last executing test programs: 2m51.026507771s ago: executing program 1 (id=586): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x14, 0x0, 0xffffffffffffffdc) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) r5 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000080)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x2, 0x1}, 0x20) add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000440)={0x0, "8527d2100090af54bfbca283be11c0de7af30e90937920fcba13d90af61beaa44d66a6535daf1bc35fb3af1e9197e31d26589d073c10184095fb00", 0x14}, 0x48, 0xffffffffffffffff) r6 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x101180, 0x0) ioctl$SOUND_MIXER_WRITE_VOLUME(r6, 0xc0040d07, &(0x7f0000000040)=0x121) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810) recvmsg(r7, &(0x7f000000c1c0)={0x0, 0x0, 0x0}, 0x20) close(r4) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="018d008dffff"}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x3, &(0x7f0000000000)=[{0x28, 0x2, 0xfd, 0x5ae9}, {0x20, 0x7f, 0x4, 0xffeff038}, {0x6, 0x0, 0x8, 0x7}]}, 0x10) 2m49.81694844s ago: executing program 1 (id=588): r0 = syz_open_dev$vim2m(&(0x7f0000000440), 0x0, 0x2) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000440)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0xffffffff}]}, 0x10) r2 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffff", 0xc) r3 = syz_open_dev$dvb_demux(&(0x7f0000000140), 0x0, 0x62400) ioctl$DVB_DEMUX_DMX_SET_FILTER(r3, 0x403c6f2b, &(0x7f0000000040)={0x5, {"4e068be8031430cf8aa115d0d8d0f218", "af86a7d62fdce0b68c2a7502b5b00c9f", "faef725a066e767106fa1a96391039d1"}, 0xe, 0x5}) r4 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r5 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0x30bd, 0xc000, 0x8, 0x40000183}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000000)=0x201, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0) sendmsg$nl_generic(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002d00)={0x14, 0x40, 0x107, 0x70bd2c, 0x25dfdbfa, {0x3, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x400c000) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=@ipv6_newroute={0x1c, 0x18, 0x111, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6}}, 0x1c}}, 0x0) sendmmsg$inet6(r2, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x6000000000000000) ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405668, &(0x7f0000000200)={0x2, 0x12000, 0x87fff, 0x80080}) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r8 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r8, &(0x7f0000000000)={0x18, 0x0, {0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}, 'macvlan1\x00'}}, 0x1e) writev(r8, &(0x7f0000000400)=[{&(0x7f0000000240)='\x00W', 0x5ea}], 0x1) sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, 0x0, 0x4001) r9 = accept4(r7, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r9, 0x0, 0x0) 2m47.632482341s ago: executing program 1 (id=593): r0 = openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000002800)={0x0, 0x0, {0x0, @struct}, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000580), 0xaad80) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue0\x00'}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=@ipv4_newrule={0x1c, 0x20, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x10}}, 0x1c}}, 0x48850) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r3, 0xfffffffc) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f00000001c0)='asymmetric\x00', &(0x7f0000000180)=@secondary) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, 0x0, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r6 = dup(r5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r6, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(r6, 0x0, 0xffffffdb) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 2m46.149380358s ago: executing program 1 (id=596): unshare(0x20000400) socket$inet6_sctp(0xa, 0x1, 0x84) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00') r1 = shmget$private(0x0, 0x800000, 0x54003f00, &(0x7f0000800000/0x800000)=nil) shmat(r1, &(0x7f0000000000/0x4000)=nil, 0xbbdccba4532b703b) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) read$FUSE(r0, &(0x7f0000003380)={0x2020}, 0x2020) prctl$PR_SET_TIMERSLACK(0x1d, 0x7) r2 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x4, @empty}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) ppoll(&(0x7f00000005c0)=[{r3, 0x60}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000280)={0x1, &(0x7f00000000c0)=[{0x6, 0x9, 0xc, 0xb6}]}, 0x10) syz_emit_ethernet(0x70, &(0x7f00000002c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaa35080045000062000000000011907864010101ac141421fffd4e20004e9078fc69fe7d84cec4c60629393ec5c602008bf17d753daa9579b4f7761ba71dcd53b85111410735ddce7903135fd6bfbe99d85aa2da7ec0e0ccb8c86b00"/112], 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r4 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000010"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0) r5 = syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x509181) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r5, 0xc0305602, 0x0) 2m44.22027872s ago: executing program 1 (id=597): r0 = dup(0xffffffffffffffff) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x5204, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = socket$unix(0x1, 0x5, 0x0) bind$unix(r6, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r6, 0x2) r7 = socket$unix(0x1, 0x5, 0x0) connect$unix(r7, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r7, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) accept4$unix(r6, 0x0, 0x0, 0x80800) bind$inet6(r1, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x4, 0x4, 0x56}]}) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) r8 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r8, &(0x7f0000000080)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x5}, 0xfffffffffffffe6c) 2m43.214356832s ago: executing program 1 (id=600): sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="ac1414bb0000000000000000140000000000000000000000020000000600000000000000d8000000000000000000000007000000072b52000000000a0101020a010100ac14141b640101020a010102ac1414bbac14143ee000000200000000071731ac14143cac1e0101e0000002ac1414aaff"], 0x1a0}, 0x41) openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000041}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) unshare(0x2c020400) msgget$private(0x0, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r4) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c000000030000000100000000000011020000000000000000000000000000050400000000"], 0x0, 0x37, 0x0, 0x1}, 0x28) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bind$inet(0xffffffffffffffff, 0x0, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x720, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x2c, 0xb, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4800) syz_io_uring_modify_offsets$generic(0x0, 0x0, 0x2c, 0x10000) syz_io_uring_modify_offsets$flags(0x0, 0x0, 0x50, 0x1) 2m27.115189579s ago: executing program 32 (id=600): sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="ac1414bb0000000000000000140000000000000000000000020000000600000000000000d8000000000000000000000007000000072b52000000000a0101020a010100ac14141b640101020a010102ac1414bbac14143ee000000200000000071731ac14143cac1e0101e0000002ac1414aaff"], 0x1a0}, 0x41) openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000041}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) unshare(0x2c020400) msgget$private(0x0, 0x0) r4 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r4) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c000000030000000100000000000011020000000000000000000000000000050400000000"], 0x0, 0x37, 0x0, 0x1}, 0x28) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bind$inet(0xffffffffffffffff, 0x0, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x720, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x2c, 0xb, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4800) syz_io_uring_modify_offsets$generic(0x0, 0x0, 0x2c, 0x10000) syz_io_uring_modify_offsets$flags(0x0, 0x0, 0x50, 0x1) 4.704480619s ago: executing program 4 (id=1213): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) io_submit(0x0, 0x1, &(0x7f0000000080)=[&(0x7f0000000140)={0x0, 0x4, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0}]) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211000000505050505050"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) 4.175834827s ago: executing program 4 (id=1216): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001300)=ANY=[@ANYBLOB="12010000000000205804115000000000000109022400010000000009040000050300000009210000000122940309058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\"'], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUCODE(r1, 0xc018480d, &(0x7f00000000c0)={0x3, 0x100, 0x0, 0x0, 0x100000, 0x1}) 3.713533171s ago: executing program 2 (id=1224): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfc409000) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = openat$binfmt_register(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$binfmt_register(r1, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x18, 0x3b, 0x1, 0x2, 0x25dfdbfe, {0x3}, [@nested={0x4, 0x128}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) 3.359634752s ago: executing program 2 (id=1225): syz_usb_connect(0x0, 0x3e, &(0x7f0000001100)=ANY=[@ANYBLOB="1201000020dafb2099041010f50a0102030109022c00010000000009040000016f2bae000824020100000000092402020000000000090585da20"], 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0xfffffffffffffffc, 0xc8080) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, 0x0) 3.12294889s ago: executing program 3 (id=1229): mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x2) r1 = dup2(r0, r0) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000001c0)={'\x00', 0x40, 0xe, 0x80000, 0x5, 0x10}) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) 2.713427353s ago: executing program 3 (id=1231): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000007a00)=@delchain={0x634, 0x65, 0x400, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x8, 0x2}, {0x0, 0x1}, {0x5}}, [@filter_kind_options=@f_bpf={{0x8}, {0x608, 0x2, [@TCA_BPF_ACT={0x604, 0x1, [@m_xt={0x120, 0x5, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8}]}, {0xed, 0x6, "a5fd64840366fd7ad44f3f053221ded9ced495590e2bc8690a2765e56ded8425cb3eb0e04bbcfec50e639bf373167e617b24eccd260f28bb850873b1e2154b158987d6e585e10ffeaba32641bae47de041e1169d8e4a65b8ce3633a4469c93c5228320c572237d92a9ae6bbc2d2bd3a2d1e27de283017ecf9fca6b2cd8a119dee59702830717b694625f60f5c81f688775c5e292f76a0ffa39e1d2cabd639d1c111c01e0d2f9faa220154db33399242bca9f4fac65c74cb6264c28ac7a50037564c7b417fb61d617d212ab3243c30e0e82d9a12651b74553d539b991a302489af94626e5aac41c53b2"}, {0xc, 0x7, {0x1, 0xeb0757422c733451}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_simple={0xcc, 0xa, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x1, 0x9b6, 0x7, 0x4, 0x1b}}, @TCA_DEF_DATA={0xa, 0x3, '%{^):\x00'}]}, {0x79, 0x6, "f2687c5aa78339e616deb3f19827c994141f940d92a804637d54cb155e6be27b3c2ad1ec52a0a08ca0fb9f17a3ef6ce3652e6f0136028c9b46b33e74015138ea6ba9c60c29dd78378bb28567c803e2a63a94c5fba4bb4bb2adcab7d81ccda8c5f8e000b81344003a049b8353b716e0d9c0c6c5fbd0"}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_bpf={0x120, 0x8, 0x0, 0x0, {{0x8}, {0x14, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x3}]}, {0xe5, 0x6, "5d3aee85a6264cff4a2163adaec321e008985cfa435b8922eeb16f1932265618158a3fe72c442a68b182e8f673f9251a03dc831c5947be17ca906c3dcb99adb55bc5f0ad8886f235f45d7e29bb727715f2e7a3200ac63eb79f7a023835874514b60b0177c40370157c0c21b37875e7e4a2e75b3cc54be7d719fa695469336b975cb56bf3667e66922c0cf263fb2e4901e74673ec3bf8e140cb438b8aae24d0722b0ea76c66d09a9ae2578f669067fc7f4e7e11e7d6206ac703d98c3cd3b5372b60c63437cedd6c47eeb235ad519ca418c057a0c2e2efdad1db459ffde7207d4b45"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_nat={0x1d8, 0x6, 0x0, 0x0, {{0x8}, {0x16c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xab7, 0x4c1adacc, 0x5, 0x99, 0x6}, @remote, @local, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x1, 0xee, 0x7, 0x6, 0x5}, @rand_addr=0x64010102, @rand_addr=0x64010102, 0xff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x1, 0x5, 0x5, 0x0, 0xd}, @private=0xa010100, @empty, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x4ef0, 0x1, 0x4, 0x10000, 0xc0e}, @dev={0xac, 0x14, 0x14, 0x12}, @rand_addr=0x64010100, 0xff000000, 0x3}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xe21, 0x1, 0x3, 0xfd30, 0x1}, @multicast1, @local, 0xff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x2, 0x9, 0x5, 0x3, 0x1}, @multicast1, @empty, 0xff000000}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0xffffff7f, 0x5, 0x79, 0x74e69dde}, @broadcast, @empty, 0xffffffff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xffff000, 0x2cf, 0xffffffffffffffff, 0x7, 0xfffffffb}, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x10, 0x8, 0x10000000, 0x1ff, 0x3}, @loopback, @rand_addr=0x64010100, 0xffffff00}}]}, {0x45, 0x6, "72c2816ab98a21c440078477977f213e81d0d0ff724f9d0109cdd14889252206b3196663ec1f74e5725f9c0ecf9c39784a71c0f063e45546f47be19f4cc6f84d49"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_connmark={0x11c, 0x9, 0x0, 0x0, {{0xd}, {0xc8, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1ff, 0x5, 0x7, 0x1, 0x1e1c}, 0x5}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xd788, 0x7ff, 0x20000000, 0x9, 0x4}, 0x2}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x4, 0x5, 0x8, 0x1}, 0x5}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x4, 0x2, 0x20000000, 0x6, 0x6a}, 0x80}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x3ff, 0x0, 0xb, 0xd}, 0xf40f}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x7, 0x5, 0x6, 0x7}, 0x700}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x59, 0x5b32, 0x4, 0x7fff, 0x7}, 0x8000}}]}, {0x25, 0x6, "b243cf248ea5504cf7e5a67f45c10cd2a166afa2d80373ea83920403cb721db30d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}}]}, 0x634}, 0x1, 0x0, 0x0, 0x2404c080}, 0x20000080) sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)={0x28, 0x0, 0x109, 0x0, 0x0, {0x7}, [@L2TP_ATTR_IFNAME={0x14}]}, 0x28}, 0x1, 0x0, 0x0, 0x804}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 2.576132268s ago: executing program 3 (id=1232): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r2, 0x4018aee3, &(0x7f0000000100)=@attr_pmu_filter={0x0, 0x1, 0x1, 0x0}) 2.449212142s ago: executing program 3 (id=1233): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x83, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0x40000100, 0x0, 0x8000000000000000}]}) 2.365355104s ago: executing program 3 (id=1234): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfc409000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = openat$binfmt_register(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$binfmt_register(r2, 0x0, 0x0) prctl$PR_MCE_KILL(0x35, 0x0, 0x8) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, 0x0, 0x8, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(r3, 0x6, 0x1, 0x0, 0x0) openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, 0x0, 0x0) madvise(&(0x7f0000003000/0x1000)=nil, 0x7f7884acbfff, 0x14) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d0) mount$overlay(0x0, 0x0, 0x0, 0x8, &(0x7f0000000180)) 1.973996437s ago: executing program 4 (id=1238): syz_mount_image$udf(&(0x7f0000000280), &(0x7f00000001c0)='./file0\x00', 0x10004d0, &(0x7f0000000140)=ANY=[@ANYBLOB="73686f72746164000000006d653d3030303030303030303030303030303030b030342c6e6f6164696e6963622c7569643d00", @ANYRES8, @ANYRESHEX], 0x2, 0xa1b, &(0x7f0000001f80)="$eJzs209sm+d9B/Dfw1eyaadrFbd1kzbLWLQIPKUN5P9KvAH2rApt5iZGZWXzZTBlyQ4R/askF043tB42oAjQg1FgPWzAkMsOA3bwDrvsFOwwDBg2GDsMxYp2Wrpm6Y3BBuS0aXhfPpQoWY7VOLZk+/Mx7C/58veSzx+afMmHbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEb/1lVNDB9N2twIAuJ9eGvvG0GHv/wDwSDnn8z8AAAAAAAAAAAAAAOx0KYr4s0jx6k/a6UJ1vaN+pjV75er4yOjmu+1JkaIWRVVf/q0fPHT4yNFjx4e7+cH7f9SejJfHzp1qnJ6bmV+YWlycmmyMz7Yuzk1Obfke7nb/jQarAWjMvHZl8tKlxcah5w6vu/nqwDu7H9s/cOL4i+f3dWvHR0ZHx3pq+vo/9KPf4nZneOyKIn4WKerfezc1I6IWdz8Wd3ju3Gt7qk4MVp0YHxmtOjLdas4ulTemWq6qRQz07HSyO0b3YS7uSiPiWtn8ssGDZffG5psLzYnpqcbZ5sJSa6k1N5tqndaW/RmIWgyniPmIaBe33l1/FPHvkeL777fTREQU3XF4tjox+M7tqd2DPm5BX9m3IuJmPABztoPtjiLeiBQ/OD8UF/O4VsP2TMTXy3w64ptlLkdcz9dT+QR5KuK9TZ5PPFj6ooh/ihRzqZ0mu3Nfva6ceaXxtdlLcz213deVB/794X7a4a9N9ShionrFb6cPf7ADAAAAAMDOU8TfRoobMwfSfPSuKbZmLzfONSemO98Kd7/7b+S9VlZWVgZSJxs5h3KezHk254Wc8zmv5bye882cN3K+lfNmzuWc7ZxRy4+fs5FzKOfJnGdzXsg5n/Nazus538x5I+dbOW/mXM7ZzhnWvQAAAAAAAADYYfZEET+OFF/4m29V5xVHdV76J04MH/jqF3vPGf/MHe6nrH0uIm7E1s7J7c+nDqda+eej7xdbU48ivpPP//vD7W4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwrWpRxGcixQ/faKdIEdGIuBCdXC62u3UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAh1FPRZyOFL/4Sr26fjMiPhsR/7dS/omI5ZUNtrvFAAAAAAAAAMAtUhFDkeLxJ9tpICKuDryz+7H9AyeOv3h+XxFFpLKkt/7lsXOnGqfnZuYXphYXpyYb47Oti3OTU1t9uPqZ1uyVq+Mjo/ekM3e05x63f0/99Nz86wuty68ubXr73vqpicWlhebFzW+OPVGLGOrdMlg1eHxktGr0dKs5W+2aardpYC2isdXOAAAAAAAAAPDQ2JuKOBopXm0dSd11477Omv+vdK4Vq7V/8QdrvwWY3pBdvb8f2MrltNWGDlYL743xkdHRsZ7Nff23lpZtSqmIv44Un/vdJ6r18BR7N10bL+t2RYpj3zqS6wY+V9adXFdVHxwfGW28NDf75VPT03MXm0vNiempxth88+KWfzgAAAAAAAAAAPfQ3lTEn0eK3xu6mbrnnef1/77OtZ71/9+oltAr9bQ+V1Vr+x+v1vY7lz9xYrgx+mu3234v1v/LNqVUxL9Fisd//4nqfPru+v/Qhtqy7r8jxb/+41O5rrarrDvY7U7nHi+1pqeGUh6rzz/brY2q9niu/eRa7cGy9vOR4i+fWV87nGs/tVZ7qKz940jxv0c3r/30Wu3hsvaPIsVvv93o1u4ta8/k2v1rtc9dnJuevNOwlvP/d5Hi7C++mrp9vu389/z+49qGXHXLnH/w5Y9q/gd6tl3L8/rjPP8H7zD/fx8p/uSnT+W6ztgfyrc/Xv27Nv+/Eyn+61fX1x7LtfvWag9utVvbrZz/L0WKEz/60Wqf8/znkV2bod75/2zf+lx9lmzT/D/es20gt+vwLzkWj6LF17/9WnN6emrBBRdccGH1wna/MnE/lO///xwpXjhTS93jmPz+/7HOtbXjv/e/s/b+/8KGXLVN7//7era9kI9a+vsi6ksz8/37I+qLr3/7y62Z5uWpy1Ozw8eOHnl++Nix5/t3dY/t1i5teegeCuX8n4kUr/z0X1Y/x6w//tv8+H/vhly1TfP/yd4+rTuu2fJQPJLK+b8eKb779rurnzc/6Pi/+/n/wBfW5+r/v22a/0/1bKt+4//xiOd7th34dMSprT4WAAAAPGT25nXyP/31f1g953395//4Yre29/uf29kJ5/8DAAAAAMCjbm8q4q8ixf8MfSl1zyHbyu8/Jzfkqm36/d/+nm2T9+m8li0PMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADpSiiKcjxas/aaflorzeUT/Tmr1ydXxkdPPd9qRIUYuiqi//1g8eOnzk6LHjw9384P0/ak/Gy2PnTjVOz83ML0wtLk5NNsZnWxfnJqe2fA93u/9Gg9UANGZeuzJ56dJi49Bzh9fdfHXgnd2P7R84cfzF8/u6teMjo6NjPTV9/R/60W+RbrN9VxRxKVLUv/du+o8iohZ3PxZ3eO7ca3uqTgxWnRgfGa06Mt1qzi6VN6ZarqpFDPTsdLI7RvdhLu5KI+Ja2fyywYNl98bmmwvNiempxtnmwlJrqTU3m2qd1pb9GYhaDKeI+YhoF7feXX8UMREpvv9+O71dRBTdcXj2pbFvDB2+c3tq96CPvVa+u+nmvrJvRcTNeADmbAfbHUV8LFL84PxQ/KzojGs1bM9EfL3MpyO+WeZyxPV8PZVPkKci3tvk+cSDpS+KOBsp5lI7/WeR5756XTnzSuNrs5fmemq7rysP/PvD/bTDX5vqUcTPq1f8dvq5/88AAAAAAA+RIn4zUtyYOZCq9cHVNcXW7OXGuebEdOdr/e53/42818rKyspA6mQj51DOkznP5ryQcz7ntZzXc76Z80bOt3LezLmcs50zavnxczZyDuU8mfNszgs553Ney3k955s5b+R8K+fNnMs52znD9+QAAAAAAADADlSLIp6IFD98o51Wis4C74Xo5LJ1zofe/wcAAP//Vsw/Lg==") setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) truncate(&(0x7f0000000080)='./file1\x00', 0x400000f007) syz_clone(0x18280100, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000004c0)='./file1\x00', 0x80642, 0x150) 1.922995879s ago: executing program 0 (id=1239): syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="e706f2ff011f391e7dd7a2d786dd609907a600302c03cb697a653e336f00000050"], 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) 1.768849713s ago: executing program 0 (id=1240): prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x4, 0xffffffffffffffff}) ioctl$XFS_IOC_BULKSTAT(r2, 0x4018aee2, 0x0) 1.695309816s ago: executing program 2 (id=1241): r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x28, r2, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x38}]}, 0x28}}, 0x4000800) 1.603955809s ago: executing program 0 (id=1242): creat(0x0, 0xecf86c37d53049cc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = epoll_create1(0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet(0x2b, 0x801, 0x0) splice(r5, 0x0, r4, 0x0, 0x8ec0, 0x0) r6 = fcntl$dupfd(r3, 0x2, 0xffffffffffffffff) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000040)='GPL\x00'}, 0x80) r8 = epoll_create1(0x0) r9 = fcntl$dupfd(r8, 0x2, 0xffffffffffffffff) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@cgroup=r9, r7, 0x11, 0x0, r9}, 0x14) bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000140)={@cgroup=r6, r7, 0x11, 0x0, r6}, 0x11) 1.488842353s ago: executing program 2 (id=1243): openat$uinput(0xffffffffffffff9c, 0x0, 0x801, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40000) socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$erofs(&(0x7f0000000440), &(0x7f0000000180)='./file0\x00', 0x10410, &(0x7f0000000480)=ANY=[], 0x1, 0x1ed, &(0x7f0000000cc0)="$eJzsmb+r01AUx7/3Ji/1PURwcXWw4BN9aZIqdClSwV2oim4WG6WaWmkjtAXB4uLi6CC4+g84OHRycHNz1UEFwcGObsKVe3PTXNJGGqwung/05NtzT3Lur5wLLQiC+G/58vnHp6cXGpfPADiMKira/83KYrgR//H5g9PPmhdfvPrw8u29Iw/n+edVSuaXad60LMTY1R4hzPaqssyWvahq3xVwnDJiHH29AY6rWodguK71HUMP0jRR6N4cRN1bvSj0pPGlCaSpm/ltAIsZQxfAIdU7IZjRPppM73aiKBzmxY5I86w0lRW/mz/VvxZHM509C0Ku17Unj2fsURbnGfPng8PXug6GttYNVOC6bjYlxvg5S1dHCGuT8W9NWFLIJS5/+9GDcrnOKyE3298bzjohR7dB8O42NhOJkOU9cm8vPccW83erd3398+zsn70yOaEKF4CVpvd7UrB1TRuJtPCui3Gy+iRfqJPI6oetvAm1uH+/NppMD3r9zu0w9Z71vHNBTRWixCqvebb8XNY/G5gx7BnP3ymslg7GnTge+mMgHvoO09+DxBoVt/168F3dwVX949g/kTyBpedNwUHH9Ierq1T7VmF3CIIgCIIgCIIgCIIgCIIgSnEcTP0Kqv+oEgUEl1T0rwAAAP//Y7ZUwA==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) 1.400441785s ago: executing program 2 (id=1244): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x7, @empty, 0xfff}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000280)=0x5d, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f00000001c0)={0x1, &(0x7f0000f07000)=[{0x6}]}, 0x10) 825.096254ms ago: executing program 4 (id=1245): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB='8\x00\x00'], 0x38}, 0x1, 0x0, 0x0, 0xc080}, 0x20000010) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='vegas', 0x5) write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d) 527.292683ms ago: executing program 0 (id=1246): socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) io_uring_setup(0x650b, &(0x7f0000000180)={0x0, 0x2c3f, 0x0, 0x25, 0xab}) syz_init_net_socket$netrom(0x6, 0x5, 0x0) 360.766129ms ago: executing program 0 (id=1247): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000000)={0x1, 0x800, 0xdf24, 0x0, 0x5, 0x8c}, 0xc) socket$netlink(0x10, 0x3, 0x0) listen(r0, 0xfffeffff) 250.013162ms ago: executing program 0 (id=1248): open(&(0x7f0000000140)='./file1\x00', 0x66842, 0x4) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000007b80)=ANY=[@ANYBLOB="12010000000000106a058400000000000001090224000100000000090400000103000000092100000001220b0009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xb, {[@global=@item_4={0x3, 0x1, 0x6, "6f16a67f"}, @local=@item_4={0x3, 0x2, 0xa, "1c51aa7b"}, @global=@item_012={0x0, 0x1, 0x7}]}}, 0x0}, 0x0) 189.799374ms ago: executing program 2 (id=1249): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000100)={[{@grpid}, {@auto_da_alloc}, {@lazytime}, {@journal_dev={'journal_dev', 0x3d, 0x6}}]}, 0x7, 0x4d4, &(0x7f0000000180)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpiuJN4NDEejTdNvOrRePIPwIMHE0NCDBfA05jZnWm3291ttz8p+/kk232e2WfmeZ6ZeWaffZ7OBNCzhrI/ScT/IuJORDxVjy5MMFR/e3j/+sSj+9cnYjZNz/yT1NI9yOK5Yr2deWS4FFH6MmnaYN301WsXxqvVqSt5fHTm4mej01evvX7+4vi5qXNTl8ZOnTpx/NjJN8fe6L5SLfLL6vVg/xeXD+x79+zt9yfKxfKB/L2xHm2VuyvGUIfPXuluU4+9XQ3hZPF+urGhhWHZBvLTupK1/+vVw2c3u0DAhknTNO1v//Fs2uzmoiXAlpXEZpcA2BzFF332+7d4bVDX47Fw73T9B1BW74f5q/5JOUp5mkrT79u1NBQRH8/++032ik7jEH+uUwEAgJ7zy+miJ9jc/yvF3oZ0/8/nUAYj4umI2B0Rz0TEnoh4NqKW9rmIeL45gyQi7ZD/nqb4fP4/5rMIpburrmQHWf/vrXxua2H/r+j9xWBfHtsVUXSYp47m+2Q4Kv2fnK9OHWuz/W1L5N/Y/8teWf5FXzAvx91y0wDd5PjM+Mpqu9i9mxH7y831T8rZgSumcZKI2BcR+7vY7mBD+Pxr3x2Yi1Ty96/rb0vXvyZtMaXX9XxcK+m3Ea/Wj/9sNB7/ZD7HpPP85OhAVKeOjmZnwdGWefz2+60P2uW/ZP1/+qt5lXdO/nxm1fUuZMd/R8P5H8X87fwk6mASkczN105HpH3d5XHrj/YrrPT835Z8VAsX7evz8ZmZK8citiXvLV4+Nr9uES/SZ/UfPtK6/e/O18n2xAsRkZ3EL0bESxFxMC/7oYg4HBFHOtT/17df/nTl9V9fWf0nW17/Fhz/+fn6ZQaKlbMlfRcO3XnU5uKxvON/ohYazpe0vv4lCy4Ryy3p6vYeAAAAbA2lqP3vf2lkLlwqjYzUx4D2xI5S9fL0zMGIuDRZv0dgMCqlYqSrPh5cSYrxz8GG+FhT/Hg+bvxV3/ZafGTicnVysysPPW5nrc0ni9p/5u8ux3mBLWgN5tGALWqp9r/39gYVBNhwvv+hdzW0/9k2SWb9pww8mXz/Q+9q1f5vxPcd711wzYCtL9WWoadp/9C7yvHhXLh223PLu22BJ5Hvf+hJ3d7Xv5xA8biGaxfS/tZpBqLFEwMG1rgYeWB7i7w2JZD1rNZwg5WIWF7i7SvJougCtn/CQ6m7DfbH4o/6otNaSRfPcSgC2V5ZMvG5vWt+8hfPRFnr0+aH+XZaaTgW5aWOzuoDG3oZAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWDf/BQAA//8mic8a") r0 = open(&(0x7f0000000440)='./file1\x00', 0x84242, 0x1df2a23c5997fa7f) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000180)={0xa0, 0xfffffffffffffffe, 0x0, {{0x6, 0x0, 0x5, 0x81, 0x1, 0x1, {0x6, 0xff, 0x5, 0x8, 0xe, 0xd615, 0x9, 0x1, 0xfffffffe, 0x1000, 0x4000000, 0x0, 0xffffffffffffffff, 0x5, 0x2000000}}, {0x0, 0x19}}}, 0xa0) sendfile(r0, r0, &(0x7f0000000080), 0x7f03) 100.803147ms ago: executing program 4 (id=1250): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x6, 0xa, 0x4, 0x1, 0x6, 0x0, 0x0, 0x8, 0x80, 0x8}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000001c0)={r1}, &(0x7f0000000300)=0x8) 83.869138ms ago: executing program 3 (id=1251): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000000)=0x5, 0x4) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10) listen(r0, 0x0) syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010100, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) 0s ago: executing program 4 (id=1252): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x40000108, 0x0, 0x3}]}) kernel console output (not intermixed with test programs): ][ T5833] usb 1-1: config 129 interface 241 altsetting 216 endpoint 0xA has invalid wMaxPacketSize 0 [ 221.266150][ T5833] usb 1-1: config 129 interface 241 altsetting 216 bulk endpoint 0xA has invalid maxpacket 0 [ 221.295212][ T5833] usb 1-1: config 129 interface 241 has no altsetting 0 [ 221.324840][ T5833] usb 1-1: New USB device found, idVendor=0421, idProduct=0486, bcdDevice=83.52 [ 221.354358][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.411292][ T5833] usb 1-1: Product: syz [ 221.424799][ T5833] usb 1-1: Manufacturer: syz [ 221.429722][ T5833] usb 1-1: SerialNumber: syz [ 222.065124][ T5833] usb 1-1: bad CDC descriptors [ 222.113080][ T5833] usb 1-1: bad CDC descriptors [ 222.146727][ T5833] usb 1-1: USB disconnect, device number 3 [ 222.384085][ T6906] trusted_key: syz.0.242 sent an empty control message without MSG_MORE. [ 222.480266][ T6906] netlink: 'syz.0.242': attribute type 3 has an invalid length. [ 222.488182][ T6906] netlink: 3 bytes leftover after parsing attributes in process `syz.0.242'. [ 222.691966][ T5781] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 223.321323][ T6911] netlink: 4 bytes leftover after parsing attributes in process `syz.1.243'. [ 224.026355][ T6916] netlink: 8 bytes leftover after parsing attributes in process `syz.0.245'. [ 224.185893][ T6916] 8021q: adding VLAN 0 to HW filter on device bond1 [ 225.486837][ T6917] netlink: 8 bytes leftover after parsing attributes in process `syz.0.245'. [ 225.496061][ T6917] netlink: 4 bytes leftover after parsing attributes in process `syz.0.245'. [ 225.540692][ T6916] kAFS: unable to lookup cell '(/' [ 225.582992][ T6917] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.885642][ T6932] loop2: detected capacity change from 0 to 164 [ 225.906544][ T6917] bond1: (slave bond0): making interface the new active one [ 225.945807][ T6917] bond1: (slave bond0): Enslaving as an active interface with an up link [ 225.959894][ T6272] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 225.969609][ T6920] netlink: 'syz.0.245': attribute type 10 has an invalid length. [ 227.323249][ T6920] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.331259][ T6920] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.408118][ T6920] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.415420][ T6920] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.424167][ T6920] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.431423][ T6920] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.484927][ T6920] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 228.023030][ T6941] loop1: detected capacity change from 0 to 8192 [ 228.458635][ T6941] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 228.471900][ T6941] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 228.481247][ T6941] REISERFS (device loop1): using ordered data mode [ 228.487974][ T6941] reiserfs: using flush barriers [ 228.498733][ T6941] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 228.515507][ T6941] REISERFS (device loop1): checking transaction log (loop1) [ 228.527556][ T6941] REISERFS (device loop1): Using r5 hash to sort names [ 228.536101][ T6941] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 230.453355][ T6956] loop2: detected capacity change from 0 to 65 [ 230.520429][ T6956] BFS-fs: bfs_fill_super(): NOTE: filesystem loop2 was created with 512 inodes, the real maximum is 511, mounting anyway [ 230.984097][ T6960] sd 0:0:1:0: device reset [ 232.601362][ T6967] loop0: detected capacity change from 0 to 32768 [ 233.312394][ T6967] XFS (loop0): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 233.797046][ T6984] loop2: detected capacity change from 0 to 8192 [ 233.847671][ T6984] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 233.861014][ T6984] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 233.872385][ T6984] REISERFS (device loop2): using ordered data mode [ 233.879045][ T6984] reiserfs: using flush barriers [ 233.927334][ T6984] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 233.945914][ T6984] REISERFS (device loop2): checking transaction log (loop2) [ 233.965406][ T6984] REISERFS (device loop2): Using rupasov hash to sort names [ 233.974076][ T6984] REISERFS (device loop2): using 3.5.x disk format [ 233.987719][ T6984] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 233.999037][ T6984] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 234.011500][ T6984] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 234.024941][ T6984] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 234.492726][ T6967] XFS (loop0): Ending clean mount [ 236.059211][ T6997] loop3: detected capacity change from 0 to 164 [ 236.153349][ T5773] XFS (loop0): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 238.361302][ T7007] lo speed is unknown, defaulting to 1000 [ 238.367822][ T7007] lo speed is unknown, defaulting to 1000 [ 238.384660][ T7007] lo speed is unknown, defaulting to 1000 [ 238.423315][ T7007] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 238.469898][ T7007] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 239.200607][ T7007] lo speed is unknown, defaulting to 1000 [ 239.210002][ T7007] lo speed is unknown, defaulting to 1000 [ 239.952638][ T7007] lo speed is unknown, defaulting to 1000 [ 239.981549][ T7007] lo speed is unknown, defaulting to 1000 [ 239.988019][ T7007] lo speed is unknown, defaulting to 1000 [ 241.105278][ T7023] syz_tun: entered allmulticast mode [ 241.119434][ T7023] bond0: entered promiscuous mode [ 241.134134][ T7023] bond_slave_0: entered promiscuous mode [ 241.150516][ T7023] bond_slave_1: entered promiscuous mode [ 241.251683][ T7023] random: crng reseeded on system resumption [ 241.876131][ T7032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.270'. [ 241.906613][ T7032] netlink: 4 bytes leftover after parsing attributes in process `syz.3.270'. [ 243.219757][ T7032] netlink: 'syz.3.270': attribute type 4 has an invalid length. [ 243.243972][ T7032] netlink: 152 bytes leftover after parsing attributes in process `syz.3.270'. [ 243.294223][ T7032] .`: renamed from bond0 [ 243.479119][ T7052] loop0: detected capacity change from 0 to 512 [ 244.194126][ T7052] EXT4-fs error (device loop0): ext4_orphan_get:1404: inode #15: comm syz.0.275: inode has both inline data and extents flags [ 244.208592][ T7052] EXT4-fs error (device loop0): ext4_orphan_get:1409: comm syz.0.275: couldn't read orphan inode 15 (err -117) [ 244.230945][ T7052] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 245.783008][ T5781] Bluetooth: hci2: unexpected event for opcode 0x007f [ 246.083428][ T5773] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.308404][ T7071] futex_wake_op: syz.1.274 tries to shift op by 144; fix this program [ 248.841125][ T7093] serio: Serial port ptm0 [ 250.219545][ T7099] No such timeout policy "syz1" [ 251.466053][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 251.472529][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 251.992454][ T7108] warning: `syz.3.288' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 252.697812][ T7107] overlayfs: overlapping lowerdir path [ 258.927040][ T7148] netlink: 43 bytes leftover after parsing attributes in process `syz.1.295'. [ 259.311704][ T7157] loop3: detected capacity change from 0 to 1024 [ 260.546555][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 261.589098][ T7166] loop1: detected capacity change from 0 to 512 [ 261.782587][ T7174] futex_wake_op: syz.0.303 tries to shift op by 144; fix this program [ 262.706187][ T7166] fscrypt: Error allocating hmac(sha512): -2 [ 263.133947][ T7187] loop3: detected capacity change from 0 to 8 [ 263.203911][ T27] audit: type=1326 audit(1780030311.636:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7186 comm="syz.3.309" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffb5a59ce59 code=0x0 [ 263.607495][ T7193] SQUASHFS error: Failed to read block 0x4de: -5 [ 263.619940][ T7193] SQUASHFS error: Failed to read block 0x4de: -5 [ 263.653182][ T7193] SQUASHFS error: Failed to read block 0x4de: -5 [ 263.663601][ T7193] SQUASHFS error: Failed to read block 0x4de: -5 [ 263.672137][ T7193] SQUASHFS error: Failed to read block 0x4de: -5 [ 263.680688][ T7193] SQUASHFS error: Failed to read block 0x4de: -5 [ 264.131052][ T27] audit: type=1800 audit(1780030312.088:3): pid=7193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.309" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 265.371807][ T7201] loop1: detected capacity change from 0 to 512 [ 265.462625][ T7203] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 265.576690][ T7203] overlayfs: failed to look up (tracing) for ino (-66) [ 268.819862][ T7221] input: syz1 as /devices/virtual/input/input7 [ 269.590619][ T5785] Bluetooth: hci2: command 0x0406 tx timeout [ 269.908545][ T7230] loop1: detected capacity change from 0 to 2048 [ 271.333481][ T7230] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 271.940955][ T7240] loop0: detected capacity change from 0 to 2048 [ 272.009980][ T7240] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 272.863345][ T7242] loop1: detected capacity change from 0 to 512 [ 272.979921][ T7242] EXT4-fs error (device loop1): ext4_orphan_get:1404: inode #11: comm syz.1.323: unexpected EA_INODE flag [ 273.021110][ T7242] EXT4-fs (loop1): Remounting filesystem read-only [ 273.029271][ T7242] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 273.307268][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 274.295221][ T7257] loop1: detected capacity change from 0 to 8 [ 274.409528][ T27] audit: type=1326 audit(1780030323.411:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7256 comm="syz.1.325" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd84039ce59 code=0x0 [ 275.017221][ T7270] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 275.211366][ T6417] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 275.541014][ T7269] SQUASHFS error: Failed to read block 0x4de: -5 [ 275.547857][ T7269] SQUASHFS error: Failed to read block 0x4de: -5 [ 275.560184][ T7269] SQUASHFS error: Failed to read block 0x4de: -5 [ 275.568480][ T7269] SQUASHFS error: Failed to read block 0x4de: -5 [ 275.575053][ T7269] SQUASHFS error: Failed to read block 0x4de: -5 [ 275.581621][ T7269] SQUASHFS error: Failed to read block 0x4de: -5 [ 275.625759][ T6417] usb 3-1: Using ep0 maxpacket: 8 [ 275.641242][ T6417] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 276.722483][ T6417] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 276.750774][ T27] audit: type=1800 audit(1780030324.618:5): pid=7269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.325" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 276.886393][ T6417] usb 3-1: config 0 has no interface number 0 [ 277.042054][ T6417] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 277.177644][ T6417] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.200330][ T6417] usb 3-1: Product: syz [ 277.204625][ T6417] usb 3-1: Manufacturer: syz [ 277.214236][ T6417] usb 3-1: SerialNumber: syz [ 277.238372][ T6417] usb 3-1: config 0 descriptor?? [ 277.306521][ T6417] usb 3-1: can't set config #0, error -71 [ 277.438122][ T6417] usb 3-1: USB disconnect, device number 4 [ 278.311868][ T7278] kvm: kvm [7277]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0xa68f76656afd [ 278.628350][ T7292] nfs4: Unknown parameter 'noa' [ 281.458793][ T7313] loop3: detected capacity change from 0 to 128 [ 287.379292][ T7231] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 290.252842][ T7341] loop1: detected capacity change from 0 to 512 [ 290.595471][ T7341] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 290.612139][ T7341] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 291.812650][ T5781] Bluetooth: hci2: command 0x0406 tx timeout [ 292.684374][ T7359] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 292.880803][ T7361] usb usb7: usbfs: process 7361 (syz.2.347) did not claim interface 0 before use [ 293.552777][ T7372] loop3: detected capacity change from 0 to 1024 [ 293.573911][ T41] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 293.647764][ T41] EXT4-fs (loop1): This should not happen!! Data will be lost [ 293.647764][ T41] [ 293.739044][ T41] EXT4-fs (loop1): Total free blocks count 0 [ 293.827438][ T41] EXT4-fs (loop1): Free/Dirty block details [ 294.646172][ T41] EXT4-fs (loop1): free_blocks=65281 [ 294.705598][ T41] EXT4-fs (loop1): dirty_blocks=1 [ 294.763923][ T41] EXT4-fs (loop1): Block reservation details [ 294.831574][ T41] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 295.054768][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 299.614609][ T7405] loop1: detected capacity change from 0 to 128 [ 299.669875][ T7405] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 299.730960][ T7405] ext4 filesystem being mounted at /88/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 299.840838][ T7409] loop0: detected capacity change from 0 to 128 [ 299.864600][ T7409] EXT4-fs: Mount option(s) incompatible with ext3 [ 299.879007][ T7409] fuse: Unknown parameter '0x00000000000000060000000000000000000000000000000000000000' [ 301.026972][ T7410] xt_policy: neither incoming nor outgoing policy selected [ 301.813094][ T5785] Bluetooth: hci2: command 0x0406 tx timeout [ 303.968359][ T7415] usb usb7: usbfs: process 7415 (syz.3.361) did not claim interface 0 before use [ 306.687518][ T5772] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 306.689193][ T6417] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 306.891276][ T6417] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 307.013137][ T6417] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 307.039846][ T6417] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 307.187892][ T6417] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.352914][ T6417] usb 3-1: Product: syz [ 307.408785][ T6417] usb 3-1: Manufacturer: syz [ 307.477717][ T6417] usb 3-1: SerialNumber: syz [ 308.552976][ T7449] xt_CT: You must specify a L4 protocol and not use inversions on it [ 308.797122][ T6417] usb 3-1: cannot find UAC_HEADER [ 309.119334][ T6417] snd-usb-audio: probe of 3-1:1.0 failed with error -22 [ 309.130500][ T6417] usb 3-1: USB disconnect, device number 5 [ 309.182957][ T7231] udevd[7231]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 309.340720][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 309.347508][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 311.063250][ T5785] Bluetooth: hci2: unexpected event for opcode 0x007f [ 312.725775][ T7477] loop0: detected capacity change from 0 to 256 [ 312.733698][ T7477] exfat: Deprecated parameter 'namecase' [ 313.080455][ T7477] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 314.004892][ T7483] syz.1.373 uses obsolete (PF_INET,SOCK_PACKET) [ 314.037085][ T7483] Invalid ELF header type: 3 != 1 [ 314.377281][ T7485] netlink: 12 bytes leftover after parsing attributes in process `syz.2.376'. [ 314.434453][ T7485] loop2: detected capacity change from 0 to 8192 [ 314.475506][ T7485] loop2: p1 p2 p4 [ 314.484418][ T7485] loop2: p1 start 3959422976 is beyond EOD, truncated [ 314.492274][ T7485] loop2: p2 size 384768 extends beyond EOD, truncated [ 314.505042][ T7485] loop2: p4 size 1073741824 extends beyond EOD, truncated [ 315.328907][ T7501] netlink: 36 bytes leftover after parsing attributes in process `syz.1.379'. [ 316.560225][ T7508] syz.1.382(7508): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 316.618612][ T7113] udevd[7113]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 316.658223][ T7231] udevd[7231]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 317.335547][ T7521] loop2: detected capacity change from 0 to 512 [ 318.372392][ T7521] EXT4-fs error (device loop2): ext4_orphan_get:1404: inode #15: comm syz.2.383: inode has both inline data and extents flags [ 318.388782][ T7521] EXT4-fs error (device loop2): ext4_orphan_get:1409: comm syz.2.383: couldn't read orphan inode 15 (err -117) [ 318.406933][ T7521] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 319.906554][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 320.263061][ T7534] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 320.897489][ T7536] Invalid ELF header type: 3 != 1 [ 327.202955][ T7568] xt_CT: You must specify a L4 protocol and not use inversions on it [ 331.413668][ T7583] IPv6: syztnl0: Disabled Multicast RS [ 332.286077][ T7590] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 335.342785][ T7604] loop3: detected capacity change from 0 to 256 [ 335.350287][ T7604] FAT-fs (loop3): Unrecognized mount option "1844674407370955161518446744073709551615ÿÿ" or missing value [ 340.356164][ T7607] netlink: 40 bytes leftover after parsing attributes in process `syz.0.413'. [ 340.381434][ T7607] netlink: 1004 bytes leftover after parsing attributes in process `syz.0.413'. [ 343.179002][ T7623] loop3: detected capacity change from 0 to 32768 [ 343.205728][ T7623] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.409 (7623) [ 343.234443][ T7623] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 343.245691][ T7623] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 343.254777][ T7623] BTRFS info (device loop3): metadata ratio 0 [ 343.260938][ T7623] BTRFS info (device loop3): setting nodatasum [ 343.267564][ T7623] BTRFS info (device loop3): using free space tree [ 344.408541][ T7623] BTRFS info (device loop3): enabling ssd optimizations [ 344.415686][ T7623] BTRFS info (device loop3): auto enabling async discard [ 345.239333][ T7662] mmap: syz.3.409 (7662) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 345.285767][ T27] audit: type=1800 audit(1780030397.732:6): pid=7662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.409" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 347.510968][ T5770] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 352.679964][ T7700] xt_connbytes: Forcing CT accounting to be enabled [ 352.686925][ T7700] set match dimension is over the limit! [ 353.385744][ T5815] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 353.728207][ T5815] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 353.755476][ T5815] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.800614][ T5815] usb 3-1: Product: syz [ 353.820343][ T5815] usb 3-1: Manufacturer: syz [ 353.935227][ T5815] usb 3-1: SerialNumber: syz [ 353.944121][ T5815] usb 3-1: config 0 descriptor?? [ 353.952196][ T5815] ch341 3-1:0.0: ch341-uart converter detected [ 356.084576][ T5815] usb 3-1: failed to receive control message: -110 [ 356.138026][ T5815] ch341-uart: probe of ttyUSB0 failed with error -110 [ 356.186334][ T5815] usb 3-1: USB disconnect, device number 6 [ 356.230313][ T5815] ch341 3-1:0.0: device disconnected [ 356.356994][ T7719] loop2: detected capacity change from 0 to 128 [ 356.394915][ T7719] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 356.448308][ T7719] ext4 filesystem being mounted at /101/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 358.111230][ T7736] loop0: detected capacity change from 0 to 16 [ 358.144634][ T7736] erofs: (device loop0): mounted with root inode @ nid 36. [ 362.218813][ T7759] NILFS (nullb0): couldn't find nilfs on the device [ 362.731142][ T5771] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 364.334653][ T7778] loop3: detected capacity change from 0 to 4096 [ 365.201786][ T7785] netlink: 20 bytes leftover after parsing attributes in process `syz.1.444'. [ 365.237724][ T7778] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 366.293362][ T7795] EXT4-fs error (device loop3): ext4_get_first_dir_block:3604: inode #12: block 80: comm syz.3.442: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 366.322643][ T7795] EXT4-fs error (device loop3): ext4_get_first_dir_block:3606: inode #12: comm syz.3.442: directory missing '..' [ 366.935333][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 368.383078][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 368.433182][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 371.480805][ T27] audit: type=1326 audit(1780030425.310:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7822 comm="syz.0.455" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 371.505176][ T27] audit: type=1326 audit(1780030425.341:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7822 comm="syz.0.455" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 371.531531][ T27] audit: type=1326 audit(1780030425.341:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7822 comm="syz.0.455" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 371.556965][ T27] audit: type=1326 audit(1780030425.341:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7822 comm="syz.0.455" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 371.584139][ T27] audit: type=1326 audit(1780030425.341:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7822 comm="syz.0.455" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 371.838244][ T27] audit: type=1326 audit(1780030425.341:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7822 comm="syz.0.455" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 371.952896][ T27] audit: type=1326 audit(1780030425.341:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7822 comm="syz.0.455" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 372.409755][ T7830] netlink: 280 bytes leftover after parsing attributes in process `syz.1.446'. [ 372.445289][ T7832] loop3: detected capacity change from 0 to 16 [ 372.608647][ T7832] erofs: (device loop3): mounted with root inode @ nid 36. [ 372.638583][ T27] audit: type=1326 audit(1780030425.373:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7822 comm="syz.0.455" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 372.713653][ T7837] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 373.320860][ T27] audit: type=1326 audit(1780030425.457:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7822 comm="syz.0.455" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 373.445958][ T27] audit: type=1326 audit(1780030425.457:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7822 comm="syz.0.455" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 375.635250][ T7857] loop2: detected capacity change from 0 to 32768 [ 376.905570][ T7863] read_mapping_page failed! [ 376.910898][ T7863] ERROR: (device loop2): txCommit: [ 376.910898][ T7863] [ 377.353040][ T79] read_mapping_page failed! [ 377.357901][ T79] ERROR: (device loop2): txCommit: [ 377.357901][ T79] [ 377.421451][ T79] jfs_write_inode: jfs_commit_inode failed! [ 378.198293][ T7868] netlink: 348 bytes leftover after parsing attributes in process `syz.0.465'. [ 378.208419][ T7868] netlink: 4 bytes leftover after parsing attributes in process `syz.0.465'. [ 382.740742][ T5781] Bluetooth: hci2: command 0x0406 tx timeout [ 385.213002][ T7916] lo speed is unknown, defaulting to 1000 [ 386.262357][ T7928] loop0: detected capacity change from 0 to 128 [ 386.366954][ T7928] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 386.392223][ T7928] ext4 filesystem being mounted at /134/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 386.424138][ C0] vkms_vblank_simulate: vblank timer overrun [ 387.057037][ T7940] netlink: 8 bytes leftover after parsing attributes in process `syz.0.478'. [ 387.120981][ T7932] netlink: 'syz.1.480': attribute type 12 has an invalid length. [ 388.080914][ T7942] xt_TCPMSS: Only works on TCP SYN packets [ 388.087305][ T7941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 388.121813][ T5773] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 390.504761][ T7961] ALSA: mixer_oss: invalid OSS volume '' [ 391.138268][ T7971] fuse: Bad value for 'fd' [ 392.155214][ T7975] fuse: Bad value for 'fd' [ 393.885622][ T7999] 8021q: adding VLAN 0 to HW filter on device .` [ 393.893791][ T7999] 8021q: adding VLAN 0 to HW filter on device team0 [ 394.352435][ T7999] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 396.980203][ T8015] fuse: Bad value for 'fd' [ 398.206848][ T8025] syz.1.511 (8025): drop_caches: 2 [ 398.853012][ T8029] capability: warning: `syz.3.504' uses 32-bit capabilities (legacy support in use) [ 398.881010][ T8029] lo speed is unknown, defaulting to 1000 [ 400.486248][ T8044] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 402.373360][ T8061] Invalid ELF header type: 3 != 1 [ 404.883764][ T8068] loop0: detected capacity change from 0 to 128 [ 405.848616][ T7231] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 406.620835][ T8076] fuse: Bad value for 'fd' [ 406.964105][ T8078] netlink: 4 bytes leftover after parsing attributes in process `syz.1.517'. [ 407.918814][ T8091] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 408.857128][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 408.857173][ T27] audit: type=1326 audit(1780030464.446:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.521" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84039ce59 code=0x7ffc0000 [ 409.194380][ T27] audit: type=1326 audit(1780030464.457:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.521" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84039ce59 code=0x7ffc0000 [ 409.786131][ T27] audit: type=1326 audit(1780030464.551:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.521" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd84039ce59 code=0x7ffc0000 [ 409.810043][ C0] vkms_vblank_simulate: vblank timer overrun [ 409.818648][ T27] audit: type=1326 audit(1780030464.604:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.521" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84039ce59 code=0x7ffc0000 [ 409.842502][ C0] vkms_vblank_simulate: vblank timer overrun [ 409.848682][ T27] audit: type=1326 audit(1780030464.604:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.521" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84039ce59 code=0x7ffc0000 [ 409.872499][ C0] vkms_vblank_simulate: vblank timer overrun [ 409.880712][ T27] audit: type=1326 audit(1780030464.625:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.521" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd84039ce59 code=0x7ffc0000 [ 409.904334][ C0] vkms_vblank_simulate: vblank timer overrun [ 409.911648][ T27] audit: type=1326 audit(1780030464.625:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.521" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84039ce59 code=0x7ffc0000 [ 409.935556][ C0] vkms_vblank_simulate: vblank timer overrun [ 409.965891][ T27] audit: type=1326 audit(1780030464.635:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.521" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84039ce59 code=0x7ffc0000 [ 410.040694][ T27] audit: type=1326 audit(1780030464.656:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.521" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd84039ce59 code=0x7ffc0000 [ 410.275351][ T27] audit: type=1326 audit(1780030464.709:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8097 comm="syz.1.521" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84039ce59 code=0x7ffc0000 [ 414.885202][ T8132] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 415.762214][ T8138] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 416.102293][ T5785] Bluetooth: hci2: command 0x0406 tx timeout [ 418.734582][ T8153] 9pnet_virtio: no channels available for device syz [ 421.046968][ T8180] loop0: detected capacity change from 0 to 1024 [ 421.135106][ T8180] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 421.148320][ T8180] ext4 filesystem being mounted at /144/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 421.684821][ T5773] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 423.377567][ T8204] (null): rxe_set_mtu: Set mtu to 256 [ 423.395068][ T8204] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 423.867392][ T8203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 423.875741][ T8203] 8021q: adding VLAN 0 to HW filter on device team0 [ 424.168937][ T27] kauditd_printk_skb: 58 callbacks suppressed [ 424.168950][ T27] audit: type=1326 audit(1780030479.858:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8199 comm="syz.0.546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 424.268128][ T8203] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 424.282858][ T27] audit: type=1326 audit(1780030479.868:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8199 comm="syz.0.546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 424.356216][ T27] audit: type=1326 audit(1780030479.921:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8199 comm="syz.0.546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 424.380705][ T5813] lo speed is unknown, defaulting to 1000 [ 424.450251][ T27] audit: type=1326 audit(1780030479.942:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8199 comm="syz.0.546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 424.578202][ T27] audit: type=1326 audit(1780030479.963:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8199 comm="syz.0.546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 424.638639][ T27] audit: type=1326 audit(1780030479.984:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8199 comm="syz.0.546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 424.964405][ T8211] loop2: detected capacity change from 0 to 40427 [ 425.383454][ T8211] F2FS-fs (loop2): heap/no_heap options were deprecated [ 425.391010][ T8211] F2FS-fs (loop2): build fault injection attr: rate: 19, type: 0x7ffff [ 425.406313][ T27] audit: type=1326 audit(1780030479.994:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8199 comm="syz.0.546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 425.430308][ T8212] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 425.662566][ T27] audit: type=1326 audit(1780030480.005:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8199 comm="syz.0.546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 425.800193][ T27] audit: type=1326 audit(1780030480.057:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8199 comm="syz.0.546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 425.912699][ T27] audit: type=1326 audit(1780030480.068:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8199 comm="syz.0.546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f179459ce59 code=0x7ffc0000 [ 426.258298][ T8229] loop2: detected capacity change from 0 to 128 [ 426.420226][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 426.426687][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 426.791379][ T8229] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2 [ 427.032231][ T8234] IPVS: Error connecting to the multicast addr [ 427.229924][ T8236] loop0: detected capacity change from 0 to 32768 [ 427.451285][ T8240] loop2: detected capacity change from 0 to 8192 [ 427.606609][ T8243] read_mapping_page failed! [ 427.611451][ T8243] ERROR: (device loop0): txCommit: [ 427.611451][ T8243] [ 428.011596][ T2941] read_mapping_page failed! [ 428.016128][ T2941] ERROR: (device loop0): txCommit: [ 428.016128][ T2941] [ 428.061406][ T8240] netlink: 12 bytes leftover after parsing attributes in process `syz.2.555'. [ 428.202425][ T2941] jfs_write_inode: jfs_commit_inode failed! [ 428.420195][ T8251] Invalid ELF header type: 3 != 1 [ 429.530852][ T8260] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 429.850350][ T8264] bond0: left promiscuous mode [ 429.855181][ T8264] bond_slave_0: left promiscuous mode [ 429.860883][ T8264] bond_slave_1: left promiscuous mode [ 429.868111][ T8264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 431.409178][ T8264] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 431.553699][ T8262] pim6reg: entered allmulticast mode [ 431.589421][ T8262] pim6reg: left allmulticast mode [ 431.622005][ T8270] loop2: detected capacity change from 0 to 512 [ 431.631258][ T8270] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 431.669688][ T8270] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 431.722315][ T8270] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002] [ 431.730620][ T8270] System zones: 1-12 [ 431.785171][ T8270] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2855: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 431.831111][ T8270] EXT4-fs (loop2): 1 truncate cleaned up [ 431.838394][ T8270] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 432.617810][ T6416] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 432.909679][ T6416] usb 1-1: too many configurations: 36, using maximum allowed: 8 [ 432.933971][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 432.951781][ T6416] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 432.986827][ T6416] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 433.027845][ T6416] usb 1-1: Product: syz [ 433.032080][ T6416] usb 1-1: Manufacturer: syz [ 433.077344][ T6416] usb 1-1: SerialNumber: syz [ 433.092475][ T6416] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 433.325498][ T6417] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 433.803047][ T6416] usb 1-1: USB disconnect, device number 4 [ 433.912603][ T5785] Bluetooth: hci2: unexpected event for opcode 0x203d [ 434.389445][ T6417] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 434.749191][ T6417] ath9k_htc: Failed to initialize the device [ 434.758144][ T6416] usb 1-1: ath9k_htc: USB layer deinitialized [ 435.342432][ T8307] netlink: 'syz.1.564': attribute type 1 has an invalid length. [ 435.421670][ T8309] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 436.000288][ T8307] 8021q: adding VLAN 0 to HW filter on device bond1 [ 436.013359][ T8310] bond1: entered allmulticast mode [ 437.186434][ T8302] netlink: 512 bytes leftover after parsing attributes in process `syz.3.571'. [ 437.782052][ T5785] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 437.792351][ T5785] Bluetooth: hci2: Injecting HCI hardware error event [ 437.802070][ T5785] Bluetooth: hci2: hardware error 0x00 [ 437.859348][ T8318] qrtr: Invalid version 0 [ 438.193098][ T8322] random: crng reseeded on system resumption [ 442.061715][ T8334] netlink: 16 bytes leftover after parsing attributes in process `syz.2.578'. [ 442.070872][ T8334] netlink: 24 bytes leftover after parsing attributes in process `syz.2.578'. [ 442.778056][ T5785] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 442.792617][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 442.792630][ T27] audit: type=1400 audit(1780030499.384:102): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=8332 comm="syz.2.578" [ 443.057283][ T6415] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 443.365048][ T6415] usb 3-1: unable to get BOS descriptor or descriptor too short [ 443.788276][ T6415] usb 3-1: config 202 has an invalid interface number: 2 but max is 0 [ 443.800669][ T6415] usb 3-1: config 202 has no interface number 0 [ 443.806953][ T6415] usb 3-1: config 202 interface 2 has no altsetting 0 [ 443.816880][ T6415] usb 3-1: New USB device found, idVendor=09fb, idProduct=602d, bcdDevice=91.fd [ 443.829082][ T6415] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.839491][ T6415] usb 3-1: Product: syz [ 443.858564][ T6415] usb 3-1: Manufacturer: syz [ 443.916865][ T6415] usb 3-1: SerialNumber: syz [ 444.140615][ T8343] fuse: Bad value for 'fd' [ 444.833476][ T6415] ftdi_sio 3-1:202.2: FTDI USB Serial Device converter detected [ 444.843041][ T6415] ftdi_sio ttyUSB0: unknown device type: 0x91fd [ 444.867555][ T6415] usb 3-1: USB disconnect, device number 7 [ 444.875763][ T6415] ftdi_sio 3-1:202.2: device disconnected [ 445.569392][ T8358] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 446.988268][ T8365] ALSA: mixer_oss: invalid OSS volume '' [ 447.730495][ T8376] No such timeout policy "syz1" [ 447.801798][ T8376] program syz.2.584 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 447.822203][ T8376] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 448.580863][ T8374] lo speed is unknown, defaulting to 1000 [ 448.605349][ T8379] IPv6: NLM_F_REPLACE set, but no existing node found! [ 448.623460][ T8374] lo speed is unknown, defaulting to 1000 [ 448.629929][ T8374] lo speed is unknown, defaulting to 1000 [ 448.992278][ T8374] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 449.405763][ T8374] lo speed is unknown, defaulting to 1000 [ 449.430129][ T8374] lo speed is unknown, defaulting to 1000 [ 450.141413][ T8374] lo speed is unknown, defaulting to 1000 [ 450.155561][ T8374] lo speed is unknown, defaulting to 1000 [ 450.640240][ T5813] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 451.654310][ T8407] loop2: detected capacity change from 0 to 2048 [ 452.048018][ T8407] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 452.058265][ T5813] usb 1-1: Using ep0 maxpacket: 16 [ 452.059516][ T8407] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal [ 452.128450][ T5813] usb 1-1: config 0 has no interfaces? [ 452.134000][ T5813] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 452.174751][ T5813] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 452.218542][ T5813] usb 1-1: config 0 descriptor?? [ 452.265907][ T8411] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 453.713106][ T6417] usb 1-1: USB disconnect, device number 5 [ 455.035200][ T8435] IPVS: set_ctl: invalid protocol: 59 224.0.0.1:20004 [ 462.204828][ T5781] Bluetooth: hci1: command 0x0406 tx timeout [ 462.443180][ T8462] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 470.178025][ T8502] loop2: detected capacity change from 0 to 256 [ 470.185365][ T8502] exfat: Deprecated parameter 'utf8' [ 470.606255][ T8502] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 470.708157][ T8] IPVS: starting estimator thread 0... [ 470.999742][ T8503] IPVS: using max 16 ests per chain, 38400 per kthread [ 471.125210][ T8507] netlink: 244 bytes leftover after parsing attributes in process `syz.0.618'. [ 471.173642][ T8507] netlink: 28 bytes leftover after parsing attributes in process `syz.0.618'. [ 471.259897][ T8507] netlink: 28 bytes leftover after parsing attributes in process `syz.0.618'. [ 471.516480][ T5785] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 471.545109][ T5785] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 471.554815][ T8515] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 471.564338][ T5785] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 471.575556][ T5785] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 471.608699][ T5785] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 471.622305][ T5785] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 471.668347][ T8507] netlink: 28 bytes leftover after parsing attributes in process `syz.0.618'. [ 471.814343][ T8519] usb usb8: usbfs: process 8519 (syz.0.620) did not claim interface 0 before use [ 471.824105][ T8514] lo speed is unknown, defaulting to 1000 [ 472.702664][ T8521] netlink: 'syz.0.620': attribute type 1 has an invalid length. [ 473.447899][ T8528] loop2: detected capacity change from 0 to 512 [ 473.508627][ T8528] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 473.571079][ T5785] Bluetooth: hci1: command tx timeout [ 473.588008][ T8528] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002] [ 473.610243][ T8528] System zones: 1-12 [ 473.623555][ T8528] EXT4-fs (loop2): 1 truncate cleaned up [ 473.645599][ T8528] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 475.540354][ T5785] Bluetooth: hci1: command tx timeout [ 476.351466][ T8553] (null): rxe_set_mtu: Set mtu to 256 [ 476.574364][ T27] audit: type=1326 audit(1780030535.644:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8546 comm="syz.3.623" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb5a59ce59 code=0x7ffc0000 [ 476.947436][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 476.959282][ T27] audit: type=1326 audit(1780030535.644:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8546 comm="syz.3.623" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb5a59ce59 code=0x7ffc0000 [ 477.117300][ T8553] vxcan1 speed is unknown, defaulting to 1000 [ 477.129819][ T8553] vxcan1 speed is unknown, defaulting to 1000 [ 477.137017][ T8553] vxcan1 speed is unknown, defaulting to 1000 [ 477.290778][ T8553] infiniband syz2: set down [ 477.296060][ T8553] infiniband syz2: added vxcan1 [ 477.302860][ T8553] syz2: rxe_create_cq: returned err = -12 [ 477.309270][ T8553] infiniband syz2: Couldn't create ib_mad CQ [ 477.314158][ T8514] chnl_net:caif_netlink_parms(): no params data found [ 477.315565][ T8553] infiniband syz2: Couldn't open port 1 [ 477.353826][ T8553] RDS/IB: syz2: added [ 477.358936][ T8553] smc: adding ib device syz2 with port count 1 [ 477.365435][ T8553] smc: ib device syz2 port 1 has pnetid [ 477.386777][ T8560] loop2: detected capacity change from 0 to 512 [ 477.415415][ T8560] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 477.527346][ T5785] Bluetooth: hci1: command tx timeout [ 477.630494][ T8553] vxcan1 speed is unknown, defaulting to 1000 [ 477.656636][ T8560] EXT4-fs (loop2): 1 truncate cleaned up [ 477.672288][ T8560] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 478.416674][ T6416] vxcan1 speed is unknown, defaulting to 1000 [ 478.662493][ T6417] vxcan1 speed is unknown, defaulting to 1000 [ 478.680838][ T8578] netlink: 16 bytes leftover after parsing attributes in process `syz.0.626'. [ 478.693392][ T8553] vxcan1 speed is unknown, defaulting to 1000 [ 478.890765][ T8553] vxcan1 speed is unknown, defaulting to 1000 [ 479.207801][ T8553] vxcan1 speed is unknown, defaulting to 1000 [ 479.282313][ T8514] bridge0: port 1(bridge_slave_0) entered blocking state [ 479.312645][ T8514] bridge0: port 1(bridge_slave_0) entered disabled state [ 479.319928][ T8514] bridge_slave_0: entered allmulticast mode [ 479.386964][ T8514] bridge_slave_0: entered promiscuous mode [ 479.435465][ T8553] vxcan1 speed is unknown, defaulting to 1000 [ 479.488068][ T8514] bridge0: port 2(bridge_slave_1) entered blocking state [ 479.505720][ T8514] bridge0: port 2(bridge_slave_1) entered disabled state [ 479.513121][ T5785] Bluetooth: hci1: command tx timeout [ 479.538917][ T8514] bridge_slave_1: entered allmulticast mode [ 479.558780][ T8514] bridge_slave_1: entered promiscuous mode [ 479.699202][ T8514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 479.711600][ T8514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 479.931954][ T8514] team0: Port device team_slave_0 added [ 480.002056][ T8514] team0: Port device team_slave_1 added [ 480.108915][ T8514] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 480.116211][ T8514] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 480.143065][ T8514] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 480.157086][ T8514] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 480.167036][ T8595] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 480.181454][ T8514] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 480.214121][ T8514] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 480.889528][ T8514] hsr_slave_0: entered promiscuous mode [ 480.901467][ T8514] hsr_slave_1: entered promiscuous mode [ 480.955382][ T8514] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 480.994545][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 481.007220][ T8514] Cannot create hsr debugfs directory [ 483.694511][ T6416] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 483.879326][ T6416] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 483.904260][ T6416] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.941763][ T6416] usb 1-1: config 0 descriptor?? [ 483.962373][ T6416] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 484.055549][ T41] hsr_slave_0: left promiscuous mode [ 484.066440][ T41] hsr_slave_1: left promiscuous mode [ 484.072696][ T41] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 484.086181][ T41] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 484.101537][ T41] bridge_slave_1: left allmulticast mode [ 484.107320][ T41] bridge_slave_1: left promiscuous mode [ 484.115612][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 484.136739][ T41] bridge_slave_0: left allmulticast mode [ 484.142942][ T41] bridge_slave_0: left promiscuous mode [ 484.148678][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 484.360271][ T6416] cpia1 1-1:0.0: unexpected state after lo power cmd: 00 [ 484.380802][ T41] bond1 (unregistering): Released all slaves [ 484.921487][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 484.930018][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 485.854862][ T8630] xt_TPROXY: Can be used only with -p tcp or -p udp [ 486.037939][ T6416] gspca_cpia1: usb_control_msg 02, error -110 [ 486.049615][ T8630] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR [ 486.057390][ T6416] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0) [ 486.455604][ T41] team0 (unregistering): Port device team_slave_1 removed [ 486.536147][ T41] team0 (unregistering): Port device team_slave_0 removed [ 486.619245][ T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 486.704126][ T41] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 487.381367][ T41] bond0 (unregistering): Released all slaves [ 487.766123][ T8638] sched: RT throttling activated [ 488.340247][ T5813] usb 1-1: USB disconnect, device number 7 [ 488.394062][ T8638] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 488.425932][ T8514] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 489.694497][ T8514] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 489.748461][ T8514] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 489.781328][ T8514] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 490.143845][ T8656] netlink: 8 bytes leftover after parsing attributes in process `syz.3.639'. [ 490.183577][ T8514] 8021q: adding VLAN 0 to HW filter on device bond0 [ 490.289116][ T8514] 8021q: adding VLAN 0 to HW filter on device team0 [ 490.322402][ T1134] bridge0: port 1(bridge_slave_0) entered blocking state [ 490.329637][ T1134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 490.331830][ T41] IPVS: stop unused estimator thread 0... [ 490.625494][ T2992] bridge0: port 2(bridge_slave_1) entered blocking state [ 490.632802][ T2992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 491.217858][ T8676] loop5: detected capacity change from 0 to 7 [ 491.260979][ T8676] Dev loop5: unable to read RDB block 7 [ 491.267047][ T8676] loop5: unable to read partition table [ 491.273546][ T8676] loop5: partition table beyond EOD, truncated [ 491.279919][ T8676] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 491.293666][ T8678] binder: 8672:8678 ioctl c0285840 200000000000 returned -22 [ 492.188937][ T8514] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 493.721028][ T8694] No such timeout policy "syz1" [ 493.909872][ T8694] program syz.0.642 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 493.920993][ T8694] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 494.965506][ T8514] veth0_vlan: entered promiscuous mode [ 495.002814][ T8514] veth1_vlan: entered promiscuous mode [ 495.083266][ T8514] veth0_macvtap: entered promiscuous mode [ 495.101962][ T5846] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 495.114455][ T8514] veth1_macvtap: entered promiscuous mode [ 495.156630][ T8514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 495.187182][ T8514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.197086][ T8514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 495.230066][ T8514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.242145][ T8514] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 495.274242][ T8514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 495.305140][ T5846] usb 3-1: Using ep0 maxpacket: 16 [ 495.310889][ T8514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.326238][ T5846] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 495.358339][ T8514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 495.368884][ T5846] usb 3-1: config 0 has no interfaces? [ 495.376540][ T5846] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 495.386641][ T8514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 495.407538][ T5846] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.417081][ T8514] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 495.447457][ T5846] usb 3-1: config 0 descriptor?? [ 495.484763][ T8514] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.500075][ T8514] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.511434][ T8514] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.528598][ T8514] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 495.658802][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 495.676056][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 495.752965][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 495.770942][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 497.241181][ T8733] netlink: 12 bytes leftover after parsing attributes in process `syz.4.616'. [ 498.688413][ T8751] loop4: detected capacity change from 0 to 128 [ 499.136751][ T8751] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 499.330267][ T8751] ext4 filesystem being mounted at /1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 499.901401][ T5846] usb 3-1: USB disconnect, device number 8 [ 499.964689][ T8765] netlink: 8 bytes leftover after parsing attributes in process `syz.4.651'. [ 500.626853][ T8768] netlink: 8 bytes leftover after parsing attributes in process `syz.3.649'. [ 501.176152][ T8514] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 501.417803][ T8771] netlink: 64 bytes leftover after parsing attributes in process `syz.2.654'. [ 501.656801][ T8779] netlink: 16 bytes leftover after parsing attributes in process `syz.2.654'. [ 501.666544][ T8776] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 501.691730][ T8779] netlink: 32 bytes leftover after parsing attributes in process `syz.2.654'. [ 501.752709][ T8779] gretap1: entered promiscuous mode [ 504.938557][ T8825] loop4: detected capacity change from 0 to 128 [ 504.951204][ T8815] 9pnet_virtio: no channels available for device syz [ 504.971506][ T8825] EXT4-fs (loop4): VFS: Found ext4 filesystem with unknown checksum algorithm. [ 504.992035][ T8540] udevd[8540]: incorrect ext4 checksum on /dev/loop4 [ 505.224565][ T8832] loop5: detected capacity change from 0 to 7 [ 505.310259][ T8833] binder: 8827:8833 ioctl c0285840 200000000000 returned -22 [ 506.037671][ T8832] Dev loop5: unable to read RDB block 7 [ 506.053811][ T8835] loop2: detected capacity change from 0 to 512 [ 506.081334][ T8832] loop5: unable to read partition table [ 506.087233][ T8832] loop5: partition table beyond EOD, truncated [ 506.099524][ T8832] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 506.131257][ T8835] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 506.198742][ T8818] netlink: 8 bytes leftover after parsing attributes in process `syz.3.663'. [ 506.200039][ T8835] EXT4-fs (loop2): orphan cleanup on readonly fs [ 506.447554][ T8839] loop4: detected capacity change from 0 to 40427 [ 506.482114][ T8835] Quota error (device loop2): find_block_dqentry: Quota for id 0 referenced but not present [ 506.501618][ T8839] F2FS-fs (loop4): invalid crc_offset: 4177530876 [ 506.536185][ T8835] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 506.550940][ T8835] EXT4-fs error (device loop2): ext4_acquire_dquot:6953: comm syz.2.668: Failed to acquire dquot type 1 [ 506.565597][ T8839] F2FS-fs (loop4): Wrong journal entry on segno 65538 [ 506.575089][ T8839] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) [ 506.614389][ T8835] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.668: bg 0: block 40: padding at end of block bitmap is not set [ 506.809085][ T8835] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 506.819687][ T8835] EXT4-fs (loop2): 1 truncate cleaned up [ 506.826779][ T8835] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 506.899443][ T8852] xt_connbytes: Forcing CT accounting to be enabled [ 507.355484][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 517.529925][ T8914] loop4: detected capacity change from 0 to 128 [ 517.579571][ T8914] vxfs: unable to set final block size [ 517.595365][ T8917] loop2: detected capacity change from 0 to 8 [ 517.624156][ T8917] unable to read id index table [ 517.938770][ T8930] loop2: detected capacity change from 0 to 64 [ 517.971873][ T8930] hfs: unable to parse mount options [ 524.803846][ T8976] loop4: detected capacity change from 0 to 2048 [ 524.856525][ T8976] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 524.954899][ T8982] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 525.045858][ T8985] loop2: detected capacity change from 0 to 4096 [ 525.101795][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 525.147045][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 525.165750][ T8987] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 525.214835][ T8976] Remounting filesystem read-only [ 525.225319][ T8985] NILFS error (device loop2): nilfs_check_page: bad entry in directory #2: rec_len is too small for name_len - offset=32, inode=11, rec_len=24, name_len=77 [ 525.243192][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 525.288596][ T8985] Remounting filesystem read-only [ 525.292476][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 525.340025][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 525.380882][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 525.427839][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 525.449381][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 525.490340][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 525.516437][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 525.537363][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 525.557609][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 525.634241][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 525.656246][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 525.690008][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 525.722138][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 525.755810][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 525.773117][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 525.812636][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 525.839263][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 525.871087][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 525.916120][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 525.970955][ T9002] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 525.989485][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 526.009984][ T9002] ntfs: (device nullb0): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. [ 526.029774][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 526.044523][ T9002] ntfs: (device nullb0): ntfs_fill_super(): Not an NTFS volume. [ 526.063153][ T9003] syzkaller0: entered allmulticast mode [ 526.074312][ T9003] netlink: 'syz.2.708': attribute type 4 has an invalid length. [ 526.083773][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 526.102062][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 526.118178][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 526.173394][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 526.224054][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 526.234851][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 526.247292][ T8976] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 526.261086][ T8976] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 526.295227][ T8] IPVS: starting estimator thread 0... [ 526.360210][ T27] audit: type=1800 audit(1780030839.183:105): pid=8976 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.695" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 526.523632][ T9009] IPVS: using max 37 ests per chain, 88800 per kthread [ 529.687847][ T6417] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 529.924992][ T6417] usb 5-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40 [ 529.942550][ T6417] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.964288][ T6417] usb 5-1: Product: syz [ 529.968532][ T6417] usb 5-1: Manufacturer: syz [ 529.973161][ T6417] usb 5-1: SerialNumber: syz [ 530.100090][ T9040] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 530.206315][ T9044] loop2: detected capacity change from 0 to 16 [ 530.235006][ T9044] erofs: (device loop2): mounted with root inode @ nid 36. [ 530.262736][ T9044] syz.2.715: attempt to access beyond end of device [ 530.262736][ T9044] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 530.276708][ T6417] usb 5-1: Can't get UAC3 power state for id 10 [ 530.283316][ T6417] usb 5-1: BAAD HEADSET c_chmask mismatch [ 530.317432][ T9044] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1792 @ lcn 4 of nid 89 [ 530.331717][ T9044] erofs: (device loop2): z_erofs_readahead: readahead error at folio 5 @ nid 89 [ 530.341899][ T9044] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1792 @ lcn 4 of nid 89 [ 530.353457][ T9044] erofs: (device loop2): z_erofs_readahead: readahead error at folio 4 @ nid 89 [ 530.362839][ T9044] syz.2.715: attempt to access beyond end of device [ 530.362839][ T9044] loop2: rw=524288, sector=16, nr_sectors = 8 limit=16 [ 530.379023][ T9044] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 530.391786][ T27] audit: type=1800 audit(1780030843.018:106): pid=9044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.715" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 530.459609][ T6417] snd-usb-audio: probe of 5-1:1.0 failed with error -22 [ 530.505349][ T6417] usb 5-1: USB disconnect, device number 2 [ 530.548018][ T8509] udevd[8509]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 530.570927][ T9046] loop2: detected capacity change from 0 to 512 [ 530.603185][ T9046] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 530.659141][ T9046] EXT4-fs (loop2): orphan cleanup on readonly fs [ 530.746525][ T9046] EXT4-fs error (device loop2): ext4_xattr_inode_iget:441: inode #11: comm syz.2.716: iget: bad extra_isize 90 (inode size 256) [ 530.801173][ T9046] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.716: error while reading EA inode 11 err=-117 [ 530.831110][ T9046] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2855: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 530.852583][ T9046] EXT4-fs error (device loop2): ext4_xattr_inode_iget:441: inode #11: comm syz.2.716: iget: bad extra_isize 90 (inode size 256) [ 530.870102][ T9046] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.716: error while reading EA inode 11 err=-117 [ 530.889229][ T9046] EXT4-fs error (device loop2): ext4_xattr_inode_iget:441: inode #18: comm syz.2.716: iget: bad extra_isize 90 (inode size 256) [ 530.908821][ T9046] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.716: error while reading EA inode 18 err=-117 [ 530.931908][ T9046] EXT4-fs error (device loop2): ext4_xattr_inode_iget:441: inode #18: comm syz.2.716: iget: bad extra_isize 90 (inode size 256) [ 530.955128][ T9046] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.716: error while reading EA inode 18 err=-117 [ 530.968443][ T9046] EXT4-fs (loop2): 1 orphan inode deleted [ 530.980679][ T9046] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 531.122631][ T9060] loop4: detected capacity change from 0 to 256 [ 531.206343][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 531.711505][ T9083] loop4: detected capacity change from 0 to 256 [ 531.806836][ T9083] FAT-fs (loop4): Directory bread(block 64) failed [ 531.828081][ T9083] FAT-fs (loop4): Directory bread(block 65) failed [ 531.845545][ T9083] FAT-fs (loop4): Directory bread(block 66) failed [ 531.863137][ T9083] FAT-fs (loop4): Directory bread(block 67) failed [ 531.875754][ T9083] FAT-fs (loop4): Directory bread(block 68) failed [ 531.894172][ T9083] FAT-fs (loop4): Directory bread(block 69) failed [ 531.931780][ T9083] FAT-fs (loop4): Directory bread(block 70) failed [ 531.975326][ T9083] FAT-fs (loop4): Directory bread(block 71) failed [ 532.018045][ T9083] FAT-fs (loop4): Directory bread(block 72) failed [ 532.052861][ T9083] FAT-fs (loop4): Directory bread(block 73) failed [ 532.352586][ T9081] loop2: detected capacity change from 0 to 32768 [ 533.746902][ T9092] loop4: detected capacity change from 0 to 32768 [ 533.911150][ T9092] JBD2: Ignoring recovery information on journal [ 534.149093][ T9092] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode. [ 534.972681][ T8514] ocfs2: Unmounting device (7,4) on (node local) [ 535.843180][ T9136] loop2: detected capacity change from 0 to 2048 [ 535.898125][ T9136] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 535.934978][ T9136] EXT4-fs error (device loop2): ext4_map_blocks:610: inode #12: block 2: comm syz.2.748: lblock 0 mapped to illegal pblock 2 (length 1) [ 536.027774][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 537.281378][ T9159] loop2: detected capacity change from 0 to 4096 [ 537.318718][ T9159] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 537.409555][ T9159] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 537.455903][ T9159] ntfs: (device loop2): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 537.478763][ T9159] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 537.502205][ T9159] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 537.530066][ T9159] ntfs: volume version 3.1. [ 537.551007][ T9159] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 537.588292][ T9159] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 537.607599][ T9159] ntfs: (device loop2): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 537.643556][ T9159] ntfs: (device loop2): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute is corrupt. [ 537.664714][ T9159] ntfs: (device loop2): ntfs_read_locked_index_inode(): Failed with error code -5 while reading index inode (mft_no 0x18, name_len 2. [ 539.380676][ T9200] loop2: detected capacity change from 0 to 4096 [ 539.421640][ T9200] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 539.494449][ T9200] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 539.879457][ T9216] netlink: 12 bytes leftover after parsing attributes in process `syz.2.773'. [ 539.912226][ T9216] netlink: 59 bytes leftover after parsing attributes in process `syz.2.773'. [ 540.522549][ T9240] loop2: detected capacity change from 0 to 1024 [ 540.540660][ T9240] EXT4-fs: Ignoring removed mblk_io_submit option [ 540.566335][ T9240] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 542.013154][ T9262] netlink: 'syz.0.786': attribute type 1 has an invalid length. [ 542.028290][ T9262] netlink: 56 bytes leftover after parsing attributes in process `syz.0.786'. [ 542.089816][ T9266] comedi comedi2: aio_aio12_8: I/O port conflict (0x3,32) [ 542.402459][ T9276] loop2: detected capacity change from 0 to 1024 [ 542.430189][ T9276] EXT4-fs: Ignoring removed nomblk_io_submit option [ 542.516545][ T9276] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=6815c01c, mo2=0003] [ 542.524838][ T9276] System zones: 0-1, 3-36 [ 542.620278][ T9276] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 542.858940][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 542.938995][ T9293] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 543.176021][ T9306] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 543.334731][ T9312] ubi8: attaching mtd0 [ 543.354585][ T9312] ubi8 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 545.351321][ T9377] bridge_slave_0: left allmulticast mode [ 545.383442][ T9377] bridge_slave_0: left promiscuous mode [ 545.463631][ T9377] bridge0: port 1(bridge_slave_0) entered disabled state [ 545.598484][ T9389] usb usb8: usbfs: process 9389 (syz.0.822) did not claim interface 0 before use [ 545.655705][ T9388] loop4: detected capacity change from 0 to 4096 [ 545.685910][ T9388] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 545.833071][ T9388] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 545.853137][ T9388] ntfs3: loop4: Failed to initialize $Extend/$ObjId. [ 545.889017][ T9388] ntfs3: loop4: ino=5, "/" directory corrupted [ 546.406669][ T9410] loop2: detected capacity change from 0 to 1024 [ 546.460671][ T9410] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 546.679691][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 546.803579][ T9406] loop4: detected capacity change from 0 to 32768 [ 546.959735][ T9406] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 547.637932][ T9406] XFS (loop4): Ending clean mount [ 547.785621][ T8514] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 548.303637][ T9451] netlink: 20 bytes leftover after parsing attributes in process `syz.2.835'. [ 549.658613][ T9465] loop2: detected capacity change from 0 to 32768 [ 549.772602][ T9465] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.839 (9465) [ 549.864151][ T9465] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 549.912639][ T9465] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 549.953382][ T9465] BTRFS info (device loop2): metadata ratio 0 [ 549.971424][ T9465] BTRFS info (device loop2): setting nodatasum [ 549.992321][ T9465] BTRFS info (device loop2): using free space tree [ 550.400665][ T9465] BTRFS info (device loop2): enabling ssd optimizations [ 550.517348][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 550.527739][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 551.447605][ T9503] loop4: detected capacity change from 0 to 512 [ 551.514682][ T5771] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 551.542277][ T9503] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e02c, mo2=0002] [ 551.552391][ T9503] System zones: 1-12 [ 551.562976][ T9503] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.846: Directory hole found for htree index block 0 [ 551.586365][ T9503] EXT4-fs (loop4): Remounting filesystem read-only [ 551.660385][ T9503] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117 [ 551.687725][ T9503] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 551.735964][ T9503] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 551.887938][ T8514] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 552.194916][ T9511] loop2: detected capacity change from 0 to 256 [ 552.215989][ T9511] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 552.255273][ T9513] loop4: detected capacity change from 0 to 128 [ 552.279617][ T9513] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 552.302756][ T9511] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 552.309104][ T9513] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 552.407688][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 552.407701][ T27] audit: type=1800 audit(1780030863.606:107): pid=9513 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.850" name="file2" dev="loop4" ino=105 res=0 errno=0 [ 553.622077][ T8767] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 553.685738][ T9541] loop4: detected capacity change from 0 to 4096 [ 553.727464][ T9542] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 553.843243][ T8767] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 553.864821][ T8767] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 553.902860][ T8767] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 553.927241][ T8767] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.954504][ T8767] usb 1-1: config 0 descriptor?? [ 553.969315][ T8767] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 553.985749][ T8767] dvb-usb: bulk message failed: -22 (3/0) [ 554.001255][ T8767] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 554.041381][ T8767] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 554.058723][ T8767] usb 1-1: media controller created [ 554.074407][ T8767] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 554.142257][ T8767] dvb-usb: bulk message failed: -22 (6/0) [ 554.164200][ T8767] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 554.199132][ T8767] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input9 [ 554.255596][ T8767] dvb-usb: schedule remote query interval to 150 msecs. [ 554.262614][ T8767] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 554.336885][ T8767] usb 1-1: USB disconnect, device number 8 [ 554.395898][ T8767] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 554.805586][ T9558] loop4: detected capacity change from 0 to 4096 [ 554.885846][ T9558] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 554.904118][ T9558] ntfs3: loop4: Failed to load $Extend (-22). [ 554.914991][ T9558] ntfs3: loop4: Failed to initialize $Extend. [ 555.022699][ T9558] ntfs3: loop4: ino=1b, "file0" directory corrupted [ 555.304064][ T9568] loop4: detected capacity change from 0 to 256 [ 555.311224][ T6417] usb 3-1: new low-speed USB device number 9 using dummy_hcd [ 555.740613][ T6417] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 555.752971][ T6417] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 8 [ 555.764410][ T6417] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 555.784355][ T6417] usb 3-1: New USB device found, idVendor=056e, idProduct=00fc, bcdDevice= 0.00 [ 555.802689][ T6417] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.964063][ T6417] usb 3-1: config 0 descriptor?? [ 556.054259][ T9560] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 556.655647][ T9580] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 556.754937][ T6417] elecom 0003:056E:00FC.0001: unknown main item tag 0x3 [ 556.761991][ T6417] elecom 0003:056E:00FC.0001: unknown global tag 0xe [ 556.786494][ T6417] elecom 0003:056E:00FC.0001: item 0 1 1 14 parsing failed [ 556.798199][ T6417] elecom: probe of 0003:056E:00FC.0001 failed with error -22 [ 556.966058][ T8767] usb 3-1: USB disconnect, device number 9 [ 557.099360][ T9582] loop4: detected capacity change from 0 to 32768 [ 557.980797][ T9603] loop2: detected capacity change from 0 to 512 [ 558.004147][ T9603] EXT4-fs: Ignoring removed mblk_io_submit option [ 558.061429][ T9603] EXT4-fs error (device loop2): ext4_iget_extra_inode:4739: inode #15: comm syz.2.887: corrupted in-inode xattr: invalid ea_ino [ 558.105680][ T9603] EXT4-fs error (device loop2): ext4_orphan_get:1409: comm syz.2.887: couldn't read orphan inode 15 (err -117) [ 558.129822][ T9603] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 558.248872][ T9611] loop4: detected capacity change from 0 to 1024 [ 558.308737][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 559.014502][ T9626] loop2: detected capacity change from 0 to 512 [ 559.065161][ T9626] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 559.269377][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 559.527998][ T9623] loop4: detected capacity change from 0 to 32768 [ 559.556525][ T9623] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.895 (9623) [ 559.596020][ T9623] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 559.642396][ T9623] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 559.651146][ T9623] BTRFS info (device loop4): setting nodatacow, compression disabled [ 559.668042][ T9638] tipc: Started in network mode [ 559.682071][ T9638] tipc: Node identity , cluster identity 4711 [ 559.685137][ T9623] BTRFS info (device loop4): force clearing of disk cache [ 559.717547][ T9623] BTRFS info (device loop4): turning on sync discard [ 559.737931][ T9623] BTRFS info (device loop4): turning off barriers [ 559.744435][ T9623] BTRFS info (device loop4): use no compression [ 559.758775][ T9623] BTRFS info (device loop4): disabling free space tree [ 559.766932][ T9623] BTRFS info (device loop4): enabling ssd optimizations [ 559.785751][ T9623] BTRFS info (device loop4): using spread ssd allocation scheme [ 559.805984][ T9623] BTRFS info (device loop4): not using ssd optimizations [ 559.843927][ T9623] BTRFS info (device loop4): not using spread ssd allocation scheme [ 560.229497][ T9623] BTRFS info (device loop4): rebuilding free space tree [ 560.389236][ T9623] BTRFS info (device loop4): disabling free space tree [ 560.403851][ T9623] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 560.431341][ T9623] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 560.637052][ T8514] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 560.694585][ T9664] loop2: detected capacity change from 0 to 4096 [ 560.837456][ T9664] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 560.969777][ T9664] ntfs3: loop2: Failed to initialize $Extend/$ObjId. [ 561.205558][ T41] ntfs3: loop2: ino=1f, failed to open parent directory r=5 to update [ 561.768324][ T6417] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 561.857000][ T9676] loop4: detected capacity change from 0 to 32768 [ 561.885299][ T9676] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.910 (9676) [ 561.931165][ T9676] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 561.946967][ T9676] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 561.956836][ T9676] BTRFS info (device loop4): setting nodatacow, compression disabled [ 561.966218][ T9676] BTRFS info (device loop4): disabling tree log [ 561.980726][ T6417] usb 3-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 561.990724][ T6417] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 562.011894][ T6417] usb 3-1: config 0 descriptor?? [ 562.018430][ T9676] BTRFS info (device loop4): max_inline at 0 [ 562.024492][ T9676] BTRFS info (device loop4): using free space tree [ 562.045778][ T6417] pwc: Samsung MPC-C10 USB webcam detected. [ 562.145673][ T9676] BTRFS info (device loop4): auto enabling async discard [ 562.282699][ T8514] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 562.496576][ T6417] pwc: recv_control_msg error -71 req 02 val 2b00 [ 562.515246][ T6417] pwc: recv_control_msg error -71 req 02 val 2700 [ 562.533325][ T8540] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop4 scanned by udevd (8540) [ 562.599217][ T6417] pwc: recv_control_msg error -71 req 04 val 1700 [ 562.666390][ T6417] pwc: recv_control_msg error -71 req 02 val 2c00 [ 562.684234][ T6417] pwc: recv_control_msg error -71 req 04 val 1000 [ 562.691359][ T6417] pwc: recv_control_msg error -71 req 04 val 1300 [ 562.719835][ T6417] pwc: recv_control_msg error -71 req 04 val 1400 [ 562.742171][ T6417] pwc: recv_control_msg error -71 req 02 val 2000 [ 562.778153][ T6417] pwc: recv_control_msg error -71 req 02 val 2100 [ 562.785679][ T6417] pwc: recv_control_msg error -71 req 02 val 2200 [ 562.793238][ T6417] pwc: recv_control_msg error -71 req 06 val 0600 [ 562.804936][ T6417] pwc: recv_control_msg error -71 req 04 val 1500 [ 562.812974][ T6417] pwc: recv_control_msg error -71 req 02 val 2500 [ 562.825271][ T6417] pwc: recv_control_msg error -71 req 02 val 2400 [ 562.860542][ T6417] pwc: recv_control_msg error -71 req 02 val 2600 [ 562.878403][ T6417] pwc: recv_control_msg error -71 req 02 val 2900 [ 562.905091][ T6417] pwc: recv_control_msg error -71 req 02 val 2800 [ 562.922526][ T6417] pwc: recv_control_msg error -71 req 04 val 1100 [ 562.939668][ T6417] pwc: recv_control_msg error -71 req 04 val 1200 [ 562.994105][ T6417] pwc: Registered as video103. [ 563.022755][ T6417] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input10 [ 563.136965][ T6417] usb 3-1: USB disconnect, device number 10 [ 563.225069][ T9713] loop4: detected capacity change from 0 to 1024 [ 563.367900][ T9713] hfsplus: bad catalog entry type [ 563.441115][ T2992] hfsplus: b-tree write err: -5, ino 25 [ 563.458240][ T2992] hfsplus: b-tree write err: -5, ino 4 [ 563.464431][ T2992] hfsplus: b-tree write err: -5, ino 2 [ 564.950743][ T9736] loop2: detected capacity change from 0 to 256 [ 565.015042][ T9736] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 565.116100][ T9724] loop4: detected capacity change from 0 to 32768 [ 565.244248][ T9724] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 565.303053][ T9753] netlink: 'syz.0.930': attribute type 30 has an invalid length. [ 565.372150][ T9724] XFS (loop4): Ending clean mount [ 565.793405][ T8514] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 566.247329][ T9776] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 566.757507][ T9780] loop4: detected capacity change from 0 to 4096 [ 566.817885][ T9780] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 567.004877][ T9780] ntfs3: loop4: Failed to load $Extend (-22). [ 567.033232][ T9780] ntfs3: loop4: Failed to initialize $Extend. [ 567.192442][ T9786] loop2: detected capacity change from 0 to 8192 [ 567.227226][ T9786] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 567.304823][ T9786] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 567.379593][ T9786] REISERFS (device loop2): using ordered data mode [ 567.389642][ T9780] overlayfs: upper fs does not support tmpfile. [ 567.422317][ T9786] reiserfs: using flush barriers [ 567.481172][ T9786] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 567.495755][ T9780] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 567.532904][ T9786] REISERFS (device loop2): checking transaction log (loop2) [ 568.125278][ T9806] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 568.183683][ T9786] REISERFS (device loop2): Using tea hash to sort names [ 568.259349][ T9786] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 569.788862][ T9827] loop2: detected capacity change from 0 to 512 [ 569.843394][ T9827] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 569.899817][ T9827] ext4 filesystem being mounted at /230/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 569.954834][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 570.010742][ T5833] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 571.022934][ T9841] nftables ruleset with unbound set [ 571.066628][ T5833] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 571.077514][ T5833] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 571.089648][ T5833] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 571.100392][ T5833] usb 5-1: config 0 interface 0 has no altsetting 0 [ 571.107105][ T5833] usb 5-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 571.116254][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.129500][ T5833] usb 5-1: config 0 descriptor?? [ 571.465924][ T6416] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 571.587658][ T5833] kye 0003:0458:5015.0002: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 571.615272][ T5833] kye 0003:0458:5015.0002: unknown main item tag 0x0 [ 571.629512][ T5833] kye 0003:0458:5015.0002: unknown main item tag 0x0 [ 571.639431][ T5833] kye 0003:0458:5015.0002: unknown main item tag 0x0 [ 571.646233][ T5833] kye 0003:0458:5015.0002: unknown main item tag 0x0 [ 571.656795][ T5833] kye 0003:0458:5015.0002: unknown main item tag 0x0 [ 571.665434][ T5833] kye 0003:0458:5015.0002: unknown main item tag 0x0 [ 571.676470][ T5833] kye 0003:0458:5015.0002: unknown main item tag 0x0 [ 571.705988][ T5833] kye 0003:0458:5015.0002: hidraw0: USB HID v0.04 Device [HID 0458:5015] on usb-dummy_hcd.4-1/input0 [ 571.720698][ T5833] kye 0003:0458:5015.0002: tablet-enabling feature report not found [ 571.739008][ T5833] kye 0003:0458:5015.0002: tablet enabling failed [ 571.851456][ T6416] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 571.859513][ T6416] usb 3-1: config 0 has no interface number 0 [ 571.870113][ T6417] usb 5-1: USB disconnect, device number 3 [ 572.504735][ T6416] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 572.622460][ T6416] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 572.632489][ T6416] usb 3-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 572.647248][ T6416] usb 3-1: New USB device found, idVendor=04f2, idProduct=1421, bcdDevice= 0.00 [ 572.660075][ T6416] usb 3-1: New USB device strings: Mfr=0, Product=64, SerialNumber=0 [ 572.668524][ T6416] usb 3-1: Product: syz [ 572.676005][ T6416] usb 3-1: config 0 descriptor?? [ 572.696835][ T9864] loop4: detected capacity change from 0 to 128 [ 572.714499][ T9864] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 572.786929][ T9864] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 573.041200][ T9871] netlink: 24 bytes leftover after parsing attributes in process `syz.3.978'. [ 573.205742][ T6416] chicony 0003:04F2:1421.0003: collection stack underflow [ 573.243155][ T6416] chicony 0003:04F2:1421.0003: item 0 1 0 12 parsing failed [ 573.291162][ T6416] chicony 0003:04F2:1421.0003: Chicony hid parse failed: -22 [ 573.338677][ T6416] chicony: probe of 0003:04F2:1421.0003 failed with error -22 [ 573.446500][ T6416] usb 3-1: USB disconnect, device number 11 [ 576.470523][ T9888] loop4: detected capacity change from 0 to 32768 [ 577.473127][ T8] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 577.893723][ T8] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 577.903182][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.915232][ T8] usb 5-1: config 0 descriptor?? [ 578.368294][ T8] [drm:udl_init] *ERROR* Selecting channel failed [ 578.441208][ T8] [drm] Initialized udl 0.0.1 20120220 for 5-1:0.0 on minor 2 [ 578.456974][ T8] [drm] Initialized udl on minor 2 [ 578.472088][ T8] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 578.500857][ T8] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 578.517223][ T8767] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 578.547822][ T8] usb 5-1: USB disconnect, device number 4 [ 578.554755][ T8767] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 578.814940][ T9946] loop2: detected capacity change from 0 to 32768 [ 578.836149][ T9946] XFS (loop2): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 578.932352][ T9946] XFS (loop2): Ending clean mount [ 579.028377][ T5771] XFS (loop2): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 579.115046][ T9960] loop4: detected capacity change from 0 to 64 [ 579.425772][ T9962] loop4: detected capacity change from 0 to 256 [ 579.437011][ T9962] exfat: Deprecated parameter 'utf8' [ 579.476175][ T9962] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 579.683698][ T9967] loop2: detected capacity change from 0 to 256 [ 580.973577][ T9969] loop4: detected capacity change from 0 to 32768 [ 580.998765][ T9969] [ 580.998765][ T9969] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 580.998765][ T9969] [ 581.022458][ T5774] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 581.071414][ T4548] ERROR: (device loop4): diWrite: ixpxd invalid [ 581.071414][ T4548] [ 581.100895][ T4548] ERROR: (device loop4): txCommit: [ 581.100895][ T4548] [ 581.118267][ T4548] jfs_write_inode: jfs_commit_inode failed! [ 581.124434][ T8514] [ 581.124434][ T8514] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 581.124434][ T8514] [ 581.137822][ T8514] [ 581.137822][ T8514] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 581.137822][ T8514] [ 581.247886][ T5774] usb 3-1: Using ep0 maxpacket: 32 [ 581.256369][ T5774] usb 3-1: config 0 has an invalid interface number: 35 but max is 0 [ 581.268833][ T5774] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 581.283541][ T5774] usb 3-1: config 0 has no interface number 0 [ 581.290198][ T5774] usb 3-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 581.312451][ T5774] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 581.332123][ T5774] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.343413][ T5813] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 581.362585][ T5774] usb 3-1: Product: syz [ 581.375256][ T5774] usb 3-1: Manufacturer: syz [ 581.379920][ T5774] usb 3-1: SerialNumber: syz [ 581.402569][ T9980] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 581.413852][ T5774] usb 3-1: config 0 descriptor?? [ 581.431756][ T5774] radio-si470x 3-1:0.35: could not find interrupt in endpoint [ 581.459138][ T5774] radio-si470x: probe of 3-1:0.35 failed with error -5 [ 581.570189][ T5813] usb 1-1: Using ep0 maxpacket: 32 [ 581.596515][ T5813] usb 1-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 581.618559][ T5813] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.637876][ T5813] usb 1-1: Product: syz [ 581.643369][ T5813] usb 1-1: Manufacturer: syz [ 581.650947][ T5813] usb 1-1: SerialNumber: syz [ 581.658265][ T9985] IPVS: length: 153 != 24 [ 581.665792][ T5774] radio-raremono 3-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 581.675326][ T5813] usb 1-1: config 0 descriptor?? [ 581.696504][ T5813] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 581.704456][ T5813] dvb-usb: bulk message failed: -22 (4/0) [ 581.710944][ T5813] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 581.760267][ T5813] dvb-usb: bulk message failed: -22 (5/0) [ 581.771281][ T5813] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 581.795895][ T5813] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 581.807125][ T5813] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 581.815617][ T5813] usb 1-1: media controller created [ 581.909984][ T5774] radio-raremono 3-1:0.35: V4L2 device registered as radio48 [ 581.946965][ T5813] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 582.130054][ T5813] usb 1-1: selecting invalid altsetting 3 [ 582.136094][ T5813] ttusb2: set interface to alts=3 failed [ 582.136681][ T9978] dvb-usb: bulk message failed: -22 (7/0) [ 582.192929][ T9978] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0) [ 582.195186][ T5813] DVB: Unable to find symbol tda10086_attach() [ 582.210042][ T8] usb 3-1: USB disconnect, device number 12 [ 582.210512][ T8] radio-raremono 3-1:0.35: Thanko's Raremono disconnected [ 582.220998][ T5813] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 582.250352][ T5813] dvb-usb: bulk message failed: -22 (4/0) [ 582.259424][ T5813] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 582.275519][ T9978] ttusb2: i2c transfer failed. [ 582.284195][ T5813] dvb-usb: bulk message failed: -22 (5/0) [ 582.290020][ T5813] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 582.316340][ T5813] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 582.340883][ T5813] usb 1-1: USB disconnect, device number 9 [ 582.383322][ T5813] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 583.231761][ T9994] loop4: detected capacity change from 0 to 32768 [ 583.268705][ T9994] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop4 scanned by syz.4.1026 (9994) [ 583.290648][ T9994] BTRFS info (device loop4): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 583.309615][ T9994] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 583.324472][ T9994] BTRFS info (device loop4): enabling ssd optimizations [ 583.333129][ T9994] BTRFS info (device loop4): not using ssd optimizations [ 583.340255][ T9994] BTRFS info (device loop4): turning off barriers [ 583.355658][ T9994] BTRFS info (device loop4): using free space tree [ 583.588617][ T8514] BTRFS info (device loop4): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 583.762499][T10027] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1028'. [ 583.977225][T10032] loop4: detected capacity change from 0 to 2048 [ 584.029122][T10032] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 584.036576][T10034] loop2: detected capacity change from 0 to 64 [ 584.165167][ T8] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 584.359054][T10036] loop2: detected capacity change from 0 to 512 [ 584.406958][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 584.429533][ T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 584.450913][ T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 584.464434][ T8] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 584.488494][T10036] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 584.506168][ T8] usb 1-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 584.506351][T10036] ext4 filesystem being mounted at /243/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 584.516045][ T8] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 584.534335][ T8] usb 1-1: Product: syz [ 584.538681][ T8] usb 1-1: Manufacturer: syz [ 584.543488][ T8] usb 1-1: SerialNumber: syz [ 584.563127][ T8] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input11 [ 584.668171][ T5846] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 584.700284][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 584.814752][ T8] usb 1-1: USB disconnect, device number 10 [ 584.851083][ T8] appletouch 1-1:1.0: input: appletouch disconnected [ 584.863447][T10045] loop2: detected capacity change from 0 to 512 [ 584.891221][T10045] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 584.936826][ T5846] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 584.939018][T10045] ext4 filesystem being mounted at /244/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 584.947136][ T5846] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 584.968752][ T5846] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 584.988460][ T5846] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 584.996519][ T5846] usb 5-1: SerialNumber: syz [ 585.034282][T10045] EXT4-fs error (device loop2): ext4_empty_dir:3145: inode #12: block 32: comm syz.2.1034: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 585.092360][T10045] EXT4-fs (loop2): Remounting filesystem read-only [ 585.102720][T10045] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #12: comm syz.2.1034: directory missing '.' [ 585.148930][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 585.238174][ T5846] usb 5-1: 0:2 : does not exist [ 585.270058][ T5846] usb 5-1: USB disconnect, device number 5 [ 585.315379][ T8540] udevd[8540]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 585.832243][T10052] loop2: detected capacity change from 0 to 40427 [ 585.854401][ T5813] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 585.872745][T10052] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 585.905771][T10052] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 585.923722][T10052] F2FS-fs (loop2): invalid crc value [ 585.967954][T10052] F2FS-fs (loop2): Found nat_bits in checkpoint [ 586.057815][ T5813] usb 1-1: Using ep0 maxpacket: 32 [ 586.073734][ T5813] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 586.099060][ T5813] usb 1-1: config 0 has no interface number 0 [ 586.119559][ T5813] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 586.138024][ T5813] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.147671][ T5813] usb 1-1: Product: syz [ 586.152001][ T5813] usb 1-1: Manufacturer: syz [ 586.153671][T10052] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 586.161986][ T5813] usb 1-1: SerialNumber: syz [ 586.175083][T10052] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 586.262306][ T5813] usb 1-1: config 0 descriptor?? [ 586.284838][ T5813] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 586.346410][ T5813] usb 1-1: selecting invalid altsetting 1 [ 586.352433][ T5813] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 586.383465][ T5813] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 586.396673][ T5813] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 586.416448][ T5813] usb 1-1: media controller created [ 586.484677][T10063] loop4: detected capacity change from 0 to 32768 [ 586.486473][ T5813] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 586.568523][ T6416] XFS (loop4): filesystem is marked as having an internal log; do not specify logdev on the mount command line. [ 586.940409][T10073] loop4: detected capacity change from 0 to 128 [ 587.010257][T10073] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 587.041605][T10073] hpfs: filesystem error: improperly stopped [ 587.058643][T10073] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 587.080247][T10073] hpfs: You really don't want any checks? You are crazy... [ 587.096999][T10073] hpfs: hpfs_map_sector(): read error [ 587.115327][T10073] hpfs: code page support is disabled [ 587.129173][T10073] hpfs: hpfs_map_4sectors(): unaligned read [ 587.149025][T10073] hpfs: hpfs_map_4sectors(): unaligned read [ 587.162622][T10073] hpfs: filesystem error: unable to find root dir [ 587.323240][T10081] loop4: detected capacity change from 0 to 64 [ 587.596958][ T5846] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 587.631545][T10057] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 587.678210][ T5813] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 587.690701][ T5813] zl10353_read_register: readreg error (reg=127, ret==-71) [ 587.701223][ T5813] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 587.774576][ T5813] usb 1-1: USB disconnect, device number 11 [ 587.988129][ T5846] usb 3-1: unable to get BOS descriptor or descriptor too short [ 588.004370][ T5846] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 588.350652][ T5846] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 588.360121][ T5846] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 588.382557][ T5846] usb 3-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice= 0.40 [ 588.398813][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.406867][ T5846] usb 3-1: Product: syz [ 588.430644][ T5846] usb 3-1: Manufacturer: syz [ 588.435317][ T5846] usb 3-1: SerialNumber: syz [ 588.852705][ T5846] usb 3-1: Can't get UAC3 power state for id 10 [ 588.871893][ T5846] usb 3-1: 2:0: failed to get current value for ch 0 (-71) [ 588.897534][ T5846] usb 3-1: 2:0: cannot get min/max values for control 2 (id 2) [ 589.199295][ T5846] usb 3-1: USB disconnect, device number 13 [ 589.398486][T10104] loop4: detected capacity change from 0 to 512 [ 589.471580][T10104] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.1054: invalid indirect mapped block 10 (level 1) [ 589.487221][ T8490] udevd[8490]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 589.538967][T10104] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.1054: invalid indirect mapped block 8 (level 1) [ 589.695613][T10104] EXT4-fs (loop4): 1 truncate cleaned up [ 589.716866][T10104] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 589.915322][ T8514] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 591.627336][ T5846] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 591.848521][ T5846] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 591.858573][ T5846] usb 3-1: can't read configurations, error -71 [ 592.087269][T10156] loop4: detected capacity change from 0 to 256 [ 592.095162][T10156] exfat: Deprecated parameter 'utf8' [ 592.119285][T10156] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x47dfe6af, utbl_chksum : 0xe619d30d) [ 593.060748][ T5846] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 593.239855][T10178] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1083'. [ 593.267369][ T5846] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 593.276838][ T5833] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 593.290046][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 593.299875][ T5846] usb 3-1: Product: syz [ 593.304073][ T5846] usb 3-1: Manufacturer: syz [ 593.313328][ T5846] usb 3-1: SerialNumber: syz [ 593.321918][ T5846] usb 3-1: config 0 descriptor?? [ 593.335021][ T5846] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 593.508834][ T5833] usb 1-1: Using ep0 maxpacket: 16 [ 593.517022][ T5833] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 593.541117][ T5833] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 593.552542][ T5833] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.578126][ T5833] usb 1-1: config 0 descriptor?? [ 593.597503][ T5833] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input12 [ 593.879693][ T5127] bcm5974 1-1:0.0: could not read from device [ 593.902562][T10174] bcm5974 1-1:0.0: could not read from device [ 593.930455][ T5127] bcm5974 1-1:0.0: could not read from device [ 593.937486][ T5833] usb 1-1: USB disconnect, device number 12 [ 593.953126][ T8544] bcm5974 1-1:0.0: could not read from device [ 594.313433][ T5846] gspca_stk1135: reg_w 0x5 err -71 [ 594.319734][ T5846] gspca_stk1135: serial bus timeout: status=0x00 [ 594.339627][ T5846] gspca_stk1135: Sensor write failed [ 594.345526][ T5846] gspca_stk1135: serial bus timeout: status=0x00 [ 594.352109][ T5846] gspca_stk1135: Sensor write failed [ 594.358393][ T5846] gspca_stk1135: serial bus timeout: status=0x00 [ 594.368824][ T5846] gspca_stk1135: Sensor read failed [ 594.374119][ T5846] gspca_stk1135: serial bus timeout: status=0x00 [ 594.381620][ T5846] gspca_stk1135: Sensor read failed [ 594.387409][ T5846] gspca_stk1135: Detected sensor type unknown (0x0) [ 594.394292][ T5846] gspca_stk1135: serial bus timeout: status=0x00 [ 594.401180][ T5846] gspca_stk1135: Sensor read failed [ 594.406906][ T5846] gspca_stk1135: serial bus timeout: status=0x00 [ 594.413278][ T5846] gspca_stk1135: Sensor read failed [ 594.419186][ T5846] gspca_stk1135: serial bus timeout: status=0x00 [ 594.425625][ T5846] gspca_stk1135: Sensor write failed [ 594.431571][ T5846] gspca_stk1135: serial bus timeout: status=0x00 [ 594.437936][ T5846] gspca_stk1135: Sensor write failed [ 594.450704][ T5846] stk1135: probe of 3-1:0.0 failed with error -71 [ 594.473887][ T5846] usb 3-1: USB disconnect, device number 15 [ 596.298739][T10230] loop4: detected capacity change from 0 to 32768 [ 596.328072][T10230] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 scanned by syz.4.1106 (10230) [ 596.459551][T10230] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 596.480987][T10230] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 596.503324][T10230] BTRFS info (device loop4): turning on async discard [ 596.510160][T10230] BTRFS info (device loop4): using free space tree [ 596.603636][T10230] BTRFS info (device loop4): enabling ssd optimizations [ 596.665475][ T27] audit: type=1800 audit(1780030905.007:108): pid=10230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1106" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 596.788763][ T8514] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 597.619384][T10269] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1116'. [ 599.033821][T10286] loop2: detected capacity change from 0 to 40427 [ 599.056734][T10286] F2FS-fs (loop2): invalid crc value [ 599.073947][T10286] F2FS-fs (loop2): Found nat_bits in checkpoint [ 599.320215][T10286] F2FS-fs (loop2): Start checkpoint disabled! [ 599.429097][T10286] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 599.649629][ T5813] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 600.311817][ T5813] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 600.390073][ T5813] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 600.426050][ T5813] usb 5-1: Product: syz [ 600.430262][ T5813] usb 5-1: Manufacturer: syz [ 600.434871][ T5813] usb 5-1: SerialNumber: syz [ 600.491796][ T5813] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 600.556192][ T6417] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 600.587229][ T79] kworker/u4:5: attempt to access beyond end of device [ 600.587229][ T79] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 600.610567][ T79] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 600.620090][ T79] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 600.793785][T10311] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.815156][T10311] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.993420][T10312] netlink: 'syz.0.1131': attribute type 16 has an invalid length. [ 601.016564][T10312] netlink: 'syz.0.1131': attribute type 17 has an invalid length. [ 601.102929][T10312] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 601.643077][ T5813] usb 5-1: USB disconnect, device number 6 [ 601.912350][T10329] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1136'. [ 601.997172][ T6417] usb 5-1: Service connection timeout for: 256 [ 602.000467][T10302] Bluetooth: hci1: command 0x0406 tx timeout [ 602.014614][ T6417] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 602.044831][ T6417] ath9k_htc: Failed to initialize the device [ 602.067923][T10335] 9pnet_fd: Insufficient options for proto=fd [ 602.069763][ T5813] usb 5-1: ath9k_htc: USB layer deinitialized [ 602.240034][T10343] loop2: detected capacity change from 0 to 16 [ 602.252618][T10343] erofs: (device loop2): mounted with root inode @ nid 36. [ 602.319895][T10343] erofs: (device loop2): erofs_find_target_block: corrupted dir block 8200 @ nid 36 [ 602.348273][T10347] erofs: (device loop2): z_erofs_readahead: readahead error at folio 12 @ nid 36 [ 602.381112][T10347] erofs: (device loop2): z_erofs_readahead: readahead error at folio 9 @ nid 36 [ 602.391783][T10347] erofs: (device loop2): z_erofs_readahead: readahead error at folio 8 @ nid 36 [ 602.417198][T10347] syz.2.1141: attempt to access beyond end of device [ 602.417198][T10347] loop2: rw=524288, sector=67108872, nr_sectors = 16 limit=16 [ 602.891386][T10347] syz.2.1141: attempt to access beyond end of device [ 602.891386][T10347] loop2: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 604.681339][ T5833] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 604.796269][T10402] Bluetooth: MGMT ver 1.22 [ 604.904954][ T5833] usb 3-1: Using ep0 maxpacket: 32 [ 604.910867][T10404] use of bytesused == 0 is deprecated and will be removed in the future, [ 604.922220][ T5833] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 604.937407][T10404] use the actual size instead. [ 604.944609][ T5833] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 604.955900][ T5833] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 604.965538][ T5833] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.993222][ T5833] usb 3-1: config 0 descriptor?? [ 605.010987][ T5833] hub 3-1:0.0: USB hub found [ 605.237476][ T5833] hub 3-1:0.0: 1 port detected [ 605.418331][ T8767] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 605.621380][ T8767] usb 5-1: Using ep0 maxpacket: 16 [ 605.641906][ T8767] usb 5-1: New USB device found, idVendor=046d, idProduct=08b5, bcdDevice=d7.01 [ 605.657134][ T8767] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 605.677543][ T5833] usb 3-1: USB disconnect, device number 16 [ 605.688411][ T8767] usb 5-1: Product: syz [ 605.692621][ T8767] usb 5-1: Manufacturer: syz [ 605.722817][ T8767] usb 5-1: SerialNumber: syz [ 605.751733][ T8767] usb 5-1: config 0 descriptor?? [ 605.766684][ T8767] pwc: Logitech QuickCam Orbit/Sphere USB webcam detected. [ 605.994039][ T8767] pwc: Warning: more than 1 configuration available. [ 606.646783][ T8767] pwc: recv_control_msg error -71 req 02 val 2b00 [ 606.659899][ T8767] pwc: recv_control_msg error -71 req 02 val 2700 [ 606.666959][ T8767] pwc: recv_control_msg error -71 req 04 val 1600 [ 606.679968][ T8767] pwc: recv_control_msg error -71 req 02 val 2c00 [ 606.701267][ T8767] pwc: recv_control_msg error -71 req 04 val 1000 [ 606.708178][ T8767] pwc: recv_control_msg error -71 req 04 val 1300 [ 606.722694][ T8767] pwc: recv_control_msg error -71 req 04 val 1400 [ 606.743781][ T8767] pwc: recv_control_msg error -71 req 02 val 2000 [ 606.750674][ T8767] pwc: recv_control_msg error -71 req 02 val 2100 [ 606.765071][ T8] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 606.773497][ T8767] pwc: recv_control_msg error -71 req 06 val 0600 [ 606.791457][ T8767] pwc: recv_control_msg error -71 req 04 val 1500 [ 606.812334][ T8767] pwc: recv_control_msg error -71 req 02 val 2500 [ 606.829834][ T8767] pwc: recv_control_msg error -71 req 02 val 2400 [ 606.839983][ T8767] pwc: recv_control_msg error -71 req 02 val 2600 [ 606.851697][ T8767] pwc: recv_control_msg error -71 req 02 val 2900 [ 606.872221][ T8767] pwc: recv_control_msg error -71 req 02 val 2800 [ 606.893448][ T8767] pwc: recv_control_msg error -71 req 04 val 1100 [ 606.900416][ T8767] pwc: recv_control_msg error -71 req 04 val 1200 [ 606.915474][ T8767] pwc: Failed to power off camera (-71) [ 606.925770][ T8767] pwc: Registered as video103. [ 606.931583][ T8767] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input13 [ 606.957074][ T8767] usb 5-1: USB disconnect, device number 7 [ 606.974900][ T8] usb 3-1: unable to get BOS descriptor or descriptor too short [ 606.999199][ T8] usb 3-1: not running at top speed; connect to a high speed hub [ 607.041831][ T8] usb 3-1: New USB device found, idVendor=2466, idProduct=8010, bcdDevice= 0.40 [ 607.062204][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 607.081472][ T8] usb 3-1: Product: syz [ 607.092231][ T8] usb 3-1: Manufacturer: syz [ 607.097026][ T8] usb 3-1: SerialNumber: syz [ 607.244359][T10434] tun0: tun_chr_ioctl cmd 2147767506 [ 608.034372][ T8] usb 3-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 608.043079][ T8] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 608.256625][ T8] usb 3-1: USB disconnect, device number 17 [ 608.349024][ T8540] udevd[8540]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 608.655444][ T5785] Bluetooth: hci1: hcon ffff888024580000 sent 0 < count 137 [ 609.285949][T10470] loop2: detected capacity change from 0 to 32768 [ 609.310231][T10470] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1191 (10470) [ 609.383237][T10470] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 609.415274][T10470] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 609.432794][T10470] BTRFS info (device loop2): setting nodatasum [ 609.439620][T10470] BTRFS info (device loop2): turning on flush-on-commit [ 609.622988][T10470] BTRFS error (device loop2): unrecognized mount option 'fragment=data' [ 609.699099][T10470] BTRFS error (device loop2): open_ctree failed: -22 [ 609.777076][T10470] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1191'. [ 609.966459][T10490] Bluetooth: MGMT ver 1.22 [ 609.991707][T10490] Bluetooth: hci1: expected 19 bytes, got 2 bytes [ 612.576392][T10527] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1213'. [ 612.782535][T10538] netlink: 'syz.0.1218': attribute type 21 has an invalid length. [ 612.796122][T10538] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1218'. [ 612.806177][T10538] netlink: 'syz.0.1218': attribute type 5 has an invalid length. [ 612.813940][T10538] netlink: 'syz.0.1218': attribute type 6 has an invalid length. [ 612.823286][T10538] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1218'. [ 612.834846][T10538] netlink: 'syz.0.1218': attribute type 21 has an invalid length. [ 612.848077][T10538] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1218'. [ 612.866773][T10538] netlink: 'syz.0.1218': attribute type 5 has an invalid length. [ 612.883737][T10538] netlink: 'syz.0.1218': attribute type 6 has an invalid length. [ 612.896090][T10538] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1218'. [ 613.008555][ T5833] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 613.233066][ T5833] usb 5-1: Using ep0 maxpacket: 32 [ 613.245932][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 613.283916][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 613.326150][ T5833] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 613.361312][ T5833] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 613.377071][T10551] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 613.397636][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.490647][ T5833] usb 5-1: config 0 descriptor?? [ 613.885360][ T8] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 614.098872][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 614.115886][ T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 614.147292][ T8] usb 3-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= a.f5 [ 614.162961][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 614.171043][ T8] usb 3-1: Product: syz [ 614.201925][ T5833] usbhid 5-1:0.0: can't add hid device: -71 [ 614.209362][ T5833] usbhid: probe of 5-1:0.0 failed with error -71 [ 614.216405][ T8] usb 3-1: Manufacturer: syz [ 614.221034][ T8] usb 3-1: SerialNumber: syz [ 614.236188][ T5833] usb 5-1: USB disconnect, device number 8 [ 614.243378][ T8] usb 3-1: config 0 descriptor?? [ 614.259405][T10556] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 614.275941][ T8] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 614.516680][ T5813] usb 3-1: USB disconnect, device number 18 [ 614.964019][T10583] loop4: detected capacity change from 0 to 1024 [ 614.990728][T10583] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 615.345435][T10594] loop2: detected capacity change from 0 to 16 [ 615.358122][T10594] erofs: (device loop2): mounted with root inode @ nid 36. [ 615.375624][T10594] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 72 of nid 36 [ 615.903119][ T27] audit: type=1800 audit(1780030922.948:109): pid=10583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1238" name="file1" dev="loop4" ino=839 res=0 errno=0 [ 616.210788][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 616.217550][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 616.804336][T10616] loop2: detected capacity change from 0 to 512 [ 616.831111][T10616] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1249: invalid indirect mapped block 256 (level 2) [ 616.894199][T10616] EXT4-fs (loop2): 2 truncates cleaned up [ 616.902772][T10616] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 616.960872][ T27] audit: type=1800 audit(1780030923.986:110): pid=10616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1249" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 617.013963][ T5813] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 617.046215][T10613] [ 617.048580][T10613] ====================================================== [ 617.055602][T10613] WARNING: possible circular locking dependency detected [ 617.062636][T10613] syzkaller #0 Not tainted [ 617.067068][T10613] ------------------------------------------------------ [ 617.074067][T10613] syz.2.1249/10613 is trying to acquire lock: [ 617.080109][T10613] ffff88807dc86ec8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_destroy_inline_data+0x28/0xe0 [ 617.089854][T10613] [ 617.089854][T10613] but task is already holding lock: [ 617.097235][T10613] ffff88807bbc2c58 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1a4/0x350 [ 617.107357][T10613] [ 617.107357][T10613] which lock already depends on the new lock. [ 617.107357][T10613] [ 617.117769][T10613] [ 617.117769][T10613] the existing dependency chain (in reverse order) is: [ 617.126791][T10613] [ 617.126791][T10613] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 617.135238][T10613] percpu_down_read+0x44/0x1a0 [ 617.140556][T10613] ext4_writepages+0x1a4/0x350 [ 617.145957][T10613] do_writepages+0x3b3/0x630 [ 617.151082][T10613] __writeback_single_inode+0x153/0xec0 [ 617.157158][T10613] writeback_single_inode+0x21f/0x760 [ 617.163066][T10613] write_inode_now+0x183/0x210 [ 617.168349][T10613] iput+0x5ae/0x920 [ 617.172677][T10613] ext4_xattr_block_set+0x273f/0x32b0 [ 617.178646][T10613] ext4_expand_extra_isize_ea+0x12c5/0x1e80 [ 617.185054][T10613] __ext4_expand_extra_isize+0x306/0x400 [ 617.191207][T10613] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 617.197179][T10613] ext4_evict_inode+0x7f3/0xea0 [ 617.202538][T10613] evict+0x4ca/0x8d0 [ 617.206941][T10613] ext4_orphan_cleanup+0xbec/0x1420 [ 617.212649][T10613] ext4_fill_super+0x5eea/0x67b0 [ 617.218098][T10613] get_tree_bdev+0x3f3/0x520 [ 617.223197][T10613] vfs_get_tree+0x8c/0x280 [ 617.228122][T10613] do_new_mount+0x24b/0xa40 [ 617.233152][T10613] __se_sys_mount+0x2e7/0x3d0 [ 617.238337][T10613] do_syscall_64+0x55/0xb0 [ 617.243262][T10613] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 617.249672][T10613] [ 617.249672][T10613] -> #0 (&ei->xattr_sem){++++}-{3:3}: [ 617.257221][T10613] __lock_acquire+0x2df1/0x7d40 [ 617.262585][T10613] lock_acquire+0x19e/0x420 [ 617.267604][T10613] down_write+0x97/0x200 [ 617.272361][T10613] ext4_destroy_inline_data+0x28/0xe0 [ 617.278243][T10613] ext4_do_writepages+0x4f0/0x3990 [ 617.283866][T10613] ext4_writepages+0x1dd/0x350 [ 617.289142][T10613] do_writepages+0x3b3/0x630 [ 617.294247][T10613] filemap_fdatawrite_wbc+0x122/0x180 [ 617.300130][T10613] filemap_flush+0xe4/0x150 [ 617.305142][T10613] ext4_release_file+0x82/0x310 [ 617.310498][T10613] __fput+0x234/0x970 [ 617.314988][T10613] task_work_run+0x1d4/0x260 [ 617.320088][T10613] exit_to_user_mode_loop+0xe6/0x110 [ 617.325884][T10613] exit_to_user_mode_prepare+0xee/0x180 [ 617.332033][T10613] syscall_exit_to_user_mode+0x1a/0x50 [ 617.338006][T10613] do_syscall_64+0x61/0xb0 [ 617.342941][T10613] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 617.349351][T10613] [ 617.349351][T10613] other info that might help us debug this: [ 617.349351][T10613] [ 617.359567][T10613] Possible unsafe locking scenario: [ 617.359567][T10613] [ 617.367003][T10613] CPU0 CPU1 [ 617.372356][T10613] ---- ---- [ 617.377792][T10613] rlock(&sbi->s_writepages_rwsem); [ 617.383081][T10613] lock(&ei->xattr_sem); [ 617.389919][T10613] lock(&sbi->s_writepages_rwsem); [ 617.397624][T10613] lock(&ei->xattr_sem); [ 617.401939][T10613] [ 617.401939][T10613] *** DEADLOCK *** [ 617.401939][T10613] [ 617.410066][T10613] 1 lock held by syz.2.1249/10613: [ 617.415158][T10613] #0: ffff88807bbc2c58 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1a4/0x350 [ 617.425593][T10613] [ 617.425593][T10613] stack backtrace: [ 617.431478][T10613] CPU: 0 PID: 10613 Comm: syz.2.1249 Not tainted syzkaller #0 [ 617.438921][T10613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 617.449062][T10613] Call Trace: [ 617.452335][T10613] [ 617.455258][T10613] dump_stack_lvl+0x18c/0x250 [ 617.459930][T10613] ? load_image+0x420/0x420 [ 617.464421][T10613] ? show_regs_print_info+0x20/0x20 [ 617.469613][T10613] ? print_circular_bug+0x12b/0x1a0 [ 617.474800][T10613] check_noncircular+0x2fc/0x400 [ 617.479738][T10613] ? do_mprotect_pkey+0x7c2/0xcb0 [ 617.484771][T10613] ? __x64_sys_mprotect+0x80/0x90 [ 617.489790][T10613] ? print_deadlock_bug+0x5d0/0x5d0 [ 617.494976][T10613] ? lockdep_lock+0xf5/0x230 [ 617.499566][T10613] ? _find_first_zero_bit+0xd3/0x100 [ 617.504839][T10613] __lock_acquire+0x2df1/0x7d40 [ 617.509690][T10613] ? mark_lock+0x94/0x320 [ 617.514009][T10613] ? mark_lock+0x94/0x320 [ 617.518339][T10613] ? verify_lock_unused+0x140/0x140 [ 617.523526][T10613] ? __lock_acquire+0x1273/0x7d40 [ 617.528542][T10613] lock_acquire+0x19e/0x420 [ 617.533037][T10613] ? ext4_destroy_inline_data+0x28/0xe0 [ 617.538593][T10613] ? __might_sleep+0xe0/0xe0 [ 617.543194][T10613] ? read_lock_is_recursive+0x20/0x20 [ 617.548587][T10613] ? __might_sleep+0xe0/0xe0 [ 617.553183][T10613] ? register_lock_class+0xc4/0x8a0 [ 617.558375][T10613] down_write+0x97/0x200 [ 617.562611][T10613] ? ext4_destroy_inline_data+0x28/0xe0 [ 617.568154][T10613] ? down_read_killable+0x340/0x340 [ 617.573342][T10613] ? unwind_get_return_address+0x91/0xc0 [ 617.578966][T10613] ? ext4_journal_check_start+0x178/0x250 [ 617.584680][T10613] ext4_destroy_inline_data+0x28/0xe0 [ 617.590058][T10613] ext4_do_writepages+0x4f0/0x3990 [ 617.595180][T10613] ? verify_lock_unused+0x140/0x140 [ 617.600374][T10613] ? __lock_acquire+0x1347/0x7d40 [ 617.605403][T10613] ? ext4_normal_submit_inode_data_buffers+0x240/0x240 [ 617.612263][T10613] ? rcu_read_lock_any_held+0xb4/0x140 [ 617.617726][T10613] ext4_writepages+0x1dd/0x350 [ 617.622489][T10613] ? ext4_read_folio+0x2f0/0x2f0 [ 617.627428][T10613] ? __rwlock_init+0x150/0x150 [ 617.632184][T10613] ? do_raw_spin_unlock+0x121/0x230 [ 617.637371][T10613] ? ext4_read_folio+0x2f0/0x2f0 [ 617.642312][T10613] do_writepages+0x3b3/0x630 [ 617.646927][T10613] ? folio_clear_dirty_for_io+0xc30/0xc30 [ 617.652647][T10613] ? __lock_acquire+0x7d40/0x7d40 [ 617.657673][T10613] ? __rwlock_init+0x150/0x150 [ 617.662445][T10613] ? do_raw_spin_unlock+0x121/0x230 [ 617.667658][T10613] filemap_fdatawrite_wbc+0x122/0x180 [ 617.673051][T10613] filemap_flush+0xe4/0x150 [ 617.677557][T10613] ? filemap_fdatawrite_range+0x160/0x160 [ 617.683284][T10613] ? rcu_is_watching+0x15/0xb0 [ 617.688048][T10613] ext4_release_file+0x82/0x310 [ 617.692900][T10613] ? ext4_file_open+0x780/0x780 [ 617.697741][T10613] __fput+0x234/0x970 [ 617.701716][T10613] task_work_run+0x1d4/0x260 [ 617.706302][T10613] ? task_work_cancel+0x220/0x220 [ 617.711320][T10613] ? exit_to_user_mode_loop+0x3b/0x110 [ 617.716776][T10613] exit_to_user_mode_loop+0xe6/0x110 [ 617.722052][T10613] exit_to_user_mode_prepare+0xee/0x180 [ 617.727593][T10613] syscall_exit_to_user_mode+0x1a/0x50 [ 617.733046][T10613] do_syscall_64+0x61/0xb0 [ 617.737453][T10613] ? clear_bhb_loop+0x40/0x90 [ 617.742124][T10613] ? clear_bhb_loop+0x40/0x90 [ 617.746794][T10613] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 617.752690][T10613] RIP: 0033:0x7f724319ce59 [ 617.757108][T10613] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 617.776708][T10613] RSP: 002b:00007ffe5a944be8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 617.785113][T10613] RAX: 0000000000000000 RBX: 00007ffe5a944cd0 RCX: 00007f724319ce59 [ 617.793091][T10613] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 617.801061][T10613] RBP: 00000000000989c5 R08: 0000000000000001 R09: 0000000000000000 [ 617.809027][T10613] R10: 0000001b2c820000 R11: 0000000000000246 R12: 00007ffe5a944d10 [ 617.816993][T10613] R13: 00007f7243415fac R14: 0000000000098ab8 R15: 00007f7243415fa0 [ 617.825061][T10613] [ 617.847415][T10613] EXT4-fs error (device loop2): ext4_validate_block_bitmap:430: comm syz.2.1249: bg 0: block 5: invalid block bitmap [ 617.860205][T10613] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28 [ 617.862885][ T5813] usb 1-1: Using ep0 maxpacket: 16 [ 617.872553][T10613] EXT4-fs (loop2): This should not happen!! Data will be lost [ 617.872553][T10613] [ 617.881348][ T5813] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 617.887222][T10613] EXT4-fs (loop2): Total free blocks count 0 [ 617.887238][T10613] EXT4-fs (loop2): Free/Dirty block details [ 617.887249][T10613] EXT4-fs (loop2): free_blocks=0 [ 617.887258][T10613] EXT4-fs (loop2): dirty_blocks=32 [ 617.899873][ T5813] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 617.904062][T10613] EXT4-fs (loop2): Block reservation details [ 617.904075][T10613] EXT4-fs (loop2): i_reserved_data_blocks=32 [ 617.945144][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 617.947926][ T5813] usb 1-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00 [ 617.986217][ T5813] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 618.003381][ T5813] usb 1-1: config 0 descriptor?? [ 618.459302][ T5813] wacom 0003:056A:0084.0004: unbalanced delimiter at end of report description [ 618.468656][ T5813] wacom 0003:056A:0084.0004: parse failed [ 618.475303][ T5813] wacom: probe of 0003:056A:0084.0004 failed with error -22 [ 618.698979][ T5813] usb 1-1: USB disconnect, device number 13