: lblock 0 mapped to illegal pblock 0 (length 1) [ 765.017743][T12971] EXT4-fs (loop5): Remounting filesystem read-only [ 765.287776][ T36] usbhid 5-1:1.0: can't add hid device: -71 [ 765.323212][ T36] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 765.349488][ T36] usb 5-1: USB disconnect, device number 19 [ 765.397157][ T9965] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 766.252007][T12987] IPVS: persistence engine module ip_vs_pe_ not found [ 766.287328][T12867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 766.390595][ T9248] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 766.574734][ T9248] usb 6-1: Using ep0 maxpacket: 16 [ 766.620951][ T9248] usb 6-1: config 166 has an invalid interface number: 177 but max is 1 [ 766.658273][ T9248] usb 6-1: config 166 has an invalid interface number: 34 but max is 1 [ 766.679749][ T9248] usb 6-1: config 166 has no interface number 0 [ 766.733868][ T9248] usb 6-1: config 166 has no interface number 1 [ 766.757199][ T9248] usb 6-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 766.804112][ T9248] usb 6-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 766.840377][ T9248] usb 6-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 766.880597][ T9248] usb 6-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 766.917223][ T9248] usb 6-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 766.955839][ T9248] usb 6-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 766.985179][ T9248] usb 6-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 767.024689][ T9248] usb 6-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0 [ 767.047264][ T9248] usb 6-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 767.100553][ T9248] usb 6-1: config 166 interface 177 has no altsetting 0 [ 767.140693][ T9248] usb 6-1: config 166 interface 34 has no altsetting 0 [ 767.199488][ T9248] usb 6-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12 [ 767.235013][ T9248] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.270199][ T9248] usb 6-1: Product: syz [ 767.286533][ T9248] usb 6-1: Manufacturer: syz [ 767.307415][ T9248] usb 6-1: SerialNumber: syz [ 767.598183][T13010] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2784'. [ 767.612780][ T9248] ums-realtek 6-1:166.177: USB Mass Storage device detected [ 767.687473][T13010] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2784'. [ 767.817135][ T9248] ums-realtek 6-1:166.34: USB Mass Storage device detected [ 768.051310][ T9248] ums-realtek 6-1:166.34: probe with driver ums-realtek failed with error -5 [ 768.230800][ T9248] uvcvideo 6-1:166.34: Found UVC 0.00 device syz (0bda:0138) [ 768.266848][ T9248] uvcvideo 6-1:166.34: No valid video chain found. [ 768.302839][T12867] veth0_vlan: entered promiscuous mode [ 768.336443][ T9248] usb 6-1: USB disconnect, device number 16 [ 768.429852][T12867] veth1_vlan: entered promiscuous mode [ 768.828174][T13025] loop0: detected capacity change from 0 to 8 [ 768.878307][T12867] veth0_macvtap: entered promiscuous mode [ 768.956906][ T5971] udevd[5971]: incorrect cramfs checksum on /dev/loop0 [ 768.977024][T12867] veth1_macvtap: entered promiscuous mode [ 769.137164][T12867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 769.182320][ T5971] udevd[5971]: incorrect cramfs checksum on /dev/loop0 [ 769.298443][T12867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 769.576251][T13031] loop7: detected capacity change from 0 to 7 [ 769.646453][ C1] blk_print_req_error: 146 callbacks suppressed [ 769.646527][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 769.662919][ C1] buffer_io_error: 146 callbacks suppressed [ 769.662989][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 769.684717][ T1033] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.700124][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 769.710090][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 769.719686][ T13] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.763071][ T13] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.792093][T13033] loop7: detected capacity change from 7 to 0 [ 769.799486][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 769.809459][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 769.825392][T13031] ldm_validate_partition_table(): Disk read failed. [ 769.834351][ T13] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.846226][T13031] Dev loop7: unable to read RDB block 0 [ 769.909156][T13031] loop7: unable to read partition table [ 769.958001][T13031] loop7: partition table beyond EOD, truncated [ 769.988244][T13031] loop_reread_partitions: partition scan of loop7 (SJ_+]֋ S'(7^Z (636) failed (rc=-5) [ 770.900531][ T36] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 770.971271][ T9247] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 771.090664][ T36] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 771.130579][ T36] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 771.153076][ T9247] usb 2-1: Using ep0 maxpacket: 32 [ 771.191545][ T9247] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 771.194689][ T36] usb 1-1: config 0 descriptor?? [ 771.229747][ T9247] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 771.285084][ T36] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 771.309066][ T9247] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 771.344340][ T9247] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 771.367941][ T9247] usb 2-1: Product: syz [ 771.380280][ T9247] usb 2-1: Manufacturer: syz [ 771.466169][ T9247] hub 2-1:4.0: USB hub found [ 771.509564][ T36] gp8psk: usb in 128 operation failed. [ 771.532172][ T36] gp8psk: usb in 137 operation failed. [ 771.548717][ T36] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 771.625811][ T36] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver) [ 771.657252][ T36] usb 1-1: media controller created [ 771.708973][ T9247] hub 2-1:4.0: 2 ports detected [ 771.859101][ T36] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 771.907340][ T9247] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 771.958415][ T9247] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 772.101659][ T9247] usb 2-1: USB disconnect, device number 21 [ 772.111668][ T36] gp8psk_fe: Frontend attached [ 772.137111][ T36] usb 1-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 772.164037][ T36] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 772.542053][ T36] gp8psk: usb in 137 operation failed. [ 772.563068][ T36] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected. [ 772.617713][ T36] gp8psk: found Genpix USB device pID = 203 (hex) [ 772.717314][ T36] usb 1-1: USB disconnect, device number 20 [ 773.036856][T13064] loop5: detected capacity change from 0 to 2048 [ 773.143297][T13064] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 773.260213][T13071] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 773.853375][ T36] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected. [ 775.006601][T13093] loop5: detected capacity change from 0 to 64 [ 775.169677][T13093] hfs: request for non-existent node 255 in B*Tree [ 775.212066][T13093] hfs: request for non-existent node 255 in B*Tree [ 775.261452][T13093] hfs: request for non-existent node 255 in B*Tree [ 775.268160][T13093] hfs: request for non-existent node 255 in B*Tree [ 775.291310][T13096] hfs: request for non-existent node 255 in B*Tree [ 775.298015][T13096] hfs: request for non-existent node 255 in B*Tree [ 775.592536][ T1033] hfs: request for non-existent node 255 in B*Tree [ 775.608991][T13102] loop0: detected capacity change from 0 to 16 [ 775.618321][ T1033] hfs: request for non-existent node 255 in B*Tree [ 775.647283][T13103] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2816'. [ 775.680350][T13102] erofs (device loop0): mounted with root inode @ nid 36. [ 775.782423][T13102] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 776.198013][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 776.214989][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 776.258423][ T5777] erofs (device loop0): invalid fast symlink size 39 @ nid 83 [ 776.290861][ T5777] erofs (device loop0): invalid fast symlink size 39 @ nid 83 [ 776.364808][T13107] netem: change failed [ 776.404258][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 776.449185][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 776.635936][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 776.909086][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 777.099390][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 777.214262][T13113] vlan2: entered promiscuous mode [ 777.220945][T13113] bond0: entered promiscuous mode [ 777.227637][T13113] bond_slave_0: entered promiscuous mode [ 777.242327][T13113] bond_slave_1: entered promiscuous mode [ 777.417463][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 777.995274][ T13] bridge_slave_1: left allmulticast mode [ 778.026360][ T13] bridge_slave_1: left promiscuous mode [ 778.041246][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 778.059397][ T13] bridge_slave_0: left allmulticast mode [ 778.073071][ T13] bridge_slave_0: left promiscuous mode [ 778.079615][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 778.709213][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 778.733142][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 778.758317][ T13] bond0 (unregistering): Released all slaves [ 778.907038][ T13] tipc: Disabling bearer [ 778.919718][ T13] tipc: Left network mode [ 779.218229][ T13] hsr_slave_0: left promiscuous mode [ 779.254108][ T13] hsr_slave_1: left promiscuous mode [ 779.292635][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 779.350800][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 779.407977][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 779.430528][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 779.522575][ T13] veth1_macvtap: left promiscuous mode [ 779.542762][ T13] veth0_macvtap: left promiscuous mode [ 780.344439][ T29] audit: type=1800 audit(1771122218.963:72): pid=13137 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2830" name="nullb0" dev="devtmpfs" ino=3299 res=0 errno=0 [ 781.009472][T11530] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 781.021004][T11530] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 781.030475][T11530] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 781.045978][T11530] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 781.071207][T11530] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 781.255598][ T13] team0 (unregistering): Port device team_slave_1 removed [ 781.299526][ T13] team0 (unregistering): Port device team_slave_0 removed [ 781.516096][T13152] netlink: 'syz.1.2834': attribute type 11 has an invalid length. [ 781.542248][T13152] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2834'. [ 781.924002][T13155] program syz.5.2835 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 783.162629][T11530] Bluetooth: hci0: command tx timeout [ 783.333535][T13173] can0: slcan on ttyS3. [ 783.556902][T13174] can0 (unregistered): slcan off ttyS3. [ 783.631527][T13173] can0: slcan on ttyS3. [ 783.813255][T13172] can0 (unregistered): slcan off ttyS3. [ 784.468703][T13142] chnl_net:caif_netlink_parms(): no params data found [ 784.591256][T13192] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(5) [ 784.597985][T13192] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 784.631325][T13192] vhci_hcd vhci_hcd.0: Device attached [ 784.706312][T13193] vhci_hcd: connection closed [ 784.707381][ T513] vhci_hcd vhci_hcd.6: stop threads [ 784.743083][ T513] vhci_hcd vhci_hcd.6: release socket [ 784.748675][ T513] vhci_hcd vhci_hcd.6: disconnect device [ 785.042464][T13199] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2850'. [ 785.230558][T11530] Bluetooth: hci0: command tx timeout [ 786.286232][T13142] bridge0: port 1(bridge_slave_0) entered blocking state [ 786.315500][T13142] bridge0: port 1(bridge_slave_0) entered disabled state [ 786.368743][T13142] bridge_slave_0: entered allmulticast mode [ 786.403547][T13142] bridge_slave_0: entered promiscuous mode [ 786.474452][T13142] bridge0: port 2(bridge_slave_1) entered blocking state [ 786.520773][T13142] bridge0: port 2(bridge_slave_1) entered disabled state [ 786.528848][T13142] bridge_slave_1: entered allmulticast mode [ 786.546452][T13142] bridge_slave_1: entered promiscuous mode [ 786.837719][T13142] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 786.891610][T13222] loop5: detected capacity change from 0 to 4096 [ 786.913263][T13142] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 786.954542][T13222] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 787.004646][T13222] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 4096) [ 787.105092][T13231] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 787.299129][T13222] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 787.310577][T11530] Bluetooth: hci0: command tx timeout [ 787.339484][T13222] overlayfs: missing 'lowerdir' [ 787.381475][T13142] team0: Port device team_slave_0 added [ 787.565152][T13142] team0: Port device team_slave_1 added [ 787.889771][T13142] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 787.925988][T13142] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 788.020919][T13142] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 788.069704][T13142] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 788.107286][T13142] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 788.195720][T13142] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 788.539667][T13142] hsr_slave_0: entered promiscuous mode [ 788.575235][T13142] hsr_slave_1: entered promiscuous mode [ 788.593590][T13142] debugfs: 'hsr0' already exists in 'hsr' [ 788.614431][T13142] Cannot create hsr debugfs directory [ 789.393869][T11530] Bluetooth: hci0: command tx timeout [ 790.467906][T13142] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 790.599874][T13142] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 790.633887][T13272] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input23 [ 790.775168][T13142] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 790.954550][T13142] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 791.239299][T13278] vlan2: entered promiscuous mode [ 791.300620][T13278] bond0: entered promiscuous mode [ 791.340441][T13278] bond_slave_0: entered promiscuous mode [ 791.392258][T13278] bond_slave_1: entered promiscuous mode [ 791.517461][T13287] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2879'. [ 792.134045][T13293] Falling back ldisc for ptm0. [ 792.684441][T13142] 8021q: adding VLAN 0 to HW filter on device bond0 [ 792.977599][T13142] 8021q: adding VLAN 0 to HW filter on device team0 [ 793.103550][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 793.111140][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 793.236277][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 793.243863][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 793.804327][ T29] audit: type=1800 audit(1771122232.433:73): pid=13315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2888" name="nullb0" dev="devtmpfs" ino=3299 res=0 errno=0 [ 795.326174][T13335] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2895'. [ 796.203304][T13142] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 796.498542][T13356] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2902'. [ 799.454958][T13142] veth0_vlan: entered promiscuous mode [ 799.549426][T13142] veth1_vlan: entered promiscuous mode [ 799.974670][T13398] can0: slcan on ttyS3. [ 800.174724][T13400] can0 (unregistered): slcan off ttyS3. [ 800.272128][T13398] can0: slcan on ttyS3. [ 800.315586][T13142] veth0_macvtap: entered promiscuous mode [ 800.366923][T13402] team0: No ports can be present during mode change [ 800.495016][T13142] veth1_macvtap: entered promiscuous mode [ 800.551246][T13397] can0 (unregistered): slcan off ttyS3. [ 800.895331][T13142] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 801.086825][T13142] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 801.273899][ T1071] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.297183][ T1071] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.394507][ T1071] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.427338][ T1071] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.981526][T13435] loop6: detected capacity change from 0 to 64 [ 803.234218][T13435] hfs: request for non-existent node 255 in B*Tree [ 803.254395][T13435] hfs: request for non-existent node 255 in B*Tree [ 803.291129][T13435] hfs: request for non-existent node 255 in B*Tree [ 803.337723][T13435] hfs: request for non-existent node 255 in B*Tree [ 803.387709][T13439] hfs: request for non-existent node 255 in B*Tree [ 803.443815][T13439] hfs: request for non-existent node 255 in B*Tree [ 803.777326][ T513] hfs: request for non-existent node 255 in B*Tree [ 803.806537][ T513] hfs: request for non-existent node 255 in B*Tree [ 803.868250][T13449] can0: slcan on ttyS3. [ 803.990675][T13449] can0 (unregistered): slcan off ttyS3. [ 804.040446][ T9247] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 804.118067][T13450] can0: slcan on ttyS3. [ 804.235123][ T9247] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 804.237876][ T36] IPVS: starting estimator thread 0... [ 804.289486][ T9247] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 804.336942][ T9247] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 804.370524][ T9247] usb 6-1: config 0 interface 0 has no altsetting 0 [ 804.382720][T13454] IPVS: using max 240 ests per chain, 12000 per kthread [ 804.427354][ T9247] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 804.461870][T13447] can0 (unregistered): slcan off ttyS3. [ 804.501674][ T9247] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 804.568362][ T9247] usb 6-1: config 0 interface 0 has no altsetting 0 [ 804.610939][ T9247] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 804.662670][ T9247] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 804.701614][ T9247] usb 6-1: config 0 interface 0 has no altsetting 0 [ 804.753603][ T9247] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 804.796533][ T9247] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 804.890371][ T9247] usb 6-1: config 0 interface 0 has no altsetting 0 [ 804.906533][ T9247] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 804.952193][ T9247] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 804.989016][ T9247] usb 6-1: config 0 interface 0 has no altsetting 0 [ 805.013934][T13458] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2933'. [ 805.017820][ T9247] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 805.051802][T13458] netlink: 220 bytes leftover after parsing attributes in process `syz.6.2933'. [ 805.080231][ T9247] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 805.103137][T13458] netlink: 220 bytes leftover after parsing attributes in process `syz.6.2933'. [ 805.121194][ T9247] usb 6-1: config 0 interface 0 has no altsetting 0 [ 805.162521][ T9247] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 805.190894][ T9247] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 805.222070][ T9247] usb 6-1: config 0 interface 0 has no altsetting 0 [ 805.244579][ T9247] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 805.284108][ T9247] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 805.320439][ T9247] usb 6-1: config 0 interface 0 has no altsetting 0 [ 805.386303][ T9247] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 805.407106][ T9247] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 805.465343][ T9247] usb 6-1: Product: syz [ 805.481687][ T9247] usb 6-1: Manufacturer: syz [ 805.486508][ T9247] usb 6-1: SerialNumber: syz [ 805.535796][ T9247] usb 6-1: config 0 descriptor?? [ 805.649770][ T9247] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 805.893742][ T9247] usb 6-1: USB disconnect, device number 17 [ 805.915506][ T9247] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 808.397778][ T84] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 808.444071][ T84] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 808.748866][ T1071] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 808.785918][ T1071] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 809.258711][T13514] binder: 13513:13514 ioctl c0306201 80000640 returned -22 [ 811.633960][T13541] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2964'. [ 811.676871][T13542] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2964'. [ 811.931742][T13549] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2965'. [ 814.931574][T13591] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2979'. [ 815.619400][T13597] can0: slcan on ttyS3. [ 815.802943][T13600] can0 (unregistered): slcan off ttyS3. [ 815.883037][T13602] can0: slcan on ttyS3. [ 816.060311][T13595] can0 (unregistered): slcan off ttyS3. [ 817.921627][T13631] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2993'. [ 818.371111][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 818.717943][T13642] can0: slcan on ttyS3. [ 818.877660][T13644] can0 (unregistered): slcan off ttyS3. [ 818.998928][T13642] can0: slcan on ttyS3. [ 819.162828][T13641] can0 (unregistered): slcan off ttyS3. [ 819.793612][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 819.795000][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 820.744413][T13667] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3005'. [ 820.896056][T13667] ip6gre1: entered promiscuous mode [ 820.922338][T13667] ip6gre1: entered allmulticast mode [ 820.996484][ T57] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 821.040318][ T9248] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 821.048822][ T57] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 821.111988][ T9248] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 821.181195][ T9248] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 822.441675][T13687] can0: slcan on ttyS3. [ 822.594479][T13687] can0 (unregistered): slcan off ttyS3. [ 822.702011][T13694] can0: slcan on ttyS3. [ 822.957131][T13686] can0 (unregistered): slcan off ttyS3. [ 823.871977][T11530] Bluetooth: hci0: command tx timeout [ 825.310848][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 828.951465][T13759] netlink: 92 bytes leftover after parsing attributes in process `syz.7.3035'. [ 829.674547][T13768] netlink: 200 bytes leftover after parsing attributes in process `syz.4.3039'. [ 832.267718][T13809] loop6: detected capacity change from 0 to 2048 [ 832.364742][T13809] EXT4-fs: Ignoring removed mblk_io_submit option [ 832.613171][T13809] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 832.853850][T13809] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.3053: bg 0: block 234: padding at end of block bitmap is not set [ 832.891540][T13809] EXT4-fs (loop6): Remounting filesystem read-only [ 833.276832][T13831] loop5: detected capacity change from 0 to 256 [ 833.322898][T12867] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 833.354507][T13831] exfat: Deprecated parameter 'namecase' [ 833.364194][T13831] exfat: Deprecated parameter 'namecase' [ 833.412756][T13831] exfat: Deprecated parameter 'utf8' [ 833.600686][T13831] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 833.712327][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 834.625471][T13843] loop5: detected capacity change from 0 to 1024 [ 834.840739][T13847] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3068'. [ 837.542051][ T9248] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 837.742671][ T9248] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 837.781015][ T9248] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 837.795812][T13877] team0: entered promiscuous mode [ 837.817096][ T9248] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 837.839745][T13877] team_slave_0: entered promiscuous mode [ 837.861375][T13877] team_slave_1: entered promiscuous mode [ 837.874931][ T9248] usb 2-1: config 0 interface 0 has no altsetting 0 [ 837.900711][T13876] team0: left promiscuous mode [ 837.930419][ T9248] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 837.961514][ T9248] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 837.970387][T13876] team_slave_0: left promiscuous mode [ 837.998154][ T9248] usb 2-1: config 0 interface 0 has no altsetting 0 [ 838.042351][ T9248] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 838.044018][T13876] team_slave_1: left promiscuous mode [ 838.057989][T13879] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3082'. [ 838.098360][ T9248] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 838.157360][ T9248] usb 2-1: config 0 interface 0 has no altsetting 0 [ 838.209283][ T9248] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 838.231525][ T9248] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 838.278405][ T9248] usb 2-1: config 0 interface 0 has no altsetting 0 [ 838.343205][ T9248] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 838.387039][ T9248] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 838.445049][ T9248] usb 2-1: config 0 interface 0 has no altsetting 0 [ 838.495731][ T9248] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 838.563529][ T9248] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 838.619647][ T9248] usb 2-1: config 0 interface 0 has no altsetting 0 [ 838.699467][ T9248] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 838.783513][ T9248] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 838.850952][ T9248] usb 2-1: config 0 interface 0 has no altsetting 0 [ 838.902996][ T9248] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 838.926094][ T9248] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 838.953009][ T9248] usb 2-1: config 0 interface 0 has no altsetting 0 [ 839.028200][ T9248] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 839.077638][ T9248] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 839.107746][ T9248] usb 2-1: Product: syz [ 839.123730][ T9248] usb 2-1: Manufacturer: syz [ 839.182184][ T9248] usb 2-1: SerialNumber: syz [ 839.203907][ T9248] usb 2-1: config 0 descriptor?? [ 839.235272][T13881] loop5: detected capacity change from 0 to 4096 [ 839.324408][ T9248] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0 [ 839.598866][ T9247] usb 2-1: USB disconnect, device number 22 [ 839.663369][ T9247] yurex 2-1:0.0: USB YUREX #0 now disconnected [ 839.792137][T13881] ntfs3(loop5): Failed to initialize $Extend/$ObjId. [ 841.606158][T13905] loop7: detected capacity change from 0 to 2048 [ 841.636988][T13905] UDF-fs: error (device loop7): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 841.684430][T13905] UDF-fs: warning (device loop7): udf_load_vrs: No anchor found [ 841.720369][T13905] UDF-fs: Scanning with blocksize 512 failed [ 841.824585][T13905] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 844.013544][T13936] loop5: detected capacity change from 0 to 4096 [ 844.021775][ T9248] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 844.043869][T13936] ntfs3(loop5): Different NTFS sector size (2048) and media sector size (512). [ 844.200550][ T9248] usb 8-1: Using ep0 maxpacket: 32 [ 844.234801][ T9248] usb 8-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 844.280287][ T9248] usb 8-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 844.340861][ T9248] usb 8-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 844.383528][ T9248] usb 8-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 844.400225][ T9248] usb 8-1: Product: syz [ 844.404600][ T9248] usb 8-1: Manufacturer: syz [ 844.498773][ T9248] hub 8-1:4.0: USB hub found [ 844.757567][ T9248] hub 8-1:4.0: 2 ports detected [ 844.970396][ T9248] hub 8-1:4.0: hub_hub_status failed (err = -71) [ 845.009205][ T9248] hub 8-1:4.0: config failed, can't get hub status (err -71) [ 845.025402][T13952] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3115'. [ 845.069553][T13952] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3115'. [ 845.122950][ T9248] usb 8-1: USB disconnect, device number 2 [ 845.819336][T13961] netlink: 7 bytes leftover after parsing attributes in process `syz.4.3119'. [ 846.181910][T13964] loop7: detected capacity change from 0 to 1024 [ 846.802984][ T513] hfsplus: b-tree write err: -5, ino 8 [ 848.632643][T13995] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input24 [ 849.479759][T14007] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 849.486680][T14007] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 850.889587][T14017] loop5: detected capacity change from 0 to 164 [ 850.958912][T14019] netlink: 232 bytes leftover after parsing attributes in process `syz.4.3146'. [ 851.110746][T14017] rock: directory entry would overflow storage [ 851.117059][T14017] rock: sig=0x4d4e, size=5, remaining=4 [ 851.630540][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 853.017909][T14039] bond1: invalid ARP target 0.0.0.0 specified for addition [ 853.036504][T14039] bond1: option arp_ip_target: invalid value (0) [ 853.058149][T14039] bond1 (unregistering): Released all slaves [ 854.241708][T14054] loop7: detected capacity change from 0 to 2048 [ 854.332964][T14054] EXT4-fs: Ignoring removed mblk_io_submit option [ 854.462516][T14054] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 854.703378][T14054] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.3159: bg 0: block 234: padding at end of block bitmap is not set [ 854.800348][T14054] EXT4-fs (loop7): Remounting filesystem read-only [ 855.216450][T13142] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 856.489733][T14079] loop7: detected capacity change from 0 to 2048 [ 856.677953][T14079] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 857.199457][T13142] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 858.296146][ T9248] usb 8-1: new full-speed USB device number 3 using dummy_hcd [ 858.554845][ T9248] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 858.604944][ T9248] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 858.639452][ T9248] usb 8-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 858.700376][ T9248] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 858.742773][ T9248] usb 8-1: config 0 descriptor?? [ 858.810419][ T9248] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 858.817341][ T9248] dvb-usb: bulk message failed: -22 (3/0) [ 859.005509][ T9248] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 859.054947][T14098] dibusb: i2c wr: len=8192 is too big! [ 859.054947][T14098] [ 859.069268][ T9248] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 859.128480][ T9248] usb 8-1: media controller created [ 859.181064][ T9248] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 859.302140][ T9248] dvb-usb: bulk message failed: -22 (6/0) [ 859.308307][ T9248] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 859.550687][ T36] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 859.586415][ T9248] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.7/usb8/8-1/input/input25 [ 859.747001][ T36] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 859.814146][ T36] usb 2-1: config 0 has no interface number 0 [ 859.832238][ T9248] dvb-usb: schedule remote query interval to 150 msecs. [ 859.853685][ T36] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 859.880309][ T9248] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 859.894897][ T9248] usb 8-1: USB disconnect, device number 3 [ 859.986035][ T36] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 860.018776][ T36] usb 2-1: Product: syz [ 860.074586][ T36] usb 2-1: Manufacturer: syz [ 860.079423][ T36] usb 2-1: SerialNumber: syz [ 860.181619][ T36] usb 2-1: config 0 descriptor?? [ 860.225260][ T9248] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 860.439488][ T36] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 860.576222][ T36] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 860.619079][ T36] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 860.692806][ T36] usb 2-1: media controller created [ 860.968807][ T36] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 861.361274][ T36] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 861.815492][ T36] usb 2-1: USB disconnect, device number 23 [ 866.717723][T14174] loop5: detected capacity change from 0 to 1024 [ 866.862947][T14174] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 867.015735][T14174] ext4 filesystem being mounted at /337/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 867.030259][T14179] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set [ 867.134340][T14170] loop7: detected capacity change from 0 to 8192 [ 867.228611][ T29] audit: type=1800 audit(1771122305.843:74): pid=14170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.3206" name="file1" dev="loop7" ino=1048687 res=0 errno=0 [ 867.258142][T14174] EXT4-fs error (device loop5): ext4_map_blocks:818: inode #15: comm syz.5.3210: lblock 0 mapped to illegal pblock 0 (length 1) [ 867.372885][T14174] EXT4-fs error (device loop5): ext4_map_blocks:776: inode #15: comm syz.5.3210: lblock 0 mapped to illegal pblock 0 (length 1) [ 867.477438][T14174] EXT4-fs error (device loop5): ext4_ext_remove_space:2956: inode #15: comm syz.5.3210: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 868.053519][ T9965] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 869.770630][T14214] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3224'. [ 871.763864][T14228] input: syz1 as /devices/virtual/input/input26 [ 874.071062][T14242] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3237'. [ 874.444936][T14249] vivid-007: disconnect [ 874.464471][T14248] vivid-007: reconnect [ 874.650667][ T9247] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 874.870620][ T9247] usb 8-1: Using ep0 maxpacket: 32 [ 874.954410][ T9247] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 874.996270][ T9247] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 875.037457][ T9247] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 875.082409][ T9247] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 875.126432][ T9247] usb 8-1: config 0 descriptor?? [ 875.193515][ T9247] hub 8-1:0.0: USB hub found [ 875.434440][ T9247] hub 8-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 875.940701][ T9247] hid_parser_main: 63 callbacks suppressed [ 875.940793][ T9247] hid-generic 0003:046D:C31C.0023: unknown main item tag 0x0 [ 876.024464][ T9247] hid-generic 0003:046D:C31C.0023: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.7-1/input0 [ 876.061797][ T9247] usb 8-1: USB disconnect, device number 4 [ 876.767481][ T5783] Bluetooth: hci3: command 0x0406 tx timeout [ 876.841489][T14269] fido_id[14269]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory [ 879.409274][T14291] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3259'. [ 879.483360][T14291] netlink: 'syz.6.3259': attribute type 30 has an invalid length. [ 879.537136][T14296] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3259'. [ 879.660468][T14296] netlink: 'syz.6.3259': attribute type 30 has an invalid length. [ 879.817621][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 879.912433][ T1033] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 879.986857][ T84] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 880.044840][ T84] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 880.085205][ T84] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 880.360733][T14301] sock: sock_set_timeout: `syz.1.3264' (pid 14301) tries to set negative timeout [ 880.850269][ T9247] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 881.040316][ T9247] usb 8-1: Using ep0 maxpacket: 32 [ 881.061772][ T9247] usb 8-1: config 2 has an invalid interface number: 88 but max is 0 [ 881.100206][ T9247] usb 8-1: config 2 has no interface number 0 [ 881.157572][ T9247] usb 8-1: config 2 interface 88 has no altsetting 0 [ 881.194148][ T9247] usb 8-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 881.224625][ T9247] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 881.257082][ T9247] usb 8-1: Product: syz [ 881.267370][ T9247] usb 8-1: Manufacturer: syz [ 881.277626][ T9247] usb 8-1: SerialNumber: syz [ 882.239217][ T9247] asix 8-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 882.272394][ T9247] asix 8-1:2.88: probe with driver asix failed with error -71 [ 882.311186][ T9247] usb 8-1: USB disconnect, device number 5 [ 885.550812][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 886.781622][T14366] loop7: detected capacity change from 0 to 2048 [ 887.078076][T14366] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 887.135483][T14375] tc_dump_action: action bad kind [ 887.174362][T14366] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 887.356925][T14366] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.3291: bg 0: block 345: padding at end of block bitmap is not set [ 887.445617][T14366] fs-verity (loop7, inode 13): Error -117 writing Merkle tree block 0 [ 887.457596][T14366] fs-verity (loop7, inode 13): Error -117 building Merkle tree [ 887.668339][T13142] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 888.370347][T14385] netlink: 'syz.7.3308': attribute type 4 has an invalid length. [ 888.572856][T14389] netlink: 'syz.6.3299': attribute type 1 has an invalid length. [ 895.742744][ T36] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 895.923719][ T36] usb 2-1: Using ep0 maxpacket: 16 [ 895.993714][ T36] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 896.103057][ T36] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 896.118775][T14473] loop5: detected capacity change from 0 to 512 [ 896.154413][ T36] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 896.224831][ T36] usb 2-1: New USB device found, idVendor=045e, idProduct=fc40, bcdDevice=72.a8 [ 896.317375][ T36] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 896.434983][ T36] usb 2-1: config 0 descriptor?? [ 896.466658][T14473] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 896.661188][T14473] ext4 filesystem being mounted at /362/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 897.188313][ T36] hid-generic 0003:045E:FC40.0024: hidraw0: USB HID v0.00 Device [HID 045e:fc40] on usb-dummy_hcd.1-1/input0 [ 897.277160][ T36] usb 2-1: USB disconnect, device number 24 [ 897.626175][ T9965] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 898.168903][T14481] fido_id[14481]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 898.600583][T14486] loop5: detected capacity change from 0 to 512 [ 898.668047][T14486] EXT4-fs: Ignoring removed nobh option [ 898.834895][T14486] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2 [ 898.882653][T14486] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #13: comm syz.5.3336: invalid indirect mapped block 256 (level 1) [ 898.900805][T14486] loop5: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 898.901929][T14486] EXT4-fs (loop5): Remounting filesystem read-only [ 898.911459][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 898.911545][ C0] EXT4-fs (loop5): initial error at time 1771122337: ext4_free_branches:1023: inode 13 [ 898.911696][ C0] EXT4-fs (loop5): last error at time 1771122337: ext4_free_branches:1023: inode 13 [ 898.952656][T14486] EXT4-fs (loop5): 1 truncate cleaned up [ 898.960680][T14486] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 899.528188][ T9965] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 900.609288][T14500] netlink: 'syz.4.3342': attribute type 28 has an invalid length. [ 900.813271][T14504] loop6: detected capacity change from 0 to 1024 [ 901.038458][T14504] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 901.465485][ T36] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 901.576053][T12867] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 901.639625][ T36] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 901.662343][ T36] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 901.687326][ T36] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 901.733127][ T36] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 901.800163][ T36] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 901.879706][ T36] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 901.933013][ T36] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 901.965351][ T36] usb 6-1: Product: syz [ 901.969717][ T36] usb 6-1: Manufacturer: syz [ 902.036871][ T36] cdc_wdm 6-1:1.0: skipping garbage [ 902.058142][ T36] cdc_wdm 6-1:1.0: skipping garbage [ 902.093960][ T36] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 902.113576][ T36] cdc_wdm 6-1:1.0: Unknown control protocol [ 902.346248][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 902.353090][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 902.360416][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 902.367205][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 902.374164][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 902.380912][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 902.388233][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 902.395007][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 902.402004][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 902.408771][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 902.415663][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 902.422429][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 902.433227][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 902.440008][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 902.449064][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 902.455846][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 902.462958][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 902.469723][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 902.476373][ C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 902.481393][ T36] usb 6-1: USB disconnect, device number 18 [ 902.483122][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 902.495196][ C0] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 902.560631][ T9247] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 902.726174][ T9247] usb 2-1: config 165 has no interfaces? [ 902.792545][ T9247] usb 2-1: New USB device found, idVendor=0c52, idProduct=2431, bcdDevice=fc.33 [ 902.845728][ T9247] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 902.858933][ T9247] usb 2-1: Product: syz [ 902.888376][ T9247] usb 2-1: Manufacturer: syz [ 902.895799][ T9247] usb 2-1: SerialNumber: syz [ 903.205008][ T9247] usb 2-1: USB disconnect, device number 25 [ 904.087562][T14535] loop6: detected capacity change from 0 to 128 [ 905.386177][T14545] netlink: 'syz.6.3362': attribute type 10 has an invalid length. [ 905.463205][T14545] netlink: 152 bytes leftover after parsing attributes in process `syz.6.3362'. [ 907.434330][T14562] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3368'. [ 907.744347][ T9247] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 907.772004][T14568] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3371'. [ 907.772217][T14566] loop7: detected capacity change from 0 to 1024 [ 907.930533][T14566] hfsplus: b-tree write err: -5, ino 2 [ 907.961363][ T9247] usb 6-1: Using ep0 maxpacket: 8 [ 907.967827][T14566] hfsplus: bad catalog entry type [ 907.986182][ T9247] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 908.039357][ T9247] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 908.086173][ T9247] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 908.134785][ T9247] usb 6-1: config 0 descriptor?? [ 908.236779][T14572] loop6: detected capacity change from 0 to 512 [ 908.427359][ T53] hfsplus: b-tree write err: -5, ino 25 [ 908.476519][ T9247] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 908.482386][ T53] hfsplus: b-tree write err: -5, ino 4 [ 908.544186][ T53] hfsplus: b-tree write err: -5, ino 2 [ 908.597589][ T53] hfsplus: b-tree write err: -5, ino 26 [ 908.729338][ T36] usb 6-1: USB disconnect, device number 19 [ 909.715055][T14583] sctp: [Deprecated]: syz.4.3379 (pid 14583) Use of struct sctp_assoc_value in delayed_ack socket option. [ 909.715055][T14583] Use struct sctp_sack_info instead [ 912.996490][T14622] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3398'. [ 913.064535][T14622] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3398'. [ 914.218252][T14635] veth1_macvtap: left promiscuous mode [ 914.663160][T14643] hugetlbfs: syz.5.3406 (14643): Using mlock ulimits for SHM_HUGETLB is obsolete [ 915.263285][T14647] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3408'. [ 916.491926][T14663] loop5: detected capacity change from 0 to 1024 [ 916.638276][T14663] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 917.107156][ T9965] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 918.732149][T14687] bridge0: port 3(netdevsim0) entered blocking state [ 918.757993][T14687] bridge0: port 3(netdevsim0) entered disabled state [ 918.787335][T14687] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 918.873591][T14687] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 918.924112][T14687] bridge0: port 3(netdevsim0) entered blocking state [ 918.931576][T14687] bridge0: port 3(netdevsim0) entered forwarding state [ 920.612202][T14712] program syz.7.3437 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 922.568668][T14742] Bluetooth: MGMT ver 1.23 [ 923.052785][ T36] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 923.278828][ T36] usb 5-1: config 8 has an invalid interface number: 235 but max is 0 [ 923.295213][ T36] usb 5-1: config 8 has no interface number 0 [ 923.346287][ T36] usb 5-1: config 8 interface 235 has no altsetting 0 [ 923.359011][ T36] usb 5-1: New USB device found, idVendor=06cd, idProduct=0118, bcdDevice=3e.1f [ 923.379332][ T36] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 923.720444][ T36] usb 5-1: string descriptor 0 read error: -71 [ 923.777584][ T36] keyspan 5-1:8.235: Keyspan - (without firmware) converter detected [ 923.877558][ T36] usb 5-1: USB disconnect, device number 20 [ 923.891106][ T36] keyspan 5-1:8.235: device disconnected [ 924.067944][T14758] loop5: detected capacity change from 0 to 2048 [ 924.129343][T14762] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 924.223335][T14758] NILFS error (device loop5): nilfs_readdir: zero-length directory entry [ 924.292577][T14758] Remounting filesystem read-only [ 925.094113][T14771] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3461'. [ 925.886893][ T5951] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 926.088580][ T5951] usb 5-1: Using ep0 maxpacket: 32 [ 926.132209][ T5951] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 926.170711][ T5951] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 926.217172][ T5951] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 926.261183][ T5951] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 926.321066][ T5951] usb 5-1: config 0 descriptor?? [ 926.827808][ T5951] koneplus 0003:1E7D:2D51.0025: unknown main item tag 0x0 [ 926.943112][ T5951] koneplus 0003:1E7D:2D51.0025: unknown main item tag 0x0 [ 927.040440][ T5951] koneplus 0003:1E7D:2D51.0025: unknown main item tag 0x0 [ 927.047906][ T5951] koneplus 0003:1E7D:2D51.0025: unknown main item tag 0x0 [ 927.102920][ T5951] koneplus 0003:1E7D:2D51.0025: unknown main item tag 0x0 [ 927.227376][ T5951] koneplus 0003:1E7D:2D51.0025: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.4-1/input0 [ 927.252880][T14794] loop6: detected capacity change from 0 to 4096 [ 927.438080][T14803] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 927.505436][ T9247] usb 5-1: USB disconnect, device number 21 [ 928.057865][T14802] fido_id[14802]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 928.222701][ T29] audit: type=1326 audit(1771122366.843:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14806 comm="syz.1.3478" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5f6c code=0x7ffc0000 [ 928.443175][ T29] audit: type=1326 audit(1771122366.883:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14806 comm="syz.1.3478" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5f6c code=0x7ffc0000 [ 929.106232][ T29] audit: type=1326 audit(1771122367.733:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14806 comm="syz.1.3478" exe="/root/syz-executor" sig=0 arch=40000003 syscall=83 compat=1 ip=0xf7fa5f6c code=0x7ffc0000 [ 929.231014][ T29] audit: type=1326 audit(1771122367.763:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14806 comm="syz.1.3478" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5f6c code=0x7ffc0000 [ 929.845845][T14828] netlink: 168 bytes leftover after parsing attributes in process `syz.1.3486'. [ 929.884435][T14828] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3486'. [ 930.375407][T14837] random: crng reseeded on system resumption [ 930.402344][T14833] loop5: detected capacity change from 0 to 2048 [ 930.463803][T14833] EXT4-fs: Ignoring removed mblk_io_submit option [ 930.535552][T14837] Unrecognized hibernate image header format! [ 930.576645][T14837] PM: hibernation: Image mismatch: architecture specific data [ 930.615721][T14833] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 930.825581][ T9965] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 931.530876][ T9247] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 931.758140][ T9247] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 931.796214][ T9247] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 931.830411][ T9247] usb 6-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00 [ 931.847149][ T9247] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 931.905684][ T9247] usb 6-1: config 0 descriptor?? [ 932.616584][ T9247] hid-led 0003:1D34:0004.0026: hidraw0: USB HID v0.06 Device [HID 1d34:0004] on usb-dummy_hcd.5-1/input0 [ 932.713525][ T9247] hid-led 0003:1D34:0004.0026: Dream Cheeky Webmail Notifier initialized [ 932.828641][ T9247] usb 6-1: USB disconnect, device number 20 [ 933.207061][T14870] fido_id[14870]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 933.639496][T14875] loop6: detected capacity change from 0 to 4096 [ 934.453073][T14886] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3512'. [ 935.525148][T14900] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 935.563950][T14900] syzkaller1: linktype set to 805 [ 936.453226][T14914] ip6erspan0: tun_chr_ioctl cmd 1074025675 [ 936.459265][T14914] ip6erspan0: persist disabled [ 937.535369][T14930] netlink: 'syz.6.3532': attribute type 1 has an invalid length. [ 938.716871][T14948] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3538'. [ 939.625632][T14957] loop7: detected capacity change from 0 to 2048 [ 939.656220][T14961] loop5: detected capacity change from 0 to 1024 [ 939.839785][T14957] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 939.878229][T14965] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3546'. [ 939.968429][T14967] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3546'. [ 940.087482][T14968] hfsplus: xattr search failed [ 941.262901][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 941.403788][T14983] loop6: detected capacity change from 0 to 16 [ 941.446506][T14983] erofs (device loop6): mounted with root inode @ nid 36. [ 942.298754][T14994] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3558'. [ 942.921040][T14999] loop7: detected capacity change from 0 to 1024 [ 942.937253][T14999] EXT4-fs: Ignoring removed nobh option [ 942.983555][T14999] EXT4-fs: inline encryption not supported [ 943.093263][T14999] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 943.323230][T14999] EXT4-fs (loop7): Online defrag not supported with bigalloc [ 943.668466][T13142] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 945.925208][T15047] loop6: detected capacity change from 0 to 1024 [ 945.959324][T15047] EXT4-fs: Ignoring removed nobh option [ 946.019411][T15047] EXT4-fs: inline encryption not supported [ 946.239387][T15047] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 946.349736][T15059] netlink: 332 bytes leftover after parsing attributes in process `syz.7.3582'. [ 946.384994][T15059] netlink: 'syz.7.3582': attribute type 9 has an invalid length. [ 946.394661][T15059] netlink: 'syz.7.3582': attribute type 10 has an invalid length. [ 946.504925][T15047] EXT4-fs (loop6): Online defrag not supported with bigalloc [ 946.904079][T12867] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 949.056794][T15092] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3596'. [ 949.080774][T15092] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3596'. [ 949.497814][ T1071] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 949.718874][ T1071] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 949.925637][ T1071] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 950.153263][ T1071] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 950.646691][ T1071] bridge_slave_1: left allmulticast mode [ 950.653084][ T1071] bridge_slave_1: left promiscuous mode [ 950.681047][ T1071] bridge0: port 2(bridge_slave_1) entered disabled state [ 950.711016][ T1071] bridge_slave_0: left allmulticast mode [ 950.716866][ T1071] bridge_slave_0: left promiscuous mode [ 950.731347][ T1071] bridge0: port 1(bridge_slave_0) entered disabled state [ 951.919242][ T1071] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 952.011928][ T1071] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 952.067096][ T1071] bond0 (unregistering): Released all slaves [ 952.884058][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 953.227803][ T5783] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 953.258368][ T5783] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 953.273031][T15120] netlink: 'syz.5.3610': attribute type 1 has an invalid length. [ 953.286054][ T5783] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 953.317165][ T5783] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 953.353087][ T5783] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 953.649090][ T1071] hsr_slave_0: left promiscuous mode [ 953.683212][ T1071] hsr_slave_1: left promiscuous mode [ 953.695984][ T1071] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 953.753437][ T1071] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 953.794139][ T1071] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 953.826048][ T1071] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 953.943764][ T9247] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 954.092755][ T1071] veth0_macvtap: left promiscuous mode [ 954.098662][ T1071] veth1_vlan: left promiscuous mode [ 954.153330][ T1071] veth0_vlan: left promiscuous mode [ 954.178114][T15134] program syz.5.3614 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 954.510455][ T9247] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 954.560750][ T9247] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 954.594609][ T9247] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 954.647641][ T9247] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 954.702195][T15137] loop6: detected capacity change from 0 to 164 [ 954.722585][ T9247] usb 5-1: config 0 descriptor?? [ 954.817922][T15137] Unable to read rock-ridge attributes [ 955.000608][T15137] Unable to read rock-ridge attributes [ 955.273673][ T9247] isku 0003:1E7D:319C.0027: unknown main item tag 0x0 [ 955.296203][ T9247] isku 0003:1E7D:319C.0027: unknown main item tag 0x0 [ 955.336536][ T9247] isku 0003:1E7D:319C.0027: unknown main item tag 0x0 [ 955.384236][ T9247] isku 0003:1E7D:319C.0027: unknown main item tag 0x0 [ 955.426506][ T9247] isku 0003:1E7D:319C.0027: unknown main item tag 0x0 [ 955.476214][ T5783] Bluetooth: hci0: command tx timeout [ 955.482253][ T9247] isku 0003:1E7D:319C.0027: unknown main item tag 0x0 [ 955.482437][ T9247] isku 0003:1E7D:319C.0027: unknown main item tag 0x0 [ 955.545888][ T9247] isku 0003:1E7D:319C.0027: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.4-1/input0 [ 955.929040][ T10] usb 5-1: USB disconnect, device number 22 [ 956.421993][T15147] fido_id[15147]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 956.590762][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 957.228528][ T1071] team0 (unregistering): Port device team_slave_1 removed [ 957.410444][ T1071] team0 (unregistering): Port device team_slave_0 removed [ 957.560173][ T5783] Bluetooth: hci0: command tx timeout [ 957.756793][T15162] loop6: detected capacity change from 0 to 4096 [ 958.354842][T15178] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3627'. [ 958.566445][T15181] ntfs3(loop6): ino=1e, "file1" attr_set_size [ 958.597651][T15178] erspan0: entered promiscuous mode [ 958.682391][T15161] ntfs3(loop6): ino=1e, "file1" attr_set_size [ 959.632725][ T5783] Bluetooth: hci0: command tx timeout [ 959.934179][T15119] chnl_net:caif_netlink_parms(): no params data found [ 960.294714][T15197] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3633'. [ 960.406489][T15197] netlink: 452 bytes leftover after parsing attributes in process `syz.1.3633'. [ 960.465287][T15197] netlink: 452 bytes leftover after parsing attributes in process `syz.1.3633'. [ 961.730531][ T5783] Bluetooth: hci0: command tx timeout [ 961.882043][T15119] bridge0: port 1(bridge_slave_0) entered blocking state [ 961.889537][T15119] bridge0: port 1(bridge_slave_0) entered disabled state [ 961.995776][T15119] bridge_slave_0: entered allmulticast mode [ 962.061846][T15119] bridge_slave_0: entered promiscuous mode [ 962.130888][T15119] bridge0: port 2(bridge_slave_1) entered blocking state [ 962.138370][T15119] bridge0: port 2(bridge_slave_1) entered disabled state [ 962.192669][T15119] bridge_slave_1: entered allmulticast mode [ 962.222795][T15119] bridge_slave_1: entered promiscuous mode [ 962.651918][T15119] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 962.728500][T15119] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 963.086517][T15119] team0: Port device team_slave_0 added [ 963.154442][T15119] team0: Port device team_slave_1 added [ 963.405557][T15119] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 963.460913][T15119] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 963.570544][T15119] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 963.620568][T15119] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 963.641282][T15119] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 963.735799][T15119] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 964.444309][T15119] hsr_slave_0: entered promiscuous mode [ 964.474823][T15119] hsr_slave_1: entered promiscuous mode [ 964.485776][ T9247] usb 6-1: new full-speed USB device number 21 using dummy_hcd [ 964.526770][T15119] debugfs: 'hsr0' already exists in 'hsr' [ 964.533138][T15119] Cannot create hsr debugfs directory [ 964.598450][T15261] loop6: detected capacity change from 0 to 8 [ 964.677411][ T9247] usb 6-1: config 0 has an invalid interface number: 133 but max is 0 [ 964.714668][ T9247] usb 6-1: config 0 has no interface number 0 [ 964.753166][ T9247] usb 6-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 964.843529][ T9247] usb 6-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 964.868727][ T9247] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 964.883884][ T9247] usb 6-1: Product: syz [ 964.888278][ T9247] usb 6-1: Manufacturer: syz [ 964.941605][ T9247] usb 6-1: SerialNumber: syz [ 964.981017][ T9247] usb 6-1: config 0 descriptor?? [ 965.284525][ T9247] keyspan 6-1:0.133: Keyspan 1 port adapter converter detected [ 965.336959][ T9247] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 81 [ 965.373653][ T9247] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 1 [ 965.420416][ T9247] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 2 [ 965.483314][ T9247] usb 6-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 965.562100][ T9247] usb 6-1: USB disconnect, device number 21 [ 965.605451][ T9247] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 965.677789][ T9247] keyspan 6-1:0.133: device disconnected [ 965.867007][ T29] audit: type=1326 audit(1771122660.484:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15266 comm="syz.4.3655" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf704ef6c code=0x0 [ 966.887079][T15119] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 967.017727][T15119] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 967.251732][T15119] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 967.344752][T15119] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 968.849035][T15119] 8021q: adding VLAN 0 to HW filter on device bond0 [ 969.100420][T15119] 8021q: adding VLAN 0 to HW filter on device team0 [ 969.228483][ T84] bridge0: port 1(bridge_slave_0) entered blocking state [ 969.236069][ T84] bridge0: port 1(bridge_slave_0) entered forwarding state [ 969.326063][ T84] bridge0: port 2(bridge_slave_1) entered blocking state [ 969.333732][ T84] bridge0: port 2(bridge_slave_1) entered forwarding state [ 970.296218][T15119] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 970.745378][T15321] netlink: 'syz.5.3674': attribute type 1 has an invalid length. [ 970.767103][T15321] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3674'. [ 972.234842][T15119] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 973.876368][T15363] loop5: detected capacity change from 0 to 128 [ 974.046658][T15363] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 974.200948][T15363] ext4 filesystem being mounted at /440/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 974.527520][T15363] fscrypt (loop5, inode 12): Direct key flag not allowed with different contents and filenames modes [ 974.885189][T15119] veth0_vlan: entered promiscuous mode [ 974.908687][ T9965] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 975.054758][T15119] veth1_vlan: entered promiscuous mode [ 975.411616][T15377] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3689'. [ 975.589730][T15119] veth0_macvtap: entered promiscuous mode [ 975.649865][T15383] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 975.657932][T15383] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 975.749585][T15119] veth1_macvtap: entered promiscuous mode [ 976.146103][T15119] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 976.219454][T15119] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 976.388577][ T513] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 976.441026][ T513] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 976.591606][ T513] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 976.631610][ T513] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 980.997383][T15435] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3714'. [ 982.540859][T15457] Bluetooth: MGMT ver 1.23 [ 982.551690][ T10] kernel write not supported for file /396/oom_score_adj (pid: 10 comm: kworker/0:1) [ 982.572646][T15457] Bluetooth: hci0: too big key_count value 48424 [ 983.587547][ T513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 983.639038][ T513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 983.910762][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 983.950227][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 985.129749][T15497] netlink: 'syz.1.3727': attribute type 11 has an invalid length. [ 985.190684][ T10] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 985.380197][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 985.461839][ T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 985.500345][ T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 985.532688][ T10] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 985.602641][ T10] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 985.620435][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 985.646327][ T10] usb 6-1: SerialNumber: syz [ 985.732352][ T10] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22 [ 985.953001][ T10] usb 6-1: USB disconnect, device number 22 [ 986.430504][ T10] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 986.610169][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 986.700437][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 986.796315][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 986.896283][ T10] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 986.951244][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 987.006286][ T10] usb 5-1: config 0 descriptor?? [ 987.102526][ T10] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 987.276161][T15514] loop5: detected capacity change from 0 to 1024 [ 987.345066][ T10] usb 5-1: USB disconnect, device number 23 [ 987.598741][T15514] hfsplus: request for non-existent node 33554434 in B*Tree [ 987.660429][T15514] hfsplus: request for non-existent node 33554434 in B*Tree [ 987.713697][T15514] hfsplus: request for non-existent node 33554434 in B*Tree [ 987.766124][T15514] hfsplus: request for non-existent node 33554434 in B*Tree [ 988.291258][T11248] hfsplus: request for non-existent node 33554434 in B*Tree [ 988.329712][T11248] hfsplus: request for non-existent node 33554434 in B*Tree [ 991.553563][T15567] netlink: 'syz.4.3752': attribute type 6 has an invalid length. [ 991.911362][T15571] program syz.8.3754 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 992.865136][T15586] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3759'. [ 993.171475][ T10] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 993.354596][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 993.424980][ T10] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 993.450547][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 993.486438][ T10] usb 5-1: Product: syz [ 993.492078][ T10] usb 5-1: Manufacturer: syz [ 993.496852][ T10] usb 5-1: SerialNumber: syz [ 993.574063][ T10] usb 5-1: config 0 descriptor?? [ 993.598493][ T10] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 994.480350][ T10] ssu100 5-1:0.0: probe with driver ssu100 failed with error -71 [ 994.577526][ T10] usb 5-1: USB disconnect, device number 24 [ 994.593353][T15606] loop6: detected capacity change from 0 to 512 [ 994.711997][T15606] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 994.868579][T15606] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 994.988470][T15606] ext4 filesystem being mounted at /184/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 995.663955][T12867] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 996.246666][T15631] loop5: detected capacity change from 0 to 8 [ 997.689625][T15651] loop8: detected capacity change from 0 to 1024 [ 997.991045][T15651] hfsplus: invalid extended attribute record [ 998.015226][T15651] hfsplus: b-tree write err: -5, ino 2 [ 998.326236][ T57] hfsplus: b-tree write err: -5, ino 25 [ 998.360770][ T57] hfsplus: b-tree write err: -5, ino 4 [ 998.366620][ T57] hfsplus: b-tree write err: -5, ino 2 [ 1001.125865][T15695] loop5: detected capacity change from 0 to 4096 [ 1001.350331][T15700] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1001.487033][ T29] audit: type=1800 audit(1771122696.114:80): pid=15695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3798" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 1001.840851][ T10] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 1002.099184][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 1002.130084][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1002.150614][ T10] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1002.230322][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1002.385286][ T10] usb 2-1: config 0 descriptor?? [ 1002.694222][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 1002.782990][ T10] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1002.970794][ T5951] usb 2-1: USB disconnect, device number 26 [ 1002.973965][T15716] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3815'. [ 1003.883164][T15728] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3808'. [ 1004.062240][T15728] hsr0: entered promiscuous mode [ 1004.067777][T15728] macvlan2: entered allmulticast mode [ 1004.130364][T15728] hsr0: entered allmulticast mode [ 1004.135598][T15728] hsr_slave_0: entered allmulticast mode [ 1004.170579][T15728] hsr_slave_1: entered allmulticast mode [ 1009.124175][T15782] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3829'. [ 1009.764924][T15791] netlink: 'syz.5.3833': attribute type 26 has an invalid length. [ 1011.727423][T15817] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 1011.808551][T15817] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 1011.859219][T15817] overlayfs: fs on '.' does not support file handles, falling back to xino=off. [ 1016.526494][T15883] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3875'. [ 1017.981049][T15902] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3884'. [ 1018.686078][T15912] program syz.5.3889 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1020.518145][T15934] loop8: detected capacity change from 0 to 256 [ 1020.627854][T15934] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 1020.728428][T15934] exFAT-fs (loop8): bogus allocation bitmap size(need : 2, cur : 10) [ 1023.970498][ T36] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 1024.174345][ T36] usb 5-1: Using ep0 maxpacket: 8 [ 1024.236370][ T36] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1024.274427][ T36] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1024.320087][ T36] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1024.359271][ T36] usb 5-1: config 0 descriptor?? [ 1024.666503][ T36] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1024.892324][ T36] usb 5-1: USB disconnect, device number 25 [ 1025.153253][ T5783] Bluetooth: hci0: command tx timeout [ 1028.495718][T16037] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3944'. [ 1028.596779][T16039] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3944'. [ 1028.674952][T16039] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3944'. [ 1029.026778][T16043] loop6: detected capacity change from 0 to 2048 [ 1029.212269][T16043] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1029.555676][T12867] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1030.269168][T16063] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3951'. [ 1031.187927][ T10] IPVS: starting estimator thread 0... [ 1031.322971][T16077] IPVS: using max 240 ests per chain, 12000 per kthread [ 1031.921431][T16086] tipc: Enabling of bearer rejected, failed to enable media [ 1032.745350][T16099] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3971'. [ 1035.194863][T16138] netlink: 'syz.4.3988': attribute type 3 has an invalid length. [ 1035.229184][T16138] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3988'. [ 1036.560332][ T36] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 1036.758962][ T36] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1036.803491][ T36] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1036.827300][ T36] usb 2-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 1036.895218][ T36] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1036.936233][ T36] usb 2-1: config 0 descriptor?? [ 1037.461881][ T36] steelseries 0003:1038:1410.0028: collection stack underflow [ 1037.469660][ T36] steelseries 0003:1038:1410.0028: item 0 4 0 12 parsing failed [ 1037.546059][ T36] steelseries 0003:1038:1410.0028: parse failed [ 1037.567385][ T36] steelseries 0003:1038:1410.0028: probe with driver steelseries failed with error -22 [ 1037.653752][ T10] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 1037.677471][ T36] usb 2-1: USB disconnect, device number 27 [ 1037.931835][ T10] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 1037.955527][ T10] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1038.011244][ T10] usb 5-1: config 220 has no interface number 2 [ 1038.017770][ T10] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1038.056241][ T10] usb 5-1: config 220 interface 0 has no altsetting 0 [ 1038.117342][ T10] usb 5-1: config 220 interface 76 has no altsetting 0 [ 1038.129485][ T10] usb 5-1: config 220 interface 1 has no altsetting 0 [ 1038.175280][ T10] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1038.202826][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1038.253619][ T10] usb 5-1: Product: syz [ 1038.257984][ T10] usb 5-1: Manufacturer: syz [ 1038.306247][ T10] usb 5-1: SerialNumber: syz [ 1038.634572][ T10] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 1038.650808][ T10] uvcvideo 5-1:220.0: No valid video chain found. [ 1038.661607][ T10] usb 5-1: selecting invalid altsetting 0 [ 1038.773356][ T10] usb 5-1: selecting invalid altsetting 0 [ 1038.779302][ T10] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 1038.843375][ T10] usb 5-1: USB disconnect, device number 26 [ 1039.041819][T16184] netlink: 'syz.1.4019': attribute type 12 has an invalid length. [ 1039.066615][T16184] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4019'. [ 1039.109643][T16184] bond0: option primary_reselect: invalid value (8) [ 1040.483056][T16200] loop8: detected capacity change from 0 to 128 [ 1040.611450][T16200] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 1040.733781][T16200] hpfs: filesystem error: improperly stopped [ 1040.742144][T16200] hpfs: You really don't want any checks? You are crazy... [ 1040.762722][T16200] hpfs: hpfs_map_sector(): read error [ 1040.790107][T16200] hpfs: code page support is disabled [ 1040.795914][T16200] hpfs: hpfs_map_4sectors(): unaligned read [ 1040.810972][T16200] hpfs: hpfs_map_4sectors(): unaligned read [ 1040.817038][T16200] hpfs: filesystem error: unable to find root dir [ 1040.891437][T16200] hpfs: hpfs_map_4sectors(): unaligned read [ 1040.899665][T16200] hpfs: hpfs_map_sector(): read error [ 1043.168085][ T12] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting [ 1043.283346][ T12] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 1044.070481][ T10] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 1044.287562][T16247] loop6: detected capacity change from 0 to 256 [ 1044.299456][ T10] usb 9-1: config 220 has an invalid interface number: 76 but max is 2 [ 1044.300217][T16247] exfat: Deprecated parameter 'utf8' [ 1044.346235][T16247] exfat: Deprecated parameter 'utf8' [ 1044.360398][ T10] usb 9-1: config 220 has an invalid descriptor of length 127, skipping remainder of the config [ 1044.420097][ T10] usb 9-1: config 220 has no interface number 2 [ 1044.469573][ T10] usb 9-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1044.520450][T16247] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 1044.560401][ T10] usb 9-1: config 220 interface 0 has no altsetting 0 [ 1044.600485][ T10] usb 9-1: config 220 interface 76 has no altsetting 0 [ 1044.607569][ T10] usb 9-1: config 220 interface 1 has no altsetting 0 [ 1044.680620][ T10] usb 9-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1044.710261][ T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1044.718523][ T10] usb 9-1: Product: syz [ 1044.761086][ T10] usb 9-1: Manufacturer: syz [ 1044.792095][ T10] usb 9-1: SerialNumber: syz [ 1045.128126][ T10] usb 9-1: selecting invalid altsetting 0 [ 1045.147939][ T10] uvcvideo 9-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 1045.187172][ T10] uvcvideo 9-1:220.0: No valid video chain found. [ 1045.321604][ T10] usb 9-1: selecting invalid altsetting 0 [ 1045.327561][ T10] usbtest 9-1:220.1: probe with driver usbtest failed with error -22 [ 1045.419427][ T10] usb 9-1: USB disconnect, device number 2 [ 1045.454731][T16262] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1046.388940][T16272] loop8: detected capacity change from 0 to 512 [ 1046.495920][T16274] GUP no longer grows the stack in syz.5.4050 (16274): 80004000-80005000 (80001000) [ 1046.563148][T16274] CPU: 1 UID: 0 PID: 16274 Comm: syz.5.4050 Tainted: G L syzkaller #0 PREEMPT(full) [ 1046.563323][T16274] Tainted: [L]=SOFTLOCKUP [ 1046.563376][T16274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1046.563466][T16274] Call Trace: [ 1046.563523][T16274] [ 1046.563574][T16274] __dump_stack+0x26/0x30 [ 1046.563739][T16274] dump_stack_lvl+0x14c/0x1c0 [ 1046.563898][T16274] dump_stack+0x1e/0x25 [ 1046.564034][T16274] __get_user_pages+0x44ea/0x5f00 [ 1046.564185][T16274] ? update_load_avg+0x14eb/0x25d0 [ 1046.564382][T16274] ? kmsan_get_metadata+0xf1/0x160 [ 1046.564563][T16274] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 1046.564733][T16274] __gup_longterm_locked+0x1862/0x2660 [ 1046.564873][T16274] ? gup_fast_fallback+0xee1/0x3b40 [ 1046.565015][T16274] ? filter_irq_stacks+0x49/0x190 [ 1046.565189][T16274] ? stack_depot_save_flags+0x35/0x790 [ 1046.565338][T16274] ? kmsan_get_metadata+0xf1/0x160 [ 1046.565492][T16274] ? kmsan_get_metadata+0xf1/0x160 [ 1046.565661][T16274] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1046.565832][T16274] ? kmsan_get_metadata+0xf1/0x160 [ 1046.565993][T16274] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1046.566160][T16274] gup_fast_fallback+0x3476/0x3b40 [ 1046.566410][T16274] get_user_pages_fast+0xb7/0x120 [ 1046.566574][T16274] __iov_iter_get_pages_alloc+0x988/0x14d0 [ 1046.566740][T16274] ? stack_depot_save_flags+0x35/0x790 [ 1046.566934][T16274] iov_iter_get_pages2+0xa9/0xf0 [ 1046.567102][T16274] __se_sys_vmsplice+0xdd2/0x3230 [ 1046.567336][T16274] ? kmsan_get_metadata+0xf1/0x160 [ 1046.567497][T16274] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1046.567677][T16274] ? kmsan_get_metadata+0xf1/0x160 [ 1046.567837][T16274] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 1046.568004][T16274] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 1046.568157][T16274] ? kmsan_get_metadata+0xf1/0x160 [ 1046.568323][T16274] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1046.568499][T16274] __ia32_sys_vmsplice+0xb8/0x110 [ 1046.568681][T16274] ia32_sys_call+0x358b/0x4360 [ 1046.568807][T16274] __do_fast_syscall_32+0x17f/0x3f0 [ 1046.568970][T16274] do_fast_syscall_32+0x37/0x80 [ 1046.569114][T16274] do_SYSENTER_32+0x1f/0x30 [ 1046.569253][T16274] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1046.569429][T16274] RIP: 0023:0xf7fa6f6c [ 1046.569540][T16274] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad [ 1046.569653][T16274] RSP: 002b:00000000f546650c EFLAGS: 00000206 ORIG_RAX: 000000000000013c [ 1046.569772][T16274] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000140 [ 1046.569863][T16274] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 1046.569936][T16274] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1046.570009][T16274] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1046.570088][T16274] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1046.570202][T16274] [ 1047.675357][T16283] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4053'. [ 1047.704994][T16283] bond0: Unable to set down delay as MII monitoring is disabled [ 1047.758936][T16287] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4056'. [ 1047.791093][T16287] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4056'. [ 1048.838472][T16292] loop8: detected capacity change from 0 to 2048 [ 1048.949141][ T5987] loop8: p1 < > [ 1049.036272][T16292] loop8: p1 < > [ 1049.919209][ T5987] udevd[5987]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory [ 1051.593818][T16317] loop8: detected capacity change from 0 to 512 [ 1051.628508][T16317] EXT4-fs: Ignoring removed nobh option [ 1051.691157][T16317] EXT4-fs (loop8): Test dummy encryption mode enabled [ 1051.794311][T16317] EXT4-fs error (device loop8): __ext4_iget:5378: inode #11: block 1: comm syz.8.4067: invalid block [ 1051.901733][T16317] loop8: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 1051.910491][ C0] EXT4-fs (loop8): error count since last fsck: 1 [ 1051.926495][ C0] EXT4-fs (loop8): initial error at time 1771122746: __ext4_iget:5378: inode 11: block 1 [ 1051.936757][ C0] EXT4-fs (loop8): last error at time 1771122746: __ext4_iget:5378: inode 11: block 1 [ 1051.972555][T16317] EXT4-fs error (device loop8): ext4_orphan_get:1396: comm syz.8.4067: couldn't read orphan inode 11 (err -117) [ 1052.051204][T16317] loop8: lost filesystem error report for type 5 error -117 [ 1052.061944][T16317] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1052.418018][T15119] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1054.065917][T16354] 9p: Bad value for 'rfdno' [ 1054.862769][T16367] loop8: detected capacity change from 0 to 512 [ 1055.093908][T16367] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1055.356275][T15119] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1055.586187][T16377] netlink: 'syz.1.4091': attribute type 9 has an invalid length. [ 1057.090192][T16397] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4100'. [ 1057.116531][T16396] input: syz1 as /devices/virtual/input/input27 [ 1057.209617][T16399] netlink: 'syz.8.4101': attribute type 2 has an invalid length. [ 1057.518046][T16401] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4103'. [ 1057.803727][T16407] loop6: detected capacity change from 0 to 64 [ 1058.561380][T16416] netlink: 16 bytes leftover after parsing attributes in process `syz.8.4110'. [ 1058.645210][T16416] bond0: entered promiscuous mode [ 1058.646451][T16419] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4111'. [ 1058.667905][T16416] bond_slave_0: entered promiscuous mode [ 1058.703492][T16416] bond_slave_1: entered promiscuous mode [ 1058.739176][T16416] bond0: left promiscuous mode [ 1058.755830][T16416] bond_slave_0: left promiscuous mode [ 1058.770944][T16416] bond_slave_1: left promiscuous mode [ 1060.058008][T16438] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4121'. [ 1060.244312][T16440] loop6: detected capacity change from 0 to 512 [ 1060.315582][T16440] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1060.406879][T16440] EXT4-fs error (device loop6): ext4_validate_block_bitmap:432: comm syz.6.4122: bg 0: block 5: invalid block bitmap [ 1060.423880][T16440] loop6: lost filesystem error report for type 5 error -117 [ 1060.433252][ C1] EXT4-fs (loop6): error count since last fsck: 1 [ 1060.441146][T16440] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6687: Corrupt filesystem [ 1060.447358][ C1] EXT4-fs (loop6): initial error at time 1771122755: ext4_validate_block_bitmap:432 [ 1060.465799][ C1] EXT4-fs (loop6): last error at time 1771122755: ext4_validate_block_bitmap:432 [ 1060.570718][T16440] loop6: lost filesystem error report for type 5 error -117 [ 1060.571938][T16440] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #11: comm syz.6.4122: invalid indirect mapped block 3 (level 2) [ 1060.693962][T16440] loop6: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 1060.713539][T16440] EXT4-fs (loop6): 2 truncates cleaned up [ 1060.785522][T16440] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1061.195773][T12867] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1063.612175][T16492] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4142'. [ 1063.699518][T16492] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4142'. [ 1064.153618][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 1064.458532][T16494] loop8: detected capacity change from 0 to 32768 [ 1064.468282][T16494] xfs: Deprecated parameter 'ikeep' [ 1064.473947][T16494] XFS: ikeep mount option is deprecated. [ 1064.482918][T16494] xfs: Unknown parameter 'mtpt' [ 1065.239505][T16498] netlink: 'syz.6.4146': attribute type 7 has an invalid length. [ 1065.533893][T16502] netlink: 84 bytes leftover after parsing attributes in process `syz.4.4147'. [ 1065.615007][T16504] loop8: detected capacity change from 0 to 512 [ 1068.862619][T16539] loop6: detected capacity change from 0 to 8192 [ 1070.804091][T16574] netlink: 28 bytes leftover after parsing attributes in process `syz.8.4178'. [ 1070.826169][T16574] netlink: 28 bytes leftover after parsing attributes in process `syz.8.4178'. [ 1072.681774][T16599] loop6: detected capacity change from 0 to 64 [ 1072.884201][T16602] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(3) [ 1072.890954][T16602] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1072.966654][T16602] vhci_hcd vhci_hcd.0: Device attached [ 1073.260896][ T10] usb 49-1: new low-speed USB device number 2 using vhci_hcd [ 1073.320221][ T5833] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 1073.521627][ T5833] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1073.573651][ T5833] usb 9-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1073.610197][ T5833] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1073.655324][ T5833] usb 9-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1073.690193][ T5833] usb 9-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1073.698617][ T5833] usb 9-1: Manufacturer: syz [ 1073.752091][ T5833] usb 9-1: config 0 descriptor?? [ 1073.821930][T16616] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4196'. [ 1073.834597][ T5833] smsusb:smsusb_probe: board id=9, interface number 0 [ 1073.856400][ T5833] smsusb:smsusb_probe: Device initialized with return code -19 [ 1074.068012][T16604] usb 49-1: recv xbuf, 0 [ 1074.087750][T11248] vhci_hcd vhci_hcd.8: stop threads [ 1074.130235][T11248] vhci_hcd vhci_hcd.8: release socket [ 1074.163426][T11248] vhci_hcd vhci_hcd.8: disconnect device [ 1074.223013][ T10] usb 49-1: device descriptor read/64, error -71 [ 1074.270745][ T5833] usb 9-1: USB disconnect, device number 3 [ 1074.404313][ T10] vhci_hcd vhci_hcd.8: vhci_device speed not set [ 1074.947926][T16629] netlink: 'syz.5.4201': attribute type 11 has an invalid length. [ 1075.097070][T16633] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4203'. [ 1075.499548][T16640] netlink: 68 bytes leftover after parsing attributes in process `syz.5.4206'. [ 1075.520842][T16640] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4206'. [ 1075.627681][T16642] program syz.4.4207 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1076.166515][T16646] loop6: detected capacity change from 0 to 2048 [ 1076.287268][T16646] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1076.972456][T16659] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4214'. [ 1077.104475][T16659] bond0: entered promiscuous mode [ 1077.152351][T16659] bond_slave_0: entered promiscuous mode [ 1077.161031][T16659] bond_slave_1: entered promiscuous mode [ 1077.190717][T16659] bond0: left promiscuous mode [ 1077.216871][T16659] bond_slave_0: left promiscuous mode [ 1077.286649][T16659] bond_slave_1: left promiscuous mode [ 1077.339783][T16665] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4217'. [ 1077.368386][T16666] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4217'. [ 1077.443049][T16667] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4217'. [ 1077.913583][ T29] audit: type=1326 audit(1771122772.544:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="syz.1.4221" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5f6c code=0x7ffc0000 [ 1078.020451][ T29] audit: type=1326 audit(1771122772.544:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="syz.1.4221" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5f6c code=0x7ffc0000 [ 1078.081100][ T29] audit: type=1326 audit(1771122772.564:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="syz.1.4221" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5f6c code=0x7ffc0000 [ 1078.210290][ T29] audit: type=1326 audit(1771122772.564:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="syz.1.4221" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5f6c code=0x7ffc0000 [ 1078.320738][ T29] audit: type=1326 audit(1771122772.564:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="syz.1.4221" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa5f6c code=0x7ffc0000 [ 1078.450186][ T29] audit: type=1326 audit(1771122772.574:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="syz.1.4221" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5f6c code=0x7ffc0000 [ 1078.550772][ T29] audit: type=1326 audit(1771122772.574:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="syz.1.4221" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5f6c code=0x7ffc0000 [ 1078.581134][ T29] audit: type=1326 audit(1771122772.584:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="syz.1.4221" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5f6c code=0x7ffc0000 [ 1078.720830][ T29] audit: type=1326 audit(1771122772.584:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="syz.1.4221" exe="/root/syz-executor" sig=0 arch=40000003 syscall=331 compat=1 ip=0xf7fa5f6c code=0x7ffc0000 [ 1078.825047][ T29] audit: type=1326 audit(1771122772.584:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="syz.1.4221" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa5f6c code=0x7ffc0000 [ 1078.879561][T16687] 9p: Bad value for 'wfdno' [ 1080.538393][T16713] loop8: detected capacity change from 0 to 512 [ 1080.668938][T16713] EXT4-fs error (device loop8): ext4_validate_block_bitmap:432: comm syz.8.4237: bg 0: block 5: invalid block bitmap [ 1080.684767][T16713] loop8: lost filesystem error report for type 5 error -117 [ 1080.690003][ C1] EXT4-fs (loop8): error count since last fsck: 1 [ 1080.704170][ C1] EXT4-fs (loop8): initial error at time 1771122775: ext4_validate_block_bitmap:432 [ 1080.713873][ C1] EXT4-fs (loop8): last error at time 1771122775: ext4_validate_block_bitmap:432 [ 1080.720421][T16713] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6687: Corrupt filesystem [ 1080.856323][T16713] loop8: lost filesystem error report for type 5 error -117 [ 1080.875258][T16713] EXT4-fs error (device loop8): ext4_free_branches:1023: inode #11: comm syz.8.4237: invalid indirect mapped block 3 (level 2) [ 1080.908277][T16713] loop8: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 1080.923785][T16713] EXT4-fs (loop8): 1 orphan inode deleted [ 1080.939286][T16713] EXT4-fs (loop8): 1 truncate cleaned up [ 1080.970598][T16713] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1081.191829][T16721] netlink: 4580 bytes leftover after parsing attributes in process `syz.4.4242'. [ 1081.230460][T16721] netlink: 4580 bytes leftover after parsing attributes in process `syz.4.4242'. [ 1081.308557][T15119] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1081.786724][T16727] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4246'. [ 1081.904305][T16733] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4248'. [ 1081.972502][T16733] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4248'. [ 1083.998390][T16761] loop6: detected capacity change from 0 to 512 [ 1084.168445][T16761] EXT4-fs (loop6): 1 orphan inode deleted [ 1084.198686][ T1071] __quota_error: 8 callbacks suppressed [ 1084.198763][ T1071] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1084.222605][T16761] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1084.274155][T16761] ext4 filesystem being mounted at /277/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1084.316141][ T1071] EXT4-fs error (device loop6): ext4_release_dquot:7039: comm kworker/u8:8: Failed to release dquot type 1 [ 1084.412248][T16761] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4260'. [ 1084.709026][T12867] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1085.153385][T16749] Bluetooth: hci5: command 0x1003 tx timeout [ 1085.173597][ T5783] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1086.359394][T16791] loop8: detected capacity change from 0 to 256 [ 1086.496640][T16791] exFAT-fs (loop8): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1087.951957][T16809] RDS: rds_bind could not find a transport for ::d00:0:0:0, load rds_tcp or rds_rdma? [ 1088.262329][T16816] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4284'. [ 1088.408500][T16816] bond0: entered promiscuous mode [ 1088.502474][T16816] bond_slave_0: entered promiscuous mode [ 1088.509286][T16816] bond_slave_1: entered promiscuous mode [ 1088.617973][T16819] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4286'. [ 1088.657340][T16816] bond0: left promiscuous mode [ 1088.680582][T16816] bond_slave_0: left promiscuous mode [ 1088.681774][T16819] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4286'. [ 1088.732008][T16816] bond_slave_1: left promiscuous mode [ 1089.681995][T16833] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4294'. [ 1089.753247][T16833] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4294'. [ 1089.804605][T16833] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4294'. [ 1090.399274][T16843] loop8: detected capacity change from 0 to 1024 [ 1091.338616][T16848] loop6: detected capacity change from 0 to 8192 [ 1091.475738][ T29] audit: type=1800 audit(1771122786.094:99): pid=16845 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4299" name="file2" dev="loop6" ino=1048703 res=0 errno=0 [ 1091.566982][T16862] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4306'. [ 1091.726545][T16862] bridge0: entered promiscuous mode [ 1091.820403][T16862] macvtap1: entered promiscuous mode [ 1091.826717][T16862] macvtap1: entered allmulticast mode [ 1091.938419][T16862] bridge0: entered allmulticast mode [ 1091.955498][ T29] audit: type=1326 audit(1771122786.574:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16864 comm="syz.8.4307" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1092.037195][T16862] bridge0: port 3(macvtap1) entered blocking state [ 1092.089150][ T29] audit: type=1326 audit(1771122786.584:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16864 comm="syz.8.4307" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1092.122477][T16862] bridge0: port 3(macvtap1) entered disabled state [ 1092.203065][ T29] audit: type=1326 audit(1771122786.644:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16864 comm="syz.8.4307" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1092.226656][T16862] bridge0: left allmulticast mode [ 1092.248459][T16862] bridge0: left promiscuous mode [ 1092.301557][ T29] audit: type=1326 audit(1771122786.654:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16864 comm="syz.8.4307" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1092.445580][ T29] audit: type=1326 audit(1771122786.664:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16864 comm="syz.8.4307" exe="/root/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1092.570369][ T29] audit: type=1326 audit(1771122786.664:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16864 comm="syz.8.4307" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1092.711138][ T29] audit: type=1326 audit(1771122786.674:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16864 comm="syz.8.4307" exe="/root/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1092.854081][ T29] audit: type=1326 audit(1771122786.674:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16864 comm="syz.8.4307" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1092.932586][ T29] audit: type=1326 audit(1771122786.684:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16864 comm="syz.8.4307" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000 [ 1094.500150][T16900] ip6tnl1: entered allmulticast mode [ 1094.780471][ T10] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 1094.990388][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 1095.046362][ T10] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 1095.063295][ T10] usb 5-1: config 0 has no interface number 0 [ 1095.089015][ T10] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1095.120633][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1095.128849][ T10] usb 5-1: Product: syz [ 1095.175404][ T10] usb 5-1: Manufacturer: syz [ 1095.190437][ T10] usb 5-1: SerialNumber: syz [ 1095.218521][ T10] usb 5-1: config 0 descriptor?? [ 1095.230695][T16911] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4328'. [ 1095.287259][ T10] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1095.542902][ T10] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1095.676575][ T10] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1095.707280][T16903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1095.741934][T16903] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1096.063110][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1096.081291][ T10] usb 5-1: USB disconnect, device number 27 [ 1096.137817][ T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1096.207795][ T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1096.277179][ T10] quatech2 5-1:0.51: device disconnected [ 1097.466338][ T36] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 1097.664232][ T36] usb 5-1: Using ep0 maxpacket: 32 [ 1097.719114][ T36] usb 5-1: config 0 has an invalid interface number: 85 but max is 0 [ 1097.750281][ T36] usb 5-1: config 0 has no interface number 0 [ 1097.756602][ T36] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1097.790568][ T36] usb 5-1: config 0 interface 85 has no altsetting 0 [ 1097.853591][ T36] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1097.873175][ T36] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1097.882000][ T36] usb 5-1: Product: syz [ 1097.886337][ T36] usb 5-1: Manufacturer: syz [ 1097.913366][ T36] usb 5-1: SerialNumber: syz [ 1097.944446][ T36] usb 5-1: config 0 descriptor?? [ 1098.434775][T16946] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4344'. [ 1098.672737][ T36] appletouch 5-1:0.85: Geyser mode initialized. [ 1098.715655][ T36] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.85/input/input28 [ 1098.906697][ T36] usb 5-1: USB disconnect, device number 28 [ 1098.906858][ C0] appletouch 5-1:0.85: atp_complete: usb_submit_urb failed with result -19 [ 1099.068457][T16952] loop8: detected capacity change from 0 to 256 [ 1099.114356][ T36] appletouch 5-1:0.85: input: appletouch disconnected [ 1099.164426][T16952] exfat: Deprecated parameter 'utf8' [ 1099.214214][T16952] exfat: Deprecated parameter 'namecase' [ 1099.260693][T16952] exfat: Deprecated parameter 'namecase' [ 1099.294363][T16952] exfat: Deprecated parameter 'utf8' [ 1099.458018][T16952] exFAT-fs (loop8): failed to load upcase table (idx : 0x00012153, chksum : 0xc9bffc20, utbl_chksum : 0xe619d30d) [ 1099.521678][T16952] exFAT-fs (loop8): failed to test first cluster bit of root dir(5) [ 1099.956118][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1101.364165][T16983] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4362'. [ 1101.418848][T16983] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4362'. [ 1102.977337][T17007] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4373'. [ 1105.223163][T17038] vcan0: tx drop: invalid da for name 0x00000000000000eb [ 1105.852969][T17050] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4393'. [ 1105.893204][T17050] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4393'. [ 1105.970281][T17050] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4393'. [ 1106.149045][T17045] loop8: detected capacity change from 0 to 8192 [ 1108.064385][T17076] loop8: detected capacity change from 0 to 512 [ 1108.246003][T17080] program syz.4.4408 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1108.397634][T17076] EXT4-fs (loop8): too many log groups per flexible block group [ 1108.439480][T17076] EXT4-fs (loop8): failed to initialize mballoc (-12) [ 1108.540562][T17076] EXT4-fs (loop8): mount failed [ 1109.895958][T17100] loop6: detected capacity change from 0 to 256 [ 1109.968737][T17100] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1110.100336][ T29] audit: type=1800 audit(1771122804.714:109): pid=17100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4417" name="file0" dev="loop6" ino=1048706 res=0 errno=0 [ 1111.328110][ T5833] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 1111.510463][ T5833] usb 9-1: Using ep0 maxpacket: 32 [ 1111.546214][ T5833] usb 9-1: config 0 has an invalid interface number: 51 but max is 0 [ 1111.576013][ T5833] usb 9-1: config 0 has no interface number 0 [ 1111.614154][ T5833] usb 9-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1111.670489][ T5833] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1111.701028][ T5833] usb 9-1: Product: syz [ 1111.711930][ T5833] usb 9-1: Manufacturer: syz [ 1111.716780][ T5833] usb 9-1: SerialNumber: syz [ 1111.786874][ T5833] usb 9-1: config 0 descriptor?? [ 1111.866852][ T5833] quatech2 9-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1112.088963][ T5833] usb 9-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1112.212567][ T5833] usb 9-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1112.454404][ C0] usb 9-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1112.463670][ T5833] usb 9-1: USB disconnect, device number 4 [ 1112.507323][ T5833] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1112.598215][ T5833] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1112.669575][ T5833] quatech2 9-1:0.51: device disconnected [ 1115.181284][ T5833] usb 9-1: new full-speed USB device number 5 using dummy_hcd [ 1115.403481][T17163] netlink: 'syz.8.4444': attribute type 32 has an invalid length. [ 1115.452231][T17163] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4444'. [ 1115.946964][T17163] bond1: option coupled_control: invalid value (18) [ 1115.983882][T17163] bond1 (unregistering): Released all slaves [ 1116.370506][ T5833] usb 9-1: unable to get BOS descriptor or descriptor too short [ 1116.401300][ T5833] usb 9-1: unable to read config index 0 descriptor/start: -71 [ 1116.409350][ T5833] usb 9-1: can't read configurations, error -71 [ 1117.645449][T17200] loop6: detected capacity change from 0 to 2048 [ 1117.698549][T17200] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1117.808220][T17205] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1117.886923][T17206] Invalid ELF header magic: != ELF [ 1120.368029][T17240] loop6: detected capacity change from 0 to 256 [ 1120.396289][T17240] exfat: Deprecated parameter 'namecase' [ 1120.613613][T17240] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d) [ 1122.992720][T17274] mac80211_hwsim hwsim20 wlan0: entered promiscuous mode [ 1123.055095][ T5833] hid-generic 0103:0004:0000.0029: unknown main item tag 0x0 [ 1123.069122][T17274] macsec2: entered promiscuous mode [ 1123.092299][T17274] macsec2: entered allmulticast mode [ 1123.113573][ T5833] hid-generic 0103:0004:0000.0029: unknown main item tag 0x0 [ 1123.137184][ T5833] hid-generic 0103:0004:0000.0029: unknown main item tag 0x0 [ 1123.154590][T17274] mac80211_hwsim hwsim20 wlan0: entered allmulticast mode [ 1123.191352][ T5833] hid-generic 0103:0004:0000.0029: unknown main item tag 0x0 [ 1123.217784][ T5833] hid-generic 0103:0004:0000.0029: unknown main item tag 0x0 [ 1123.251729][ T5833] hid-generic 0103:0004:0000.0029: unknown main item tag 0x0 [ 1123.260281][ T5833] hid-generic 0103:0004:0000.0029: unknown main item tag 0x0 [ 1123.268997][ T5833] hid-generic 0103:0004:0000.0029: unknown main item tag 0x0 [ 1123.294433][ T5833] hid-generic 0103:0004:0000.0029: unknown main item tag 0x0 [ 1123.313215][ T5833] hid-generic 0103:0004:0000.0029: unknown main item tag 0x0 [ 1123.343365][ T5833] hid-generic 0103:0004:0000.0029: hidraw0: HID v0.02 Device [syz0] on syz1 [ 1123.771277][T17306] netlink: 256 bytes leftover after parsing attributes in process `syz.5.4494'. [ 1125.377162][T17281] fido_id[17281]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1125.582428][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 1126.662059][T17372] overlayfs: failed to resolve './file0': -2 [ 1127.138158][ T36] kernel write not supported for file [eventfd] (pid: 36 comm: kworker/1:1) [ 1127.572059][ T36] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 1127.757683][ T36] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 1127.769713][ T36] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1127.806491][ T36] usb 2-1: Product: syz [ 1127.832803][ T36] usb 2-1: Manufacturer: syz [ 1127.843846][ T36] usb 2-1: SerialNumber: syz [ 1127.866375][T17397] loop6: detected capacity change from 0 to 512 [ 1127.988082][T17397] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1128.017764][T17397] ext4 filesystem being mounted at /331/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1128.523701][T12867] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1128.766854][ T36] (unnamed net_device) (uninitialized): Assigned a random MAC address: 9a:3e:a6:e9:bd:4a [ 1128.920202][ T36] rtl8150 2-1:1.0: eth13: rtl8150 is detected [ 1129.050760][ T36] usb 2-1: USB disconnect, device number 28 [ 1130.818002][T17433] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 1130.866390][T17433] dvmrp1: linktype set to 774 [ 1132.313128][T17453] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4535'. [ 1132.395408][T17454] netlink: 75 bytes leftover after parsing attributes in process `syz.5.4536'. [ 1132.405677][T17453] netlink: 'syz.8.4535': attribute type 14 has an invalid length. [ 1132.440458][T17453] netlink: 20 bytes leftover after parsing attributes in process `syz.8.4535'. [ 1132.747080][T17458] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 1133.430934][T17470] loop6: detected capacity change from 0 to 1764 [ 1134.227669][T17477] mac80211_hwsim hwsim24 wlan0: entered promiscuous mode [ 1134.273926][T17477] macsec1: entered promiscuous mode [ 1134.296589][T17477] macsec1: entered allmulticast mode [ 1134.321063][T17477] mac80211_hwsim hwsim24 wlan0: entered allmulticast mode [ 1135.007949][T17491] netlink: 92 bytes leftover after parsing attributes in process `syz.8.4551'. [ 1135.511401][T17495] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 1136.386226][T17513] loop8: detected capacity change from 0 to 128 [ 1136.564471][T17513] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1136.587672][T17513] ext4 filesystem being mounted at /163/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1136.984322][T15119] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1139.548917][T17552] program syz.4.4578 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1141.649237][T17580] tipc: Started in network mode [ 1141.670522][T17580] tipc: Node identity , cluster identity 4711 [ 1141.676806][T17580] tipc: Failed to set node id, please configure manually [ 1141.729210][T17580] tipc: Enabling of bearer rejected, failed to enable media [ 1143.548382][ T5833] hid_parser_main: 1 callbacks suppressed [ 1143.548479][ T5833] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 1143.646725][ T5833] hid-generic 0000:0000:0000.002A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1144.171308][T17614] fido_id[17614]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1146.693221][ T29] audit: type=1800 audit(1771122842.328:110): pid=17648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4620" name="file1" dev="tmpfs" ino=3343 res=0 errno=0 [ 1147.393285][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 1147.472452][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 1147.574589][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 1148.722126][T17669] loop6: detected capacity change from 0 to 2048 [ 1149.121370][T17675] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4630'. [ 1149.166399][T17675] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4630'. [ 1152.848339][T17732] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4650'. [ 1155.345845][T17778] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4665'. [ 1156.046257][T17790] program syz.8.4670 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1157.727318][T17344] ===================================================== [ 1157.738130][T17344] BUG: KMSAN: uninit-value in n_tty_receive_buf_standard+0xe7b/0xc820 [ 1157.746949][T17344] n_tty_receive_buf_standard+0xe7b/0xc820 [ 1157.753084][T17344] n_tty_receive_buf_common+0x1a59/0x2610 [ 1157.758992][T17344] n_tty_receive_buf2+0x4c/0x60 [ 1157.766738][T17344] tty_ldisc_receive_buf+0xc6/0x2c0 [ 1157.772272][T17344] tty_port_default_receive_buf+0xd7/0x1a0 [ 1157.778231][T17344] flush_to_ldisc+0x43e/0xe40 [ 1157.783414][T17344] process_scheduled_works+0xb21/0x1e30 [ 1157.789140][T17344] worker_thread+0xede/0x1580 [ 1157.796554][T17344] kthread+0x53f/0x600 [ 1157.800922][T17344] ret_from_fork+0x20f/0x910 [ 1157.805667][T17344] ret_from_fork_asm+0x1a/0x30 [ 1157.810835][T17344] [ 1157.813225][T17344] Uninit was stored to memory at: [ 1157.818451][T17344] n_tty_receive_buf_standard+0xe74/0xc820 [ 1157.829773][T17344] n_tty_receive_buf_common+0x1a59/0x2610 [ 1157.837235][T17344] n_tty_receive_buf2+0x4c/0x60 [ 1157.842647][T17344] tty_ldisc_receive_buf+0xc6/0x2c0 [ 1157.848057][T17344] tty_port_default_receive_buf+0xd7/0x1a0 [ 1157.856668][T17344] flush_to_ldisc+0x43e/0xe40 [ 1157.861645][T17344] process_scheduled_works+0xb21/0x1e30 [ 1157.867348][T17344] worker_thread+0xede/0x1580 [ 1157.872506][T17344] kthread+0x53f/0x600 [ 1157.876751][T17344] ret_from_fork+0x20f/0x910 [ 1157.884233][T17344] ret_from_fork_asm+0x1a/0x30 [ 1157.889194][T17344] [ 1157.891753][T17344] Uninit was created at: [ 1157.896203][T17344] __kmalloc_noprof+0x486/0x1680 [ 1157.901438][T17344] __tty_buffer_request_room+0x3d4/0x7a0 [ 1157.907275][T17344] __tty_insert_flip_string_flags+0x157/0x6e0 [ 1157.918359][T17344] uart_insert_char+0x368/0x930 [ 1157.924125][T17344] serial8250_read_char+0x1ba/0x670 [ 1157.929519][T17344] serial8250_handle_irq+0x930/0x1110 [ 1157.935322][T17344] serial8250_default_handle_irq+0x116/0x370 [ 1157.945072][T17344] serial8250_interrupt+0xcb/0x420 [ 1157.954339][T17344] __handle_irq_event_percpu+0x13c/0xf90 [ 1157.960994][T17344] handle_irq_event+0xe0/0x2a0 [ 1157.966291][T17344] handle_edge_irq+0x2a9/0xb30 [ 1157.973876][T17344] __common_interrupt+0x9d/0x180 [ 1157.979008][T17344] common_interrupt+0x94/0xb0 [ 1157.984016][T17344] asm_common_interrupt+0x2b/0x40 [ 1157.989198][T17344] [ 1157.991868][T17344] CPU: 1 UID: 0 PID: 17344 Comm: kworker/u8:27 Tainted: G L syzkaller #0 PREEMPT(full) [ 1158.005847][T17344] Tainted: [L]=SOFTLOCKUP [ 1158.010437][T17344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1158.022803][T17344] Workqueue: events_unbound flush_to_ldisc [ 1158.029376][T17344] ===================================================== [ 1158.039071][T17344] Disabling lock debugging due to kernel taint [ 1158.417380][T17344] Kernel panic - not syncing: kmsan.panic set ... [ 1158.424069][T17344] CPU: 1 UID: 0 PID: 17344 Comm: kworker/u8:27 Tainted: G B L syzkaller #0 PREEMPT(full) [ 1158.435456][T17344] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP [ 1158.441073][T17344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1158.451229][T17344] Workqueue: events_unbound flush_to_ldisc [ 1158.457179][T17344] Call Trace: [ 1158.460520][T17344] [ 1158.463516][T17344] __dump_stack+0x26/0x30 [ 1158.467984][T17344] dump_stack_lvl+0x50/0x1c0 [ 1158.472713][T17344] ? dump_stack+0x12/0x25 [ 1158.477177][T17344] dump_stack+0x1e/0x25 [ 1158.481468][T17344] vpanic+0x7b4/0x1430 [ 1158.485719][T17344] panic+0x15d/0x160 [ 1158.489793][T17344] kmsan_report+0x31a/0x320 [ 1158.494448][T17344] ? __msan_warning+0x1b/0x30 [ 1158.499259][T17344] ? n_tty_receive_buf_standard+0xe7b/0xc820 [ 1158.505383][T17344] ? n_tty_receive_buf_common+0x1a59/0x2610 [ 1158.511428][T17344] ? n_tty_receive_buf2+0x4c/0x60 [ 1158.516584][T17344] ? tty_ldisc_receive_buf+0xc6/0x2c0 [ 1158.522125][T17344] ? tty_port_default_receive_buf+0xd7/0x1a0 [ 1158.528236][T17344] ? flush_to_ldisc+0x43e/0xe40 [ 1158.533213][T17344] ? process_scheduled_works+0xb21/0x1e30 [ 1158.539079][T17344] ? worker_thread+0xede/0x1580 [ 1158.544055][T17344] ? kthread+0x53f/0x600 [ 1158.548443][T17344] ? ret_from_fork+0x20f/0x910 [ 1158.553336][T17344] ? ret_from_fork_asm+0x1a/0x30 [ 1158.558425][T17344] ? ret_from_fork_asm+0x1a/0x30 [ 1158.563510][T17344] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 1158.569999][T17344] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 1158.576220][T17344] ? uart_start+0x2aa/0x590 [ 1158.580879][T17344] ? kmsan_get_metadata+0x146/0x160 [ 1158.586241][T17344] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1158.592216][T17344] ? n_tty_receive_char+0x1223/0x14f0 [ 1158.597765][T17344] ? kmsan_get_metadata+0xf1/0x160 [ 1158.603052][T17344] __msan_warning+0x1b/0x30 [ 1158.607690][T17344] n_tty_receive_buf_standard+0xe7b/0xc820 [ 1158.613697][T17344] ? kmsan_get_metadata+0xf1/0x160 [ 1158.618967][T17344] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 1158.625455][T17344] ? kmsan_get_metadata+0xf1/0x160 [ 1158.630733][T17344] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 1158.636989][T17344] n_tty_receive_buf_common+0x1a59/0x2610 [ 1158.642961][T17344] n_tty_receive_buf2+0x4c/0x60 [ 1158.647964][T17344] ? __pfx_n_tty_receive_buf2+0x10/0x10 [ 1158.653660][T17344] tty_ldisc_receive_buf+0xc6/0x2c0 [ 1158.659051][T17344] tty_port_default_receive_buf+0xd7/0x1a0 [ 1158.665263][T17344] flush_to_ldisc+0x43e/0xe40 [ 1158.670074][T17344] ? __pfx_tty_port_default_receive_buf+0x10/0x10 [ 1158.676628][T17344] ? __pfx_flush_to_ldisc+0x10/0x10 [ 1158.681945][T17344] process_scheduled_works+0xb21/0x1e30 [ 1158.687695][T17344] worker_thread+0xede/0x1580 [ 1158.692539][T17344] kthread+0x53f/0x600 [ 1158.696760][T17344] ? __pfx_worker_thread+0x10/0x10 [ 1158.702014][T17344] ? __pfx_kthread+0x10/0x10 [ 1158.706744][T17344] ret_from_fork+0x20f/0x910 [ 1158.711480][T17344] ? __switch_to+0x51c/0x750 [ 1158.716230][T17344] ? __pfx_kthread+0x10/0x10 [ 1158.720979][T17344] ret_from_fork_asm+0x1a/0x30 [ 1158.725919][T17344] [ 1158.729464][T17344] Kernel Offset: disabled [ 1158.733831][T17344] Rebooting in 86400 seconds..