last executing test programs: 2.537788572s ago: executing program 1 (id=1064): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x7}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x4}]}}]}, 0x48}}, 0x0) 2.281306664s ago: executing program 1 (id=1069): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x4, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) read$FUSE(r0, &(0x7f0000008440)={0x2020}, 0x2020) 2.050732994s ago: executing program 0 (id=1074): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="4f00030007"], 0xd) 2.042365175s ago: executing program 1 (id=1075): mkdir(&(0x7f0000000440)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x800009, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) creat(&(0x7f0000000080)='./file0/bus\x00', 0x0) 1.814028114s ago: executing program 0 (id=1077): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="e001000010000100"/20, @ANYRES32=r1, @ANYBLOB="0000000000000000540016805000018014002c00feffffff00000000000000000000000010000200080000001c09000079d2000028000100ff0300000fb3dd6785ad00000000000000000000000000000000000000000000000000006c011a809c000a801400070000000000000000000000ffffac1414041400070000000000001200000000ffff7f0000010500080004"], 0x1e0}}, 0x0) 1.643849569s ago: executing program 4 (id=1079): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv6_newroute={0x38, 0x18, 0x309, 0x0, 0x0, {}, [@RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x2}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_ACTION={0x8, 0x1, 0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) 1.63102461s ago: executing program 0 (id=1080): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}, 0x1c) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f00000022c0)=""/4118, &(0x7f0000001080)=0x1016) 1.526834239s ago: executing program 0 (id=1081): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000080)=ANY=[@ANYBLOB='b ', @ANYRESOCT], 0xc) 1.493060952s ago: executing program 2 (id=1082): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000003c0)='./file0\x00', 0xa00700, &(0x7f0000000980)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@delalloc}, {@nolazytime}, {@resgid}, {@grpquota}, {@usrjquota}]}, 0x1, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") chdir(&(0x7f0000000200)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020660b, &(0x7f0000000a40)={0x0, 0xffffffff004}) 1.482686933s ago: executing program 4 (id=1083): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@bridge_dellink={0x2c, 0x11, 0x5, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x5, 0x0, 0x1, {0x4, 0x6}}]}]}, 0x2c}}, 0x0) 1.407574989s ago: executing program 4 (id=1084): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x25000000, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x58, 0x10, 0x503, 0x1000000, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x20, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_MODE={0x8}, @IFLA_MACVLAN_MACADDR={0xa, 0x4, @remote}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x58}}, 0x0) 1.390566931s ago: executing program 0 (id=1085): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0) 1.238201504s ago: executing program 4 (id=1087): semget$private(0x0, 0x7, 0x0) semop(0x0, &(0x7f0000000040)=[{0x4, 0xffff}], 0x1) semop(0x0, &(0x7f0000000000)=[{0x4, 0x5}, {0x4}], 0x2) semctl$GETNCNT(0x0, 0x4, 0xf, 0x0) 1.085402737s ago: executing program 1 (id=1090): syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x3200c00, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x3, 0xa73, &(0x7f0000003cc0)="$eJzs3U2MG1cBAOA33vUmm6TEKQldktAm/LTlp7vNZgk/ETRVcyFqKm6VKi5RmpaINCBSCVpVIsmJG62qcIUiTuVQAUJqLyjqiUslGolLT4UDB6IgVeIAhcRove95xy92x/uTtb3+Punt85s39nszOzMez8x7LwBjq9b6u7AwU4Rw5a1Xj//j/r9PL055pD1Ho/V3spSqhxCKmJ7MPu/9iaX45gcvne4WF2G+9TelwxM32u/dHkK4GA6Eq6ER9l659so784+fvHTi8sF3Xz96/c4sPQAAjJdvXz26sOevf96368M37j0WtrSnp/PzRkzviOf9x+KJfzr/r4XOdFEKZVPZfJMx1LL5JrrMVy6nns032aP8qexz6+38fR3zbakof6I0rdtywyhL23EjFLXZjnStNju79Js8tH7XTxWz58+ee+bCgCoKrLt/3RdCOCCsNDSbzZ+0VuAQ1EUQVhuaOwd9BAJYkt8vvM3F/MrC2rQ/bbK/8m88Wuv+flgHG739K3+0yv/1JUcc1s9m3ZrScqX9aEdM5/cR8ueXVrr/p8/L70fU+6xnr/sIo3J/oVc9Jza4HqvVq/75drFZfSPGaT18M8sv7z/5/3RU/sdAd//eqOv/r00P/FrnYjgwBHXY1KE+BHUQ+g7NQR+AgKG1/NzckmaU8vPn+vL8LRX5Wyvypyvyt1Xkb6/Ih3H2++d/Fl4uln/n57/pV3o9LF1nuyvGH1thffLrkSstP3/ud6XWWn7+PDEMszdPPXnmq08/dW3p+f+ivf3fitv7gZhuxH3rapwhXS/Mr6u3n/1vdJZT6zHf3Vl97rpt/uZSibs75yt2L39OKB1nbqvHTOf7dvaab3/nfI1svukYtmb1zc9PtmXvS+cf6bia1tdktrz1bDmmsnqk48quGOf1gNVI22Ov5//T9jkT6sUzZ8+deTim03b6p4n6lsXph8of+puNqTuwNv22/5kJne1/drSn12vl48LO5elF+bjQyKbPLyXbt8nT9MMxnb7nvjsx3Zo+e/r7555e74WHMXfhhRe/d+rcuTM/9CK9mLZavPCi6sixWZ8chPEx9/xzP5i78MKLD5197tSzZ549c/7wkSOH5+ePfO3wwlzrvH6ufHYPbCbLX/qDrgkAAAAAAAAAAADQrx+dOH7tL29/5b2l9v/L7f9S+//05G9q///TrP1/3k4+tQpI7QB3dclvjbv3Zmc9prL56jF8PKvv7qycPdn7PhHj9jh+sf1/am+f9+ua6nNPNj3vvzfNl3UncFt/KVNZHyTt8QJjg/1Px/TlGP8qwAAV090nx7iqf+u0raf+KfRLMZrS/y1tDakfk9T+u1e/Tun4v2sD6sj624jmhINeRqC7fw79+J+lM/GB1+UjQ7M5+DqsPQz/ehbWMTSbRvEAhsOgx/9M1z1TfP6P39q6GNJsNx7tPF7m/ZfCWgz7+JPK31zjf7bHv+vr+Neld/WOfp77H13hP7+4/l6p2LC33+NvvvypH+jd1WWWfRjLT8v/QOiv/OZrWfn5DaE+/Tcrf1uf5d+2/PtXV/7/YvlptT34mX7LX6pxUeusR37dON3/y68bJzez5U99e654+Vc5UOOtWD6Ms97jzPY7gu1wGpXxf3vJn8P4ckynA2F6ziH/Rl5p/dPzFel7YE/2+UXF99uojFPcy7iP//v1GFftD2n837Q9Nrqka6V0vcu6HfVtBTab94f+/t+IhYtDUAdhSMNwjIFdDs1mc6AdeetFfLAGvf4Hffd50OUPev1Xycf/zc/h8/F/a9kPiHz83/z9+fi/eX4+vl6en4//m6/PfPzfPP+e7HPzK9gzFfmfrMjfW5G/bzl/ulv+/or3f6oi/2BF/r0V+fdV5N9dkT9Rkf/ZivzPVeTfX5H/YEX+5yvyN7tWe5TSTjVuyw/jLG+fZ/+H8ZHu//Ta/3dX5AOj6+dvHHrsqd99p7HU/n+q/Xst3cc7FtP1+Nv5xzGd3/cOpfRi3tsx/bcsf9ivd8A4yfvPyL/fH6jIB0ZXes7L/g1jqOjeY09+v61Xv1W9zvMZLV+I8Rdj/KUYPxTj2RjPxfhQjOc3qH7cGY/99g9HXy6Wf+/vzPL7fZ48bw+U9xN1uM/65NcHVvo8e96P30qttfxVNgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYmFrr78LCTBHClbdePf7kybNzi1Meac/RaP2dLKXq7feF8HCMJ2L8y/ji5gcvnS7Ht2JchPlQhKI9PTxxo13S9hDCxXAgXA2NsPfKtVfemX/85KUTlw+++/rR63duDQAAAMDm9/8AAAD//6ZSGwg=") capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0x40186e8d, 0x0) 1.035284021s ago: executing program 2 (id=1091): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0x4}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r1}, 0x10) syz_clone(0x160000, 0x0, 0x0, 0x0, 0x0, 0x0) 782.513933ms ago: executing program 1 (id=1093): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x1000410, &(0x7f0000000b80)={[{@acl}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x20000008) 696.75547ms ago: executing program 3 (id=1094): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0xd3, 0x8, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f0000001d80), &(0x7f0000001d40)=r0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r1, &(0x7f0000000300), 0x0}, 0x20) 696.17379ms ago: executing program 2 (id=1095): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth0_to_team\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_ATM={0x8}, @TCA_CAKE_FLOW_MODE={0x8}]}}]}, 0x44}}, 0x0) 570.006131ms ago: executing program 3 (id=1096): r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r0, &(0x7f00000000c0)='}', 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0xd, &(0x7f0000000300), 0x4) 497.828587ms ago: executing program 3 (id=1097): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc018620b, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 445.268092ms ago: executing program 3 (id=1098): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000), 0x0) sendmmsg$inet6(r0, &(0x7f000000cf00)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @loopback}, 0x1c, &(0x7f0000000040)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet6_int(r0, 0x84, 0x42, 0x0, 0x0) 389.709296ms ago: executing program 2 (id=1099): openat(0xffffffffffffff9c, 0x0, 0x301040, 0x1) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @dev}, 0xc) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@multicast, @random="3df4f6c591c9", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @dev={0xac, 0x14, 0x14, 0x40}, @multicast2}, @info_reply}}}}, 0x0) 328.736292ms ago: executing program 4 (id=1100): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000280)={r2, &(0x7f00000001c0), 0x0}, 0x20) 286.135235ms ago: executing program 3 (id=1101): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r0}, 0x10) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) read$FUSE(r1, &(0x7f0000000280)={0x2020}, 0x2020) 283.605915ms ago: executing program 1 (id=1102): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) write$binfmt_aout(r0, &(0x7f0000000100)=ANY=[], 0xff2e) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 185.034734ms ago: executing program 2 (id=1103): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f00000010c0)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000000)="96521245147e3e0390b4226b3ddeba4da8959ec917962800e4c38647b881", 0x1e}, {&(0x7f0000000340)="5a03eb24a93001fd3e88b175da8f63754048ff60e89a9ed4e2e0292d467401dd015bcfddef8ed818ecc37d23427624d455f92ddf3d7dfd4f56ca711216f9b2122f67b7b2c3614e25ee790b1491ab7776a56336c2f2b3bf2b858f0b5d1b8974ac1aa6e1206ed96b82cdb051673b4950ae293bfa67b190e245e6aef0c24b577da2bfbd0ecbd6c591fce11f69ed7c0a3c851944edea5c31cc93b73819131fb46f6a8992e7b7b690ee6bf449df5340045109ae0e0d486d604352d6e233631362d19e68be59af", 0xc4}, {&(0x7f0000000440)="99ef1589dd1e53a26c69600295c1d4a4e9cd28459dcebaeeeed67a7866349553af250ffd68259b7bb8e0227bc6e5923c857b3ff6e1f570f801ef3448eb12bb27cb21ff306bc985ad5719c8f2e9431dcc1b411933ec977b293b4712eacb0afd06639d9176c7e3b00b6a3fdf498d6c5f4b2acc9dc4f225cf3dfb241d83f9d125c88c231ca4982b2fc0939f6d600092089b69a38de736c7e23df6022e0718993c406dde999a415d5085ae7454baee9c8e7c07ec9be017a2ccb6656da2e7faa23801ad97506e73ea6e53f33893baf1f0f924826105d6c3124824", 0xd8}, {&(0x7f0000000640)="51cd27289195a458dd093d66b5612ace9bf37143d24d7f1975fe670109b35523e1dcab1bf4ca9c67fe388574f8d3563b9dcd989006c1315fbfac241b11a195ee6ff7fe28c0088bd7626b6610a2e8eead706dd050a37eaaf748d2cfdf57baf11f7b85795548bd71dd6399140173a461f2e7049720ce9e981275a48c0c73b9dcf94de8e23cddfd0c7368e1621a0044050968d096a35f5c2f9a2ab26501465d7d85f4c8cb70f0ff4c38daa2ac7278d399ee351a21d1098c136bd4258ac0f31a968a9209", 0xc2}, {&(0x7f00000001c0)="d9f15503c1", 0x5}], 0x5}}], 0x1, 0x0) 125.210939ms ago: executing program 4 (id=1104): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0x4}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r1}, 0x10) syz_clone(0x160000, 0x0, 0x0, 0x0, 0x0, 0x0) 102.879741ms ago: executing program 0 (id=1105): r0 = socket(0x1e, 0x4, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000480), 0x4) recvmmsg(r0, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000400)=""/53, 0x35}], 0x1, &(0x7f00000004c0)=""/164, 0xa4}}], 0x1, 0x0, 0x0) sendmsg$tipc(r0, &(0x7f0000000200)={&(0x7f0000000c00)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x0, 0x4}}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000040)='\v', 0x1}], 0x1}, 0x0) 57.530615ms ago: executing program 3 (id=1106): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000480)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r1 = dup2(r0, r0) sendmmsg$unix(r1, &(0x7f0000001e80)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)="12f8a2b2236d539f42b67e083fcd9b5de2cb490c038d25210290c4cc3afacede0f7d823ef5968c9a", 0x28}], 0x1}}, {{&(0x7f0000000440)=@file={0x0, '.\x00'}, 0x6e, 0x0}}], 0x2, 0x0) 0s ago: executing program 2 (id=1107): r0 = syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x82, &(0x7f0000000700)=ANY=[@ANYBLOB='iocharset=default,noadinicb,gid=forget,gid=ignore,nostrict,gid=', @ANYRESDEC=0x0, @ANYBLOB="2c616e63686f723d30303030000088be0900303030303030303030312c7569643d666f726765742c00215e8c2e42462f3ab5e1f7c0527abbb422be9178aa60681964adb069ae876c4a599d560075ac47c0de1a9bb9146af6433efdcdac853a8e8f16d6bad90ecce0a1fab46f48331e6b3c325c08df3c334e4da28067a30b3b1dc64bf692c712fc273bc1702008f563765c6f3e67d97e1369973c2a87f0ecca7320819863179fb85e394a8cf1d62c70d8306633b6958ebf998a0685bc5cdd1f97291328743add4c867115fae1082f8faf482e15eb939968"], 0x0, 0xc34, &(0x7f0000001080)="$eJzs3U9sHNd9B/DfGy5F0m4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIbtowvfTQQ4Ci6CEnAq1RIEUDoymKHtnWBZKLD4VPPREtbARFD2wRIKeAxcy+FVf/LMkkJcr+fGzqOzv73sx7M+MZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+8cvb48+lhtwIAeJDOT3/1+AnPfwD4RLng//8BAAAAAAAAAAAAAOCgS1HEE5Fi6fxWmq0+dw2fa3euXpuZmLx9tZFU1Ryoypc/w8+fOHnqSy+Mn+7lh9ffa0/Fa9MXztZfXryytNxaWWnN12c67bnF+dY9b2G39W82Vh2A+pXXr85furRSP/HcyRu+vjb6wdDjR0bPjD9z7Ole2ZmJycnpvjK1wY+891vcaYTHoSjiWKR49vs/Ts2IKGL3x+Iu185+G6k6MVZ1YmZisurIQrvZWS2/nOodiCKi3lep0TtGD+Bc7EojYq1sftngsbJ700vN5ebFhVZ9qrm82l5tL3amUre1ZX/qUcTpFLEeEZtDt25uMIqoRYrvHt5KFyNioHccvlgNDL5zO4p97OM9KNtZH4xYLx6Bc3aADUURr0aKn7xTxFx5zPJPfCHi1TL/MeKtMl+KSOWFcSri/eo6GnnILWcv1KKIPyvP/5mtNF/dD3r3lXNfq3+lc2mxr2zvvvLIPx8epAN+bxqOIprVHX8rffTf7AAAAAAAAAAAAAAAAACw10aiiKcixSv//gfVuOKoxqUfPjP+u6M/3z9m/Mm7bKcs+1xErBX3Nib3UB5CPJWmUnrIY4k/yYajiD/K4/++/bAbAwAAAAAAAAAAAAAAAAAA8IlWxHuR4sV3j6b16J9TvN25XL/QvLjQnRW2N/dvb8707e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjluvnbOSczbmWcz3nRs7NnHFA5u4FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPg4KaKIn0WK73xjK0WKiEbEbHRzY6hXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4mIZSET+IFPXfa1xfV4uIVP3bdbT85VQ0DpX56WiMl/lSNM7mbFZZa3z7IbSf3RlMRfwoUgwNv339hOfzP9j9dP0yiLe+ufPpl2rdHOh9OfrB0ONHDp8Zn/yVJ++0nG7XgLFz7c7Va/WZicnJ6b7Vtbz3T/etG837Lfam60TEyhtvvt5cWGgtW/hkLNS6C7XY0y2PROztBvduodZdyPereOjtucNC42A0Y2chqnv/be/ZfGyUz//3I8VvvvsfvQd+7/n/c91P15/w8dM/3nn+v3jzhvbp+f9E37oX8+9GBmsRw6tXlgaPRAyvvPHmsfaV5uXW5Vbn1PHjXx4f//LJ44OHIoYvtRdafUu7PlQAAAAAAAAAAAAAAAAAD1Yq4rcjRfNHW6keEdeq8VqjZ8afOfb0QAxU461uGLf12vSFs/WXF68sLbdWVlrz9ZlOe25xvnWvuxuuhnvNTEzuS2fuamSf2z8y/PLi0hvL7cu/v3rb7x8bPntxZXW5OXf7r2MkiohG/5qxqsEzE5NVoxfazU5VdWqPBmYOpiL+M1LMnaqnz+d1efxfGe8N9pXtH/+/1re+Wt6n8X+fumk/KRXx00jxG3/+ZHy+audjccsxy+X+OlKMnf5cLheHynK9NnTfK9AdGViW/d9I8fc/u7Fsr+9P7JR9/v6O7sFXnv/DkeIHf/q9+NW87sb3P+yM/+w//4/dvKF9Ov+f6Vv32A3vK9h118nn/1ikeOmJt+PX8roPe/9HEdvb29+KOJoLX38/xz6d/8/2rRuN7n5/fe+6DwAAAAAAAAAA8MgaTEX8TaR4erKWXsjr7uXv/83fvKF9+vtfv9i3bv4BzVe064MKAAAAAAfEYCrivUhxefXt62Oo+8Z/3zj+87d25l6fSDd9W/053y9U7w3Yyz//6zea9zu7+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dRn7zKf+kakeOW/n83l0pGyXG8e+NHq1+Hzi51jZxcWFueaq82LC6369FJzrlXW/Uyk2Pqrz+W6RTW/em+++e4c78PbvbnYlyPF5N/2ynbnYu/NTd6dD7w7F3tZ9lOR4r/+7sayvXmsP7tT9kRZ9i8jxdf/6fZlj+yUPVmW/V6k+OHX672yj5Vle+9H7b6TdLgWC63n5hYXbnkVKgAAAAAAAAAAAAAAAAAAANyvwVTEn0SK/7myHmt52H+e/783A3+tV/atb/bN93+Ta9U8/6PV/P93Wv4o8/+P7llPAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg0ZGiiDcjxdL5rbQxVH7uGj7X7ly9NjMxeftqI6mqOVCVL3+Gnz9x8tSXXhg/3csPr7/XnorXpi+crb+8eGVpubWy0pqvz3Tac4vzrXvewm7r7xy6rrHqANSvvH51/tKllfqJ507e8PW10Q+GHj8yemb8mWNP98rOTExOTveVqQ3ex97vq3E7DkURfxEpnv3+j9M/D0UUsftjcZdrZ7+NVJ0YqzoxMzFZdWSh3eysll9O9Q5EEVHvq9ToHaMHcC52pRGxVja/bPBY2b3ppeZy8+JCqz7VXF5tr7YXO1Op29qyP/Uo4nSKWI+IzaFbNzcYRbweKb57eCv9y1DEQO84fPH89FePn7hzO4p97OM9KNtZH4xYLx6Bc3aADUUR/xApfvLO0fjXoYhadH/iCxGv9hd8KSKVF8apiPdvcx3xaKpFEf9Xnv8zW+mdofJ+0LuvnPta/SudS4t9ZXv3lYP0fNi+/2txZA92e+8O+L1pOIr4YXXH30r/5r9rAAAAAAAAAAAAAAAAgAOkiF+OFC++ezRV44Ovjyludy7XLzQvLnSH9fXG/tUj/rDM7e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjVsX29va3uvVruX7OtZzrtYiirJ8/b+aMAzJ2DwAAAAAAAAAAAAAAAAAA+Hgpqn9SfOcbW6maS7URMRvd3DAf6Mfe/wcAAP//3sf+xA==") chdir(&(0x7f0000000040)='./file0\x00') symlinkat(&(0x7f0000000040)='./file0\x00', r0, &(0x7f00000000c0)='./file0\x00') lstat(&(0x7f0000000080)='./file0\x00', 0x0) kernel console output (not intermixed with test programs): [ 91.462482][ T3686] hid-steam 0003:28DE:1142.0003: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.2-1/input0 [ 91.562238][ T3686] hid-steam 0003:28DE:1142.0002: Steam wireless receiver connected [ 91.665032][ T3686] usb 3-1: USB disconnect, device number 2 [ 91.685703][ T3686] hid-steam 0003:28DE:1142.0002: Steam wireless receiver disconnected [ 91.823308][ T4597] loop4: detected capacity change from 0 to 4096 [ 91.847070][ T4597] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 92.394686][ T4615] netlink: 8 bytes leftover after parsing attributes in process `syz.2.302'. [ 92.419901][ T4615] netlink: 8 bytes leftover after parsing attributes in process `syz.2.302'. [ 92.584219][ T4619] loop2: detected capacity change from 0 to 256 [ 92.729035][ T4612] loop4: detected capacity change from 0 to 32768 [ 92.812997][ T4612] XFS (loop4): Mounting V5 Filesystem [ 92.937367][ T4612] XFS (loop4): Ending clean mount [ 92.998514][ T4612] capability: warning: `syz.4.301' uses deprecated v2 capabilities in a way that may be insecure [ 93.110881][ T3680] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 93.208031][ T3798] XFS (loop4): Unmounting Filesystem [ 93.505224][ T3680] usb 4-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 93.534697][ T3680] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.579187][ T3680] usb 4-1: config 0 descriptor?? [ 93.589832][ T4637] loop1: detected capacity change from 0 to 32768 [ 93.706252][ T4637] XFS (loop1): Mounting V5 Filesystem [ 93.803177][ T4637] XFS (loop1): Ending clean mount [ 93.869944][ T4637] XFS (loop1): Quotacheck needed: Please wait. [ 93.945667][ T4637] XFS (loop1): Quotacheck: Done. [ 94.064159][ T3680] gs_usb 4-1:0.0: Configuring for 2 interfaces [ 94.099467][ T3943] XFS (loop1): Unmounting Filesystem [ 94.140556][ T3637] Bluetooth: hci0: command tx timeout [ 94.284462][ T4665] loop2: detected capacity change from 0 to 164 [ 94.439013][ T4654] loop0: detected capacity change from 0 to 40427 [ 94.482133][ T4654] F2FS-fs (loop0): invalid crc value [ 94.510581][ T3680] gs_usb 4-1:0.0: Disabling termination support for channel 0 (-EPROTO) [ 94.523910][ T4654] F2FS-fs (loop0): Found nat_bits in checkpoint [ 94.592548][ T3680] gs_usb 4-1:0.0: Couldn't get bit timing const for channel 1 (-EPROTO) [ 94.682564][ T3680] gs_usb: probe of 4-1:0.0 failed with error -71 [ 94.695883][ T4671] loop2: detected capacity change from 0 to 4096 [ 94.720210][ T4654] F2FS-fs (loop0): Cannot turn on quotas: -2 on 1 [ 94.728836][ T3680] usb 4-1: USB disconnect, device number 4 [ 94.740097][ T4671] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) [ 94.741769][ T4654] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 94.798325][ T4654] syz.0.317: attempt to access beyond end of device [ 94.798325][ T4654] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 95.459956][ T4700] loop3: detected capacity change from 0 to 128 [ 95.519454][ T4700] VFS: Found a Xenix FS (block size = 512) on device loop3 [ 95.582173][ T4700] sysv_count_free_blocks: free block count was -2041545935, correcting to 3 [ 95.656998][ T4700] sysv_count_free_inodes: unable to read inode table [ 95.702793][ T4705] sysv_count_free_inodes: unable to read inode table [ 96.750401][ C0] sched: RT throttling activated [ 96.765583][ T3642] sysv_free_block: trying to free block not in datazone [ 96.801469][ T3642] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 96.822227][ T4712] loop0: detected capacity change from 0 to 131072 [ 96.916375][ T4712] F2FS-fs (loop0): Found nat_bits in checkpoint [ 96.975852][ T4712] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 97.230631][ T3679] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 97.600870][ T3679] usb 2-1: config 0 has no interfaces? [ 97.606407][ T3679] usb 2-1: New USB device found, idVendor=046d, idProduct=20ee, bcdDevice= 0.00 [ 97.630499][ T3679] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.679827][ T3679] usb 2-1: config 0 descriptor?? [ 97.861359][ T4736] loop2: detected capacity change from 0 to 32768 [ 97.945683][ T3686] usb 2-1: USB disconnect, device number 2 [ 97.992426][ T4746] loop4: detected capacity change from 0 to 32768 [ 98.007767][ T4746] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.340 (4746) [ 98.028888][ T4736] XFS (loop2): Mounting V5 Filesystem [ 98.089580][ T4746] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 98.119191][ T4736] XFS (loop2): Ending clean mount [ 98.126040][ T4746] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 98.150236][ T4746] BTRFS info (device loop4): using free space tree [ 98.209958][ T4169] XFS (loop2): Unmounting Filesystem [ 98.406702][ T4746] BTRFS info (device loop4): enabling ssd optimizations [ 98.528397][ T3798] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 99.258537][ T4771] loop3: detected capacity change from 0 to 32768 [ 99.280030][ T4771] XFS: attr2 mount option is deprecated. [ 99.307036][ T4771] XFS: ikeep mount option is deprecated. [ 99.327446][ T4771] XFS: noikeep mount option is deprecated. [ 99.383061][ T4804] loop4: detected capacity change from 0 to 2048 [ 99.424483][ T4771] XFS (loop3): Mounting V5 Filesystem [ 99.458641][ T4804] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 99.488066][ T4780] loop0: detected capacity change from 0 to 32768 [ 99.508863][ T4780] gfs2: fsid=statfs_quantum: Trying to join cluster "lock_nolock", "statfs_quantum" [ 99.584133][ T4771] XFS (loop3): Ending clean mount [ 99.613265][ T4780] gfs2: fsid=statfs_quantum: Now mounting FS (format 1801)... [ 99.630522][ T4821] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 99.658034][ T4771] XFS (loop3): Quotacheck needed: Please wait. [ 99.664681][ T4823] loop2: detected capacity change from 0 to 512 [ 99.720173][ T4771] XFS (loop3): Quotacheck: Done. [ 99.749071][ T4823] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 99.778068][ T4780] gfs2: fsid=statfs_quantum.s: journal 0 mapped with 16 extents in 0ms [ 99.801704][ T4823] EXT4-fs (loop2): 1 truncate cleaned up [ 99.807383][ T4823] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 99.934304][ T3642] XFS (loop3): Unmounting Filesystem [ 99.962056][ T4780] gfs2: fsid=statfs_quantum.s: first mount done, others may mount [ 100.025728][ T4169] EXT4-fs (loop2): unmounting filesystem. [ 101.053236][ T4830] loop4: detected capacity change from 0 to 32768 [ 101.100565][ T4830] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.360 (4830) [ 101.177813][ T4830] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 101.215895][ T4853] loop0: detected capacity change from 0 to 64 [ 101.222524][ T4830] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 101.255179][ T4830] BTRFS info (device loop4): using free space tree [ 101.470588][ T4873] loop0: detected capacity change from 0 to 256 [ 101.509159][ T4838] loop2: detected capacity change from 0 to 32768 [ 101.524710][ T4838] [ 101.524710][ T4838] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.524710][ T4838] [ 101.551656][ T4830] BTRFS info (device loop4): enabling ssd optimizations [ 101.629271][ T4873] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 101.708419][ T3798] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 101.714363][ T4848] loop1: detected capacity change from 0 to 32768 [ 101.725577][ T4877] [ 101.725577][ T4877] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.725577][ T4877] [ 101.734014][ T4848] [ 101.734014][ T4848] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.734014][ T4848] [ 101.831700][ T4877] [ 101.831700][ T4877] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.831700][ T4877] [ 101.858143][ T4848] find_entry called with index = 0 [ 101.872462][ T4848] read_mapping_page failed! [ 101.878286][ T4848] ERROR: (device loop1): txCommit: [ 101.878286][ T4848] [ 101.936310][ T134] [ 101.936310][ T134] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.936310][ T134] [ 101.965248][ T46] [ 101.965248][ T46] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.965248][ T46] [ 101.988123][ T46] [ 101.988123][ T46] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.988123][ T46] [ 102.036605][ T46] [ 102.036605][ T46] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 102.036605][ T46] [ 102.055197][ T3943] [ 102.055197][ T3943] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 102.055197][ T3943] [ 102.096046][ T3943] [ 102.096046][ T3943] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 102.096046][ T3943] [ 102.157602][ T4838] [ 102.157602][ T4838] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 102.157602][ T4838] [ 102.224569][ T4838] [ 102.224569][ T4838] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 102.224569][ T4838] [ 102.328726][ T4169] [ 102.328726][ T4169] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 102.328726][ T4169] [ 102.370708][ T4169] [ 102.370708][ T4169] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 102.370708][ T4169] [ 102.724471][ T4903] loop0: detected capacity change from 0 to 1024 [ 102.807256][ T4903] EXT4-fs: Ignoring removed orlov option [ 102.831201][ T4903] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 102.860160][ T4903] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 102.911071][ T4903] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869) [ 102.936189][ T4903] EXT4-fs (loop0): invalid journal inode [ 102.955627][ T4903] EXT4-fs (loop0): can't get journal size [ 102.957322][ T4909] loop2: detected capacity change from 0 to 4096 [ 102.974287][ T4903] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 103.036957][ T4909] ntfs: (device loop2): load_attribute_list(): Cannot read attribute list since runlist is missing. [ 103.055859][ T4909] ntfs: (device loop2): ntfs_read_locked_inode(): Failed to load attribute list attribute. [ 103.120507][ T4909] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 103.170736][ T4909] ntfs: (device loop2): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 103.218997][ T4909] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 103.248531][ T3638] EXT4-fs (loop0): unmounting filesystem. [ 103.281016][ T4909] ntfs: (device loop2): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 103.289930][ T4909] ntfs: (device loop2): ntfs_read_locked_inode(): Failed to lookup $DATA attribute. [ 103.336684][ T4894] loop3: detected capacity change from 0 to 32768 [ 103.365412][ T4909] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x3 as bad. Run chkdsk. [ 103.388069][ T4909] ntfs: (device loop2): load_system_files(): Failed to load $Volume. [ 103.396749][ T4909] ntfs: (device loop2): ntfs_fill_super(): Failed to load system files. [ 103.433078][ T4894] XFS (loop3): Mounting V5 Filesystem [ 103.532594][ T4894] XFS (loop3): Ending clean mount [ 103.900519][ T4881] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 103.923513][ T4944] loop2: detected capacity change from 0 to 32768 [ 103.957639][ T4944] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 scanned by syz.2.393 (4944) [ 103.979106][ T4944] BTRFS info (device loop2): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 103.999307][ T4944] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 104.019880][ T4944] BTRFS info (device loop2): turning on flush-on-commit [ 104.040079][ T4944] BTRFS info (device loop2): using free space tree [ 104.124920][ T4944] BTRFS info (device loop2): enabling ssd optimizations [ 104.150718][ T4881] usb 2-1: Using ep0 maxpacket: 32 [ 104.271688][ T4881] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 104.304007][ T4881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.335609][ T4975] loop0: detected capacity change from 0 to 512 [ 104.345303][ T4881] usb 2-1: config 0 descriptor?? [ 104.363825][ T4169] BTRFS info (device loop2): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 104.375557][ T4975] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 104.406305][ T4881] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 104.441108][ T4975] EXT4-fs (loop0): 1 truncate cleaned up [ 104.446790][ T4975] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 104.561584][ T3638] EXT4-fs (loop0): unmounting filesystem. [ 104.763994][ T3642] XFS (loop3): Unmounting Filesystem [ 105.001799][ T4883] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 105.050521][ T4881] gspca_vc032x: reg_w err -71 [ 105.055245][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.081270][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.086600][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.099552][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.121325][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.126671][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.140721][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.146054][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.176875][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.182662][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.187977][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.200698][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.206027][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.230490][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.235828][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.241463][ T4883] usb 5-1: Using ep0 maxpacket: 8 [ 105.250982][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.256302][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.277224][ T4881] gspca_vc032x: I2c Bus Busy Wait 00 [ 105.283271][ T4881] gspca_vc032x: Unknown sensor... [ 105.311258][ T4881] vc032x: probe of 2-1:0.0 failed with error -22 [ 105.329620][ T4881] usb 2-1: USB disconnect, device number 3 [ 105.344138][ T4995] loop0: detected capacity change from 0 to 164 [ 105.361627][ T4883] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 105.369905][ T4883] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 105.400594][ T4883] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 105.420342][ T4883] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 105.481004][ T4883] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 105.508110][ T4883] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 105.531061][ T4883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.553395][ T5000] loop0: detected capacity change from 0 to 64 [ 105.831835][ T4883] usb 5-1: GET_CAPABILITIES returned 0 [ 105.837383][ T4883] usbtmc 5-1:16.0: can't read capabilities [ 105.884623][ T5006] loop2: detected capacity change from 0 to 4096 [ 106.044131][ T5006] ntfs3: loop2: ino=1f, "file2" attr_set_size [ 106.072348][ T4880] usb 5-1: USB disconnect, device number 2 [ 106.262979][ T5014] loop2: detected capacity change from 0 to 1024 [ 106.288071][ T40] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.300293][ T5014] EXT4-fs: Ignoring removed orlov option [ 106.318936][ T5014] EXT4-fs: Ignoring removed nomblk_io_submit option [ 106.358974][ T5014] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 106.443022][ T40] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.444840][ T4169] EXT4-fs (loop2): unmounting filesystem. [ 106.578086][ T40] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.631653][ T5025] loop1: detected capacity change from 0 to 512 [ 106.693964][ T5025] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.421: bg 0: block 393: padding at end of block bitmap is not set [ 106.827634][ T40] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.850591][ T5025] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6172: Corrupt filesystem [ 106.886162][ T5025] EXT4-fs (loop1): 2 truncates cleaned up [ 106.901824][ T5025] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 106.925418][ T5032] sctp: [Deprecated]: syz.4.423 (pid 5032) Use of struct sctp_assoc_value in delayed_ack socket option. [ 106.925418][ T5032] Use struct sctp_sack_info instead [ 107.006225][ T3646] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 107.015556][ T3646] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 107.025022][ T3646] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 107.033529][ T3646] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 107.055345][ T3646] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 107.077615][ T3646] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 107.166813][ T3943] EXT4-fs (loop1): unmounting filesystem. [ 107.373656][ T3681] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 107.465233][ T5030] loop2: detected capacity change from 0 to 32768 [ 107.511722][ T5030] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.424 (5030) [ 107.618579][ T5030] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 107.640741][ T3681] usb 5-1: Using ep0 maxpacket: 8 [ 107.674150][ T5030] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 107.709087][ T5030] BTRFS info (device loop2): turning on flush-on-commit [ 107.727390][ T5055] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 107.736692][ T5030] BTRFS info (device loop2): turning off barriers [ 107.775935][ T3681] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 107.790603][ T3681] usb 5-1: config 179 has no interface number 0 [ 107.797009][ T5030] BTRFS info (device loop2): doing ref verification [ 107.810505][ T3681] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 107.830670][ T5030] BTRFS info (device loop2): force clearing of disk cache [ 107.837885][ T5030] BTRFS info (device loop2): enabling disk space caching [ 107.855369][ T5030] BTRFS info (device loop2): turning on sync discard [ 107.865495][ T3681] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 107.880866][ T5030] BTRFS info (device loop2): using default commit interval 30s [ 107.910465][ T3681] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 107.922100][ T5030] BTRFS info (device loop2): disk space caching is enabled [ 107.961175][ T3681] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 107.984213][ T3681] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 107.998284][ T3681] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 108.008172][ T3681] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.050740][ T5038] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 108.085986][ T5072] loop3: detected capacity change from 0 to 512 [ 108.095482][ T5072] EXT4-fs: Ignoring removed mblk_io_submit option [ 108.130629][ T5072] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 108.176470][ T5035] chnl_net:caif_netlink_parms(): no params data found [ 108.265844][ T5072] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002] [ 108.287060][ T5030] BTRFS info (device loop2): enabling ssd optimizations [ 108.310760][ T5072] System zones: 1-12 [ 108.327849][ T5072] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2219: inode #15: comm syz.3.434: corrupted in-inode xattr [ 108.340311][ T5030] BTRFS info (device loop2): rebuilding free space tree [ 108.351609][ T4786] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input7 [ 108.372196][ T5072] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.434: couldn't read orphan inode 15 (err -117) [ 108.455229][ T5072] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 108.497529][ T5030] BTRFS info (device loop2): disabling free space tree [ 108.520659][ T5030] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 108.540808][ T5030] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 108.579899][ T4786] usb 5-1: USB disconnect, device number 3 [ 108.585808][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 108.585899][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 108.586878][ T3642] EXT4-fs (loop3): unmounting filesystem. [ 108.595645][ T4786] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 108.769406][ T5035] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.791424][ T5035] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.826193][ T5035] device bridge_slave_0 entered promiscuous mode [ 108.844089][ T4169] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 108.864983][ T5099] loop3: detected capacity change from 0 to 1024 [ 108.873030][ T5035] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.898042][ T5035] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.939929][ T5099] EXT4-fs: Ignoring removed orlov option [ 108.966070][ T5035] device bridge_slave_1 entered promiscuous mode [ 109.013325][ T5099] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.100626][ T3646] Bluetooth: hci1: command tx timeout [ 109.108857][ T5099] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 109.309369][ T5106] xt_bpf: check failed: parse error [ 109.367108][ T3642] EXT4-fs (loop3): unmounting filesystem. [ 109.460906][ T5035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.484390][ T5103] device team0 entered promiscuous mode [ 109.490010][ T5103] device team_slave_0 entered promiscuous mode [ 109.520751][ T5103] device team_slave_1 entered promiscuous mode [ 109.529030][ T5095] loop1: detected capacity change from 0 to 40427 [ 109.561112][ T5095] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 109.584054][ T5095] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 109.635895][ T5095] F2FS-fs (loop1): invalid crc value [ 109.651603][ T5113] program syz.4.441 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 109.663332][ T5104] team0: Port device team_slave_1 removed [ 109.679045][ T5035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.722739][ T5095] F2FS-fs (loop1): Found nat_bits in checkpoint [ 109.896840][ T5035] team0: Port device team_slave_0 added [ 109.918591][ T5095] F2FS-fs (loop1): Start checkpoint disabled! [ 109.956223][ T40] device hsr_slave_0 left promiscuous mode [ 109.982366][ T5095] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 109.989430][ T5095] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 110.031212][ T40] device hsr_slave_1 left promiscuous mode [ 110.038584][ T40] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 110.051039][ T5124] loop4: detected capacity change from 0 to 512 [ 110.090583][ T5124] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 110.100673][ T40] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 110.122422][ T5124] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 110.139941][ T40] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 110.156249][ T5095] syz.1.436: attempt to access beyond end of device [ 110.156249][ T5095] loop1: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 110.190462][ T40] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 110.208269][ T5124] EXT4-fs (loop4): 1 orphan inode deleted [ 110.239178][ T40] device bridge_slave_1 left promiscuous mode [ 110.246444][ T5124] EXT4-fs (loop4): 1 truncate cleaned up [ 110.280166][ T40] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.287906][ T5124] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 110.309208][ T5114] loop3: detected capacity change from 0 to 32768 [ 110.322105][ T40] device bridge_slave_0 left promiscuous mode [ 110.328438][ T40] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.345013][ T5124] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 110.367986][ T5124] EXT4-fs (loop4): Remounting filesystem read-only [ 110.413520][ T5114] XFS (loop3): Mounting V5 Filesystem [ 110.515945][ T4134] kworker/u4:8: attempt to access beyond end of device [ 110.515945][ T4134] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 110.534895][ T4134] kworker/u4:8: attempt to access beyond end of device [ 110.534895][ T4134] loop1: rw=2049, sector=40984, nr_sectors = 8 limit=40427 [ 110.542367][ T5114] XFS (loop3): Ending clean mount [ 110.558041][ T3798] EXT4-fs (loop4): unmounting filesystem. [ 110.564199][ T40] device veth1_macvtap left promiscuous mode [ 110.570229][ T40] device veth0_macvtap left promiscuous mode [ 110.645617][ T40] device veth1_vlan left promiscuous mode [ 110.693511][ T40] device veth0_vlan left promiscuous mode [ 110.768192][ T3642] XFS (loop3): Unmounting Filesystem [ 110.842214][ T5120] loop2: detected capacity change from 0 to 32768 [ 110.993142][ T5155] program syz.1.446 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 110.995191][ T5120] XFS (loop2): Mounting V5 Filesystem [ 111.172900][ T5120] XFS (loop2): Ending clean mount [ 111.180666][ T3646] Bluetooth: hci1: command tx timeout [ 111.230027][ T5120] XFS (loop2): Quotacheck needed: Please wait. [ 111.346517][ T5120] XFS (loop2): Quotacheck: Done. [ 111.569520][ T4169] XFS (loop2): Unmounting Filesystem [ 112.125633][ T40] team0 (unregistering): Port device team_slave_1 removed [ 112.168879][ T5168] loop4: detected capacity change from 0 to 32768 [ 112.236880][ T5171] loop3: detected capacity change from 0 to 32768 [ 112.255502][ T40] team0 (unregistering): Port device team_slave_0 removed [ 112.265935][ T5168] ERROR: (device loop4): dbAlloc: the hint is outside the map [ 112.265935][ T5168] [ 112.330064][ T5171] XFS (loop3): Mounting V5 Filesystem [ 112.336510][ T5168] ERROR: (device loop4): remounting filesystem as read-only [ 112.344227][ T40] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 112.357207][ T5185] syz.4.451: attempt to access beyond end of device [ 112.357207][ T5185] loop4: rw=2049, sector=2621792, nr_sectors = 8 limit=32768 [ 112.463759][ T5171] XFS (loop3): Ending clean mount [ 112.469688][ T40] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 112.478648][ T5171] XFS (loop3): Quotacheck needed: Please wait. [ 112.500524][ T133] blkno = 5002c, nblocks = 1 [ 112.506935][ T133] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map [ 112.506935][ T133] [ 112.590654][ T5171] XFS (loop3): Quotacheck: Done. [ 112.709263][ T3642] XFS (loop3): Unmounting Filesystem [ 112.847985][ T5179] loop2: detected capacity change from 0 to 40427 [ 112.930146][ T5179] F2FS-fs (loop2): Found nat_bits in checkpoint [ 113.080209][ T5179] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 113.149953][ T4169] syz-executor: attempt to access beyond end of device [ 113.149953][ T4169] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 113.197974][ T5197] netlink: 'syz.3.458': attribute type 2 has an invalid length. [ 113.260491][ T3646] Bluetooth: hci1: command tx timeout [ 113.305749][ T5199] loop3: detected capacity change from 0 to 512 [ 113.321514][ T5199] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 113.328999][ T5199] UDF-fs: Scanning with blocksize 512 failed [ 113.348509][ T5199] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 113.359717][ T5199] UDF-fs: Scanning with blocksize 1024 failed [ 113.370207][ T5199] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 113.380274][ T5199] UDF-fs: Scanning with blocksize 2048 failed [ 113.393987][ T5199] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 113.426930][ T5199] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 113.466388][ T40] bond0 (unregistering): Released all slaves [ 113.598043][ T5035] team0: Port device team_slave_1 added [ 113.612515][ T5201] tmpfs: Bad value for 'uid' [ 113.797531][ T5035] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 113.807673][ T5035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.889135][ T5035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 113.953445][ T5035] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 113.976970][ T5035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 114.100582][ T5035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 114.133671][ T5220] loop4: detected capacity change from 0 to 64 [ 114.285904][ T5035] device hsr_slave_0 entered promiscuous mode [ 114.320864][ T5035] device hsr_slave_1 entered promiscuous mode [ 114.372274][ T5035] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 114.379862][ T5035] Cannot create hsr debugfs directory [ 114.633947][ T5244] loop4: detected capacity change from 0 to 16 [ 114.664436][ T5244] erofs: (device loop4): mounted with root inode @ nid 36. [ 114.740480][ T5244] overlayfs: failed to set xattr on upper [ 114.766701][ T5244] overlayfs: ...falling back to index=off,metacopy=off. [ 114.797676][ T5242] loop2: detected capacity change from 0 to 512 [ 114.926008][ T5242] EXT4-fs error (device loop2): ext4_do_update_inode:5221: inode #3: comm syz.2.473: corrupted inode contents [ 115.040078][ T5242] EXT4-fs error (device loop2): ext4_dirty_inode:6083: inode #3: comm syz.2.473: mark_inode_dirty error [ 115.081680][ T5242] EXT4-fs error (device loop2): ext4_do_update_inode:5221: inode #3: comm syz.2.473: corrupted inode contents [ 115.118821][ T5242] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #3: comm syz.2.473: mark_inode_dirty error [ 115.157797][ T5242] __quota_error: 1 callbacks suppressed [ 115.157818][ T5242] Quota error (device loop2): write_blk: dquota write failed [ 115.194529][ T5242] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 115.244551][ T5242] EXT4-fs error (device loop2): ext4_acquire_dquot:6777: comm syz.2.473: Failed to acquire dquot type 0 [ 115.305776][ T5242] EXT4-fs error (device loop2): ext4_do_update_inode:5221: inode #16: comm syz.2.473: corrupted inode contents [ 115.341204][ T3646] Bluetooth: hci1: command tx timeout [ 115.352989][ T5242] EXT4-fs error (device loop2): ext4_dirty_inode:6083: inode #16: comm syz.2.473: mark_inode_dirty error [ 115.415979][ T5242] EXT4-fs error (device loop2): ext4_do_update_inode:5221: inode #16: comm syz.2.473: corrupted inode contents [ 115.445988][ T5242] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #16: comm syz.2.473: mark_inode_dirty error [ 115.517991][ T5242] EXT4-fs error (device loop2): ext4_do_update_inode:5221: inode #16: comm syz.2.473: corrupted inode contents [ 115.590751][ T5242] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 115.629462][ T5242] EXT4-fs error (device loop2): ext4_do_update_inode:5221: inode #16: comm syz.2.473: corrupted inode contents [ 115.686889][ T5242] EXT4-fs error (device loop2): ext4_truncate:4311: inode #16: comm syz.2.473: mark_inode_dirty error [ 115.731566][ T5242] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 115.768041][ T5242] EXT4-fs (loop2): 1 truncate cleaned up [ 115.788285][ T5242] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 115.856164][ T5242] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038 (0x7fffffff) [ 115.868541][ T5035] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 115.906095][ T5035] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 115.953647][ T5035] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 115.998575][ T5035] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 116.048817][ T4169] EXT4-fs (loop2): unmounting filesystem. [ 116.157694][ T5250] loop1: detected capacity change from 0 to 32768 [ 116.334551][ T5035] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.406138][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 116.429904][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 116.482783][ T5035] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.510537][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 116.529612][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 116.581168][ T3705] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.588293][ T3705] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.658002][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 116.691137][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 116.723551][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 116.754358][ T3705] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.761498][ T3705] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.785849][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 116.857521][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 116.895440][ T5292] loop4: detected capacity change from 0 to 256 [ 116.909146][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 116.927260][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 116.958993][ T5292] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 116.993882][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 117.046203][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 117.097185][ T5035] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 117.105611][ T5296] loop2: detected capacity change from 0 to 512 [ 117.161387][ T5035] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 117.207132][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 117.225615][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 117.258745][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 117.287952][ T5296] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 117.300518][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 117.330263][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 117.352718][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 117.378085][ T5298] netlink: 8 bytes leftover after parsing attributes in process `syz.1.489'. [ 117.396105][ T5296] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.488: invalid indirect mapped block 4294967295 (level 1) [ 117.422148][ T5296] EXT4-fs (loop2): Remounting filesystem read-only [ 117.432108][ T5296] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.488: invalid indirect mapped block 4294967295 (level 1) [ 117.433991][ T5303] bond0: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0) [ 117.574903][ T5311] trusted_key: encrypted_key: keyword 'u{d‚¸ate' not recognized [ 117.585556][ T5296] EXT4-fs (loop2): 2 truncates cleaned up [ 117.625110][ T5296] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 117.740970][ T5296] EXT4-fs warning (device loop2): ext4_empty_dir:3145: inode #2: comm syz.2.488: directory missing '.' [ 118.002099][ T4169] EXT4-fs (loop2): unmounting filesystem. [ 118.364001][ T5035] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.396556][ T4134] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 118.421860][ T4134] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 118.462124][ T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 118.488291][ T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 118.570683][ T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 118.591932][ T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 118.657945][ T5035] device veth0_vlan entered promiscuous mode [ 118.678254][ T102] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 118.703884][ T5353] loop4: detected capacity change from 0 to 256 [ 118.721914][ T102] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 118.763847][ T5035] device veth1_vlan entered promiscuous mode [ 118.804273][ T5358] loop3: detected capacity change from 0 to 128 [ 118.815734][ T5353] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3962bc8b, utbl_chksum : 0xe619d30d) [ 118.883692][ T102] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 118.902288][ T5358] VFS: Found a Xenix FS (block size = 1024) on device loop3 [ 118.914366][ T102] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 118.929551][ T27] audit: type=1800 audit(1724941526.606:11): pid=5353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.506" name="file2" dev="loop4" ino=1048610 res=0 errno=0 [ 118.991267][ T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 119.006668][ T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 119.027317][ T3642] sysv_free_block: flc_count > flc_size [ 119.038195][ T27] audit: type=1804 audit(1724941526.646:12): pid=5353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.506" name="/newroot/86/file0/file2" dev="loop4" ino=1048610 res=1 errno=0 [ 119.049860][ T5035] device veth0_macvtap entered promiscuous mode [ 119.087649][ T3642] sysv_free_block: flc_count > flc_size [ 119.120813][ T3642] sysv_free_block: flc_count > flc_size [ 119.126398][ T3642] sysv_free_block: flc_count > flc_size [ 119.164260][ T5035] device veth1_macvtap entered promiscuous mode [ 119.188759][ T3642] sysv_free_block: flc_count > flc_size [ 119.203606][ T3642] sysv_free_block: flc_count > flc_size [ 119.207456][ T5035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.216685][ T3642] sysv_free_block: flc_count > flc_size [ 119.240206][ T5035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.257244][ T3642] sysv_free_block: flc_count > flc_size [ 119.269738][ T3642] sysv_free_block: flc_count > flc_size [ 119.273743][ T5035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.300554][ T5035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.311883][ T3642] sysv_free_block: flc_count > flc_size [ 119.315145][ T5035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.325534][ T3642] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 119.346708][ T5035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.384837][ T5035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.399607][ T5035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.444041][ T5035] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.473244][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 119.506444][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 119.522399][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 119.549820][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 119.592099][ T5035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.633602][ T5035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.660594][ T5035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.697430][ T5035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.715870][ T5035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.726868][ T5035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.733253][ T26] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 119.747256][ T5035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.781030][ T5035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.805073][ T5035] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.869502][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 119.891870][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 119.910355][ T5035] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.926911][ T5035] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.950551][ T5035] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.979788][ T5035] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.990584][ T26] usb 5-1: Using ep0 maxpacket: 32 [ 120.110707][ T26] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 120.180451][ T27] audit: type=1326 audit(1724941527.846:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5399 comm="syz.1.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd222b79ef9 code=0x7ffc0000 [ 120.232764][ T27] audit: type=1326 audit(1724941527.846:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5399 comm="syz.1.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd222b79ef9 code=0x7ffc0000 [ 120.269018][ T3701] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.284605][ T3701] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.304039][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 120.320876][ T26] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 120.332464][ T27] audit: type=1326 audit(1724941527.846:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5399 comm="syz.1.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7fd222b79ef9 code=0x7ffc0000 [ 120.356919][ T3701] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.365807][ T26] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 120.383383][ T3701] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.397648][ T26] usb 5-1: Product: syz [ 120.411849][ T26] usb 5-1: Manufacturer: syz [ 120.413555][ T102] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 120.434484][ T27] audit: type=1326 audit(1724941527.846:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5399 comm="syz.1.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd222b79ef9 code=0x7ffc0000 [ 120.440597][ T26] usb 5-1: SerialNumber: syz [ 120.535956][ T27] audit: type=1326 audit(1724941527.846:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5399 comm="syz.1.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd222b79ef9 code=0x7ffc0000 [ 120.558284][ T26] usb 5-1: config 0 descriptor?? [ 120.592406][ T5376] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 120.669978][ T5414] loop2: detected capacity change from 0 to 16 [ 120.678198][ T5412] netlink: 16 bytes leftover after parsing attributes in process `syz.1.526'. [ 120.694355][ T5408] loop3: detected capacity change from 0 to 4096 [ 120.728154][ T5414] erofs: (device loop2): mounted with root inode @ nid 36. [ 120.819022][ T5414] overlayfs: failed to set xattr on upper [ 120.880775][ T5414] overlayfs: ...falling back to index=off,metacopy=off. [ 120.917601][ T3682] usb 5-1: USB disconnect, device number 4 [ 121.423524][ T5443] block nbd3: shutting down sockets [ 121.818051][ T5461] netlink: 4 bytes leftover after parsing attributes in process `syz.1.543'. [ 122.076164][ T5475] loop3: detected capacity change from 0 to 512 [ 122.111212][ T5475] EXT4-fs: Ignoring removed nomblk_io_submit option [ 122.168491][ T5475] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.547: inode #1: comm syz.3.547: iget: illegal inode # [ 122.231323][ T5475] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.547: error while reading EA inode 1 err=-117 [ 122.268415][ T5475] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2816: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 122.320637][ T5475] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.547: inode #1: comm syz.3.547: iget: illegal inode # [ 122.360584][ T5475] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.547: error while reading EA inode 1 err=-117 [ 122.395046][ T5475] EXT4-fs (loop3): 1 orphan inode deleted [ 122.411014][ T5475] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 122.566258][ T5490] EXT4-fs error (device loop3): ext4_lookup:1856: inode #15: comm syz.3.547: unexpected EA_INODE flag [ 122.771292][ T5492] loop0: detected capacity change from 0 to 256 [ 122.831820][ T5492] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 122.852920][ T3642] EXT4-fs (loop3): unmounting filesystem. [ 123.073409][ T5468] loop4: detected capacity change from 0 to 32768 [ 123.175284][ T5468] find_entry called with index = 0 [ 123.196191][ T5468] read_mapping_page failed! [ 123.216525][ T5468] ERROR: (device loop4): txCommit: [ 123.216525][ T5468] [ 123.248626][ T5504] jfs_unlink: dtDelete returned -116 [ 123.272367][ T5504] jfs_unlink: dtDelete returned -116 [ 123.951023][ T5515] infiniband syz1: set active [ 123.963422][ T5515] infiniband syz1: added bond_slave_1 [ 124.117370][ T5529] loop0: detected capacity change from 0 to 128 [ 124.257630][ T5515] RDS/IB: syz1: added [ 124.307144][ T5515] smc: adding ib device syz1 with port count 1 [ 124.358823][ T5515] smc: ib device syz1 port 1 has pnetid [ 124.657862][ T5539] loop0: detected capacity change from 0 to 4096 [ 124.686148][ T5539] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 125.155634][ T5535] loop4: detected capacity change from 0 to 32768 [ 125.240263][ T5535] XFS (loop4): Mounting V5 Filesystem [ 125.360462][ T5535] XFS (loop4): Ending clean mount [ 125.386417][ T5535] XFS (loop4): Quotacheck needed: Please wait. [ 125.453751][ T5535] XFS (loop4): Quotacheck: Done. [ 125.621175][ T3798] XFS (loop4): Unmounting Filesystem [ 125.698403][ T5544] loop1: detected capacity change from 0 to 32768 [ 125.999765][ T5559] netlink: 4 bytes leftover after parsing attributes in process `syz.3.581'. [ 126.093012][ T5559] IPv6: ADDRCONF(NETDEV_CHANGE): ipvlan2: link becomes ready [ 126.156661][ T5561] netlink: 'syz.4.580': attribute type 1 has an invalid length. [ 126.181210][ T5561] netlink: 100 bytes leftover after parsing attributes in process `syz.4.580'. [ 126.196269][ T5548] loop0: detected capacity change from 0 to 32768 [ 126.357783][ T5566] netlink: 232 bytes leftover after parsing attributes in process `syz.2.583'. [ 126.451893][ T5566] netlink: 72 bytes leftover after parsing attributes in process `syz.2.583'. [ 126.567078][ T5575] loop4: detected capacity change from 0 to 512 [ 126.601204][ T5575] EXT4-fs: Ignoring removed i_version option [ 126.607224][ T5575] EXT4-fs: Ignoring removed nobh option [ 126.620729][ T5575] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 126.675547][ T5575] EXT4-fs (loop4): 1 truncate cleaned up [ 126.727189][ T5575] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 126.774908][ T5584] netlink: 'syz.0.586': attribute type 29 has an invalid length. [ 126.826861][ T5584] netlink: 'syz.0.586': attribute type 29 has an invalid length. [ 126.849366][ T5584] netlink: 'syz.0.586': attribute type 29 has an invalid length. [ 126.882284][ T5584] netlink: 'syz.0.586': attribute type 29 has an invalid length. [ 126.952541][ T3798] EXT4-fs (loop4): unmounting filesystem. [ 126.960564][ T26] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 127.200578][ T26] usb 2-1: Using ep0 maxpacket: 16 [ 127.322366][ T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.360528][ T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.381310][ T26] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 127.400456][ T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.434990][ T26] usb 2-1: config 0 descriptor?? [ 127.536355][ T5609] loop2: detected capacity change from 0 to 64 [ 127.628835][ T5612] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 127.852593][ T5621] loop4: detected capacity change from 0 to 512 [ 127.881435][ T5621] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 127.910141][ T5621] UDF-fs: Scanning with blocksize 512 failed [ 127.917795][ T5580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.938619][ T5580] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 127.952608][ T5621] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 127.970994][ T5621] UDF-fs: Scanning with blocksize 1024 failed [ 127.989676][ T5621] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 128.019031][ T5621] UDF-fs: Scanning with blocksize 2048 failed [ 128.042568][ T5621] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 128.052229][ T5598] loop0: detected capacity change from 0 to 32768 [ 128.052699][ T5598] XFS: ikeep mount option is deprecated. [ 128.078407][ T5621] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 128.169339][ T5598] XFS (loop0): Mounting V5 Filesystem [ 128.230687][ T26] usb 2-1: string descriptor 0 read error: -71 [ 128.295285][ T26] usb 2-1: Max retries (5) exceeded reading string descriptor 200 [ 128.321751][ T26] letsketch: probe of 0003:6161:4D15.0004 failed with error -32 [ 128.380727][ T26] usb 2-1: USB disconnect, device number 4 [ 128.439140][ T5598] XFS (loop0): Ending clean mount [ 128.454989][ T5598] XFS (loop0): Quotacheck needed: Please wait. [ 128.533527][ T5598] XFS (loop0): Quotacheck: Done. [ 128.665027][ T5035] XFS (loop0): Unmounting Filesystem [ 128.886344][ T5649] netlink: 32 bytes leftover after parsing attributes in process `syz.1.617'. [ 129.119699][ T5653] loop1: detected capacity change from 0 to 1024 [ 129.147657][ T5653] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 129.176367][ T5647] loop3: detected capacity change from 0 to 32768 [ 129.199289][ T5653] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 129.224081][ T5647] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.615 (5647) [ 129.249341][ T5647] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 129.268150][ T5647] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 129.279856][ T5647] BTRFS info (device loop3): setting nodatacow, compression disabled [ 129.289377][ T5647] BTRFS info (device loop3): turning on flush-on-commit [ 129.291072][ T3943] EXT4-fs (loop1): unmounting filesystem. [ 129.297749][ T5647] BTRFS info (device loop3): enabling auto defrag [ 129.308899][ T5647] BTRFS info (device loop3): max_inline at 0 [ 129.315147][ T5647] BTRFS info (device loop3): using free space tree [ 129.752119][ T5675] loop0: detected capacity change from 0 to 4096 [ 129.758676][ T5647] BTRFS info (device loop3): enabling ssd optimizations [ 129.796676][ T5645] loop4: detected capacity change from 0 to 40427 [ 129.816060][ T5675] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 129.904497][ T5645] F2FS-fs (loop4): Found nat_bits in checkpoint [ 130.139568][ T5645] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 130.213898][ T3642] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 130.380632][ T26] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 130.391877][ T5710] loop2: detected capacity change from 0 to 2048 [ 130.434649][ T102] kworker/u4:4: attempt to access beyond end of device [ 130.434649][ T102] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 130.511777][ T5710] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 130.606217][ T4169] EXT4-fs (loop2): unmounting filesystem. [ 130.624924][ T4886] kernel write not supported for file 298/task/299/clear_refs (pid: 4886 comm: kworker/1:15) [ 130.640679][ T26] usb 2-1: Using ep0 maxpacket: 8 [ 130.784904][ T26] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.797642][ T26] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.808177][ T26] usb 2-1: config 0 interface 0 has no altsetting 0 [ 130.815137][ T26] usb 2-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00 [ 130.826363][ T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.846321][ T26] usb 2-1: config 0 descriptor?? [ 131.097500][ T5701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 131.117677][ T5701] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 131.225997][ T5738] loop4: detected capacity change from 0 to 4096 [ 131.264182][ T5738] ntfs: volume version 3.1. [ 131.374667][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.421408][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.428662][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.448907][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.469133][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.512494][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.532546][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.564453][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.592479][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.616031][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.625766][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.651835][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.659311][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.679168][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.689089][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.707633][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.715189][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.728418][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.747616][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.755247][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.763205][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.771108][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.790008][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.797573][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.809723][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.817586][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.825687][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.833462][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.840906][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.848806][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.856360][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.863828][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.871386][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.888492][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.896003][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.909514][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.919463][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.930742][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.937979][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.945951][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.954803][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.993163][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 131.996900][ T5764] loop4: detected capacity change from 0 to 256 [ 132.000337][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.019094][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.026984][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.043051][ T5764] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 132.046465][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.066747][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.071777][ T5764] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512 [ 132.074313][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.099697][ T5764] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 132.105851][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.120528][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.136260][ T5764] UDF-fs: Scanning with blocksize 512 failed [ 132.137867][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.163001][ T5764] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 132.164547][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.185376][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.194464][ T5764] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 132.195690][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.210987][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.219115][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.265597][ T27] audit: type=1800 audit(1724941539.936:18): pid=5764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.653" name="file2" dev="loop4" ino=66 res=0 errno=0 [ 132.266337][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.334623][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.353581][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x1 [ 132.370669][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.385610][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.421526][ T26] logitech 0003:046D:C50C.0005: unknown main item tag 0x0 [ 132.432233][ T26] logitech 0003:046D:C50C.0005: unexpected long global item [ 132.441590][ T26] logitech 0003:046D:C50C.0005: parse failed [ 132.447766][ T26] logitech: probe of 0003:046D:C50C.0005 failed with error -22 [ 132.452165][ T5758] loop2: detected capacity change from 0 to 32768 [ 132.467805][ T26] usb 2-1: USB disconnect, device number 5 [ 132.562858][ T5771] program syz.1.656 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 132.577659][ T5758] XFS (loop2): Mounting V5 Filesystem [ 132.621860][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.628196][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.780614][ T3646] Bluetooth: hci0: command tx timeout [ 132.831561][ T5758] XFS (loop2): Ending clean mount [ 132.869189][ T5758] XFS (loop2): Quotacheck needed: Please wait. [ 132.939833][ T5758] XFS (loop2): Quotacheck: Done. [ 133.023310][ T5793] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 133.166881][ T4169] XFS (loop2): Unmounting Filesystem [ 133.711649][ T5785] loop0: detected capacity change from 0 to 32768 [ 133.773494][ T5785] [ 133.773494][ T5785] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.773494][ T5785] [ 133.873636][ T5785] [ 133.873636][ T5785] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.873636][ T5785] [ 133.909175][ T5785] [ 133.909175][ T5785] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.909175][ T5785] [ 133.956797][ T5807] [ 133.956797][ T5807] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.956797][ T5807] [ 134.024325][ T5807] [ 134.024325][ T5807] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 134.024325][ T5807] [ 134.106789][ T133] [ 134.106789][ T133] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 134.106789][ T133] [ 134.202298][ T11] [ 134.202298][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 134.202298][ T11] [ 134.250736][ T11] [ 134.250736][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 134.250736][ T11] [ 134.298206][ T133] [ 134.298206][ T133] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 134.298206][ T133] [ 134.329996][ T5035] [ 134.329996][ T5035] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 134.329996][ T5035] [ 134.361674][ T5035] [ 134.361674][ T5035] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 134.361674][ T5035] [ 134.405107][ T5798] loop1: detected capacity change from 0 to 40427 [ 134.464338][ T5798] F2FS-fs (loop1): invalid crc value [ 134.499581][ T5798] F2FS-fs (loop1): Found nat_bits in checkpoint [ 134.628664][ T5798] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 134.650904][ T27] audit: type=1326 audit(1724941542.326:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5823 comm="syz.4.678" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1dd3f79ef9 code=0x0 [ 134.773475][ T27] audit: type=1804 audit(1724941542.446:20): pid=5798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.666" name="/newroot/122/file0/file0" dev="loop1" ino=10 res=1 errno=0 [ 134.792810][ T5798] F2FS-fs (loop1): Can't enable fs-verity on inode 10: the verity feature is not enabled on this filesystem [ 134.938448][ T3943] syz-executor: attempt to access beyond end of device [ 134.938448][ T3943] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 134.978757][ T5811] loop3: detected capacity change from 0 to 32768 [ 135.039022][ T5811] XFS (loop3): Mounting V5 Filesystem [ 135.126395][ T5811] XFS (loop3): Ending clean mount [ 135.251295][ T3642] XFS (loop3): Unmounting Filesystem [ 135.566490][ T5834] loop2: detected capacity change from 0 to 32768 [ 135.567026][ T5846] rdma_rxe: rxe_register_device failed with error -23 [ 135.615550][ T5846] rdma_rxe: failed to add bond_slave_1 [ 135.624183][ T5834] gfs2: fsid=statfs_quantum: Trying to join cluster "lock_nolock", "statfs_quantum" [ 135.670573][ T5834] gfs2: fsid=statfs_quantum: Now mounting FS (format 1801)... [ 135.711811][ T5834] gfs2: fsid=statfs_quantum.s: journal 0 mapped with 16 extents in 0ms [ 135.860959][ T5834] gfs2: fsid=statfs_quantum.s: first mount done, others may mount [ 136.095526][ T5853] loop0: detected capacity change from 0 to 4096 [ 136.155898][ T5853] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 136.512557][ T5863] bond0: option use_carrier: invalid value (5) [ 137.223842][ T5860] loop1: detected capacity change from 0 to 32768 [ 137.261054][ T5860] [ 137.261054][ T5860] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.261054][ T5860] [ 137.323659][ T5864] loop0: detected capacity change from 0 to 32768 [ 137.356992][ T5864] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop0 scanned by syz.0.699 (5864) [ 137.380198][ T5879] [ 137.380198][ T5879] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.380198][ T5879] [ 137.405371][ T5879] [ 137.405371][ T5879] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.405371][ T5879] [ 137.416575][ T5864] BTRFS info (device loop0): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 137.455714][ T133] [ 137.455714][ T133] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.455714][ T133] [ 137.475973][ T5864] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 137.505577][ T5864] BTRFS info (device loop0): using free space tree [ 137.515930][ T40] [ 137.515930][ T40] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.515930][ T40] [ 137.536853][ T40] [ 137.536853][ T40] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.536853][ T40] [ 137.568174][ T40] [ 137.568174][ T40] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.568174][ T40] [ 137.692191][ T5864] BTRFS info (device loop0): enabling ssd optimizations [ 137.715177][ T5860] [ 137.715177][ T5860] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.715177][ T5860] [ 137.749352][ T5860] [ 137.749352][ T5860] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.749352][ T5860] [ 137.904770][ T5035] BTRFS info (device loop0): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 137.966195][ T3943] [ 137.966195][ T3943] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.966195][ T3943] [ 138.000931][ T3943] [ 138.000931][ T3943] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 138.000931][ T3943] [ 138.117329][ T5903] loop3: detected capacity change from 0 to 4096 [ 138.188229][ T5903] ntfs: volume version 3.1. [ 138.277874][ T5907] netlink: 8 bytes leftover after parsing attributes in process `syz.4.702'. [ 138.659768][ T5918] loop4: detected capacity change from 0 to 164 [ 138.969032][ T5922] netlink: 32 bytes leftover after parsing attributes in process `syz.4.708'. [ 139.007628][ T5905] loop2: detected capacity change from 0 to 32768 [ 139.078878][ T5905] XFS (loop2): Mounting V5 Filesystem [ 139.129693][ T5930] process 'syz.3.719' launched './file1' with NULL argv: empty string added [ 139.252793][ T5905] XFS (loop2): Ending clean mount [ 139.396117][ T4169] XFS (loop2): Unmounting Filesystem [ 139.511921][ T5909] loop1: detected capacity change from 0 to 40427 [ 139.539103][ T5944] loop0: detected capacity change from 0 to 512 [ 139.556293][ T5944] EXT4-fs: Ignoring removed mblk_io_submit option [ 139.588409][ T5944] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 139.607727][ T5909] F2FS-fs (loop1): Found nat_bits in checkpoint [ 139.612079][ T5940] loop4: detected capacity change from 0 to 4096 [ 139.629025][ T5944] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002] [ 139.640185][ T5940] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 139.656203][ T5944] System zones: 1-12 [ 139.671707][ T5944] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2219: inode #15: comm syz.0.714: corrupted in-inode xattr [ 139.689990][ T5944] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.714: couldn't read orphan inode 15 (err -117) [ 139.733944][ T5909] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 139.743318][ T5944] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 139.809667][ T5035] EXT4-fs (loop0): unmounting filesystem. [ 139.982446][ T3707] kworker/u4:7: attempt to access beyond end of device [ 139.982446][ T3707] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 140.980313][ T5982] program syz.2.727 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 141.424900][ T5988] sctp: [Deprecated]: syz.2.731 (pid 5988) Use of struct sctp_assoc_value in delayed_ack socket option. [ 141.424900][ T5988] Use struct sctp_sack_info instead [ 141.628771][ T5974] loop4: detected capacity change from 0 to 32768 [ 141.659628][ T5974] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.724 (5974) [ 141.740781][ T5974] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 141.780859][ T5974] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 141.789558][ T5974] BTRFS info (device loop4): using free space tree [ 141.894475][ T5978] loop1: detected capacity change from 0 to 32768 [ 141.939601][ T5984] loop3: detected capacity change from 0 to 40427 [ 142.046813][ T5984] F2FS-fs (loop3): Found nat_bits in checkpoint [ 142.122681][ T6012] netlink: 664 bytes leftover after parsing attributes in process `syz.0.743'. [ 142.195038][ T5984] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 142.202861][ T5974] BTRFS info (device loop4): enabling ssd optimizations [ 142.370539][ T5974] BTRFS info (device loop4): Snapshot src from another FS [ 142.446208][ T3705] kworker/u4:6: attempt to access beyond end of device [ 142.446208][ T3705] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 142.466141][ T3798] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 142.536187][ T5991] loop2: detected capacity change from 0 to 40427 [ 142.576058][ T5991] F2FS-fs (loop2): invalid crc value [ 142.625781][ T5991] F2FS-fs (loop2): Found nat_bits in checkpoint [ 142.715798][ T5991] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 142.805588][ T27] audit: type=1804 audit(1724941550.476:21): pid=5991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.732" name="/newroot/95/file0/file0" dev="loop2" ino=10 res=1 errno=0 [ 142.817415][ T5991] F2FS-fs (loop2): Can't enable fs-verity on inode 10: the verity feature is not enabled on this filesystem [ 142.956944][ T4169] syz-executor: attempt to access beyond end of device [ 142.956944][ T4169] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 143.703554][ T5713] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 143.733314][ T4886] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 143.950316][ T6037] loop4: detected capacity change from 0 to 32768 [ 143.960559][ T5713] usb 2-1: Using ep0 maxpacket: 32 [ 143.963273][ T6037] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.742 (6037) [ 143.992971][ T6037] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 144.009899][ T6037] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 144.024378][ T6037] BTRFS info (device loop4): setting nodatacow, compression disabled [ 144.036125][ T6037] BTRFS info (device loop4): turning on flush-on-commit [ 144.048034][ T6037] BTRFS info (device loop4): enabling auto defrag [ 144.056016][ T6037] BTRFS info (device loop4): max_inline at 0 [ 144.067905][ T6037] BTRFS info (device loop4): using free space tree [ 144.080749][ T5713] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 144.271895][ T4886] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 144.288094][ T4886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.301075][ T5713] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 144.320238][ T5713] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 144.328896][ T5713] usb 2-1: Product: syz [ 144.334244][ T5713] usb 2-1: Manufacturer: syz [ 144.338863][ T5713] usb 2-1: SerialNumber: syz [ 144.348731][ T5713] usb 2-1: config 0 descriptor?? [ 144.365325][ T4886] usb 4-1: Product: syz [ 144.379803][ T4886] usb 4-1: Manufacturer: syz [ 144.380682][ T6038] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 144.390869][ T6084] netlink: 'syz.2.755': attribute type 29 has an invalid length. [ 144.399345][ T6037] BTRFS info (device loop4): enabling ssd optimizations [ 144.415764][ T4886] usb 4-1: SerialNumber: syz [ 144.438794][ T6084] netlink: 'syz.2.755': attribute type 29 has an invalid length. [ 144.440828][ T4886] usb 4-1: config 0 descriptor?? [ 144.491947][ T6084] netlink: 'syz.2.755': attribute type 29 has an invalid length. [ 144.502086][ T4886] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 005 [ 144.556042][ T6084] netlink: 'syz.2.755': attribute type 29 has an invalid length. [ 144.699904][ T6092] netlink: 8 bytes leftover after parsing attributes in process `syz.2.758'. [ 144.728389][ T3798] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 144.741081][ T26] usb 2-1: USB disconnect, device number 6 [ 145.151795][ T4886] i2c i2c-1: failure reading functionality [ 145.172742][ T4886] i2c i2c-1: connected i2c-tiny-usb device [ 145.193990][ T4886] usb 4-1: USB disconnect, device number 5 [ 145.205084][ T6102] loop2: detected capacity change from 0 to 512 [ 145.279081][ T6102] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 145.294248][ T6102] ext4 filesystem being mounted at /104/file0 supports timestamps until 2038 (0x7fffffff) [ 145.533213][ T4169] EXT4-fs (loop2): unmounting filesystem. [ 145.640234][ T6115] loop2: detected capacity change from 0 to 128 [ 145.698110][ T6115] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 145.760802][ T6115] ext4 filesystem being mounted at /105/mnt supports timestamps until 2038 (0x7fffffff) [ 145.829672][ T6118] tun0: tun_chr_ioctl cmd 1074025694 [ 145.915690][ T4169] EXT4-fs (loop2): unmounting filesystem. [ 146.028437][ T6121] loop4: detected capacity change from 0 to 4096 [ 146.049754][ T6121] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 146.354849][ T4886] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 146.366469][ T6137] loop1: detected capacity change from 0 to 512 [ 146.399429][ T6137] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 146.411950][ T6137] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 146.433758][ T6137] EXT4-fs (loop1): 1 orphan inode deleted [ 146.439509][ T6137] EXT4-fs (loop1): 1 truncate cleaned up [ 146.466043][ T6137] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 146.528858][ T6137] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 146.560143][ T6137] EXT4-fs (loop1): Remounting filesystem read-only [ 146.606972][ T3943] EXT4-fs (loop1): unmounting filesystem. [ 146.620537][ T4886] usb 4-1: Using ep0 maxpacket: 16 [ 146.740680][ T4886] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 146.769279][ T6134] loop0: detected capacity change from 0 to 32768 [ 146.911887][ T4886] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 146.950297][ T4886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.960692][ T4886] usb 4-1: Product: syz [ 146.964877][ T4886] usb 4-1: Manufacturer: syz [ 146.979656][ T4886] usb 4-1: SerialNumber: syz [ 146.998752][ T4886] usb 4-1: config 0 descriptor?? [ 147.052434][ T4886] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 147.095825][ T4886] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 147.370514][ T5711] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 147.512080][ T6144] loop2: detected capacity change from 0 to 32768 [ 147.599462][ T6144] XFS (loop2): Mounting V5 Filesystem [ 147.640438][ T5711] usb 1-1: Using ep0 maxpacket: 32 [ 147.668891][ T6144] XFS (loop2): Ending clean mount [ 147.676465][ T6144] XFS (loop2): Quotacheck needed: Please wait. [ 147.700648][ T4886] em28xx 4-1:0.0: chip ID is em2860 [ 147.733557][ T6144] XFS (loop2): Quotacheck: Done. [ 147.795653][ T5711] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 147.859565][ T4169] XFS (loop2): Unmounting Filesystem [ 147.936864][ T6154] loop4: detected capacity change from 0 to 40427 [ 147.959105][ T6154] F2FS-fs (loop4): invalid crc value [ 147.970229][ T6154] F2FS-fs (loop4): Found nat_bits in checkpoint [ 148.000651][ T5711] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 148.024036][ T6154] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 148.035670][ T5711] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 148.050646][ T4886] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 148.060304][ T4886] em28xx 4-1:0.0: board has no eeprom [ 148.075659][ T5711] usb 1-1: Product: syz [ 148.100451][ T5711] usb 1-1: Manufacturer: syz [ 148.105080][ T5711] usb 1-1: SerialNumber: syz [ 148.117291][ T5711] usb 1-1: config 0 descriptor?? [ 148.126332][ T27] audit: type=1804 audit(1724941555.796:22): pid=6154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.781" name="/newroot/147/file0/file0" dev="loop4" ino=10 res=1 errno=0 [ 148.150171][ T6154] F2FS-fs (loop4): Can't enable fs-verity on inode 10: the verity feature is not enabled on this filesystem [ 148.152381][ T6146] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 148.187466][ T3798] syz-executor: attempt to access beyond end of device [ 148.187466][ T3798] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 148.214397][ T4886] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 148.231986][ T4886] em28xx 4-1:0.0: dvb set to bulk mode. [ 148.243711][ T4886] usb 4-1: USB disconnect, device number 6 [ 148.250310][ T4886] em28xx 4-1:0.0: Disconnecting em28xx [ 148.257008][ T4881] em28xx 4-1:0.0: Binding DVB extension [ 148.363778][ T4881] em28xx 4-1:0.0: Registering input extension [ 148.463405][ T4881] rc_core: IR keymap rc-pinnacle-pctv-hd not found [ 148.472642][ T4881] Registered IR keymap rc-empty [ 148.503397][ T4881] rc rc0: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 148.526765][ T5711] usb 1-1: USB disconnect, device number 3 [ 148.554192][ T4881] input: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input8 [ 148.602797][ T4881] em28xx 4-1:0.0: Input extension successfully initialized [ 148.617182][ T6181] loop3: detected capacity change from 0 to 256 [ 148.621613][ T4886] em28xx 4-1:0.0: Closing input extension [ 148.695259][ T4886] em28xx 4-1:0.0: Freeing device [ 149.274411][ T6176] loop2: detected capacity change from 0 to 40427 [ 149.369255][ T6176] F2FS-fs (loop2): Found nat_bits in checkpoint [ 149.400869][ T6196] loop0: detected capacity change from 0 to 512 [ 149.488398][ T6196] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.790: bg 0: block 393: padding at end of block bitmap is not set [ 149.553834][ T6176] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 149.574693][ T6196] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6172: Corrupt filesystem [ 149.590308][ T6196] EXT4-fs (loop0): 2 truncates cleaned up [ 149.596491][ T6196] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 149.608164][ T6184] loop3: detected capacity change from 0 to 40427 [ 149.698930][ T6184] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 149.740813][ T6184] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 149.773669][ T6184] F2FS-fs (loop3): invalid crc value [ 149.815294][ T6184] F2FS-fs (loop3): Found nat_bits in checkpoint [ 149.830236][ T5035] EXT4-fs (loop0): unmounting filesystem. [ 149.922788][ T4134] kworker/u4:8: attempt to access beyond end of device [ 149.922788][ T4134] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 149.988688][ T6184] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 150.010427][ T6184] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 150.194831][ T6213] Bluetooth: MGMT ver 1.22 [ 150.214485][ T6215] loop4: detected capacity change from 0 to 64 [ 150.247879][ T3707] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 150.279131][ T3707] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 150.547860][ T6202] loop1: detected capacity change from 0 to 32768 [ 150.636775][ T6202] XFS (loop1): Mounting V5 Filesystem [ 150.746871][ T6202] XFS (loop1): Ending clean mount [ 150.880812][ T3943] XFS (loop1): Unmounting Filesystem [ 150.920785][ T5714] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 150.998672][ T6242] netlink: 40 bytes leftover after parsing attributes in process `syz.3.807'. [ 151.121273][ T6246] loop3: detected capacity change from 0 to 512 [ 151.143609][ T6246] EXT4-fs: Ignoring removed mblk_io_submit option [ 151.188058][ T6246] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 151.196703][ T5714] usb 3-1: Using ep0 maxpacket: 8 [ 151.230215][ T6246] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002] [ 151.238388][ T6246] System zones: 1-12 [ 151.266005][ T6246] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2219: inode #15: comm syz.3.810: corrupted in-inode xattr [ 151.320649][ T5714] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.338134][ T6246] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.810: couldn't read orphan inode 15 (err -117) [ 151.340424][ T5714] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 151.350446][ T6251] block nbd0: shutting down sockets [ 151.371377][ T5714] usb 3-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.91 [ 151.380905][ T5714] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.392843][ T6246] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 151.402307][ T5714] usb 3-1: config 0 descriptor?? [ 151.515701][ T3642] EXT4-fs (loop3): unmounting filesystem. [ 151.678065][ T6244] loop4: detected capacity change from 0 to 32768 [ 151.734851][ T6244] XFS (loop4): Mounting V5 Filesystem [ 151.870910][ T5714] lenovo 0003:17EF:60EE.0006: unknown main item tag 0x0 [ 151.877926][ T5714] lenovo 0003:17EF:60EE.0006: unknown main item tag 0x0 [ 151.925730][ T5714] lenovo 0003:17EF:60EE.0006: unknown main item tag 0x0 [ 151.932819][ T5714] lenovo 0003:17EF:60EE.0006: unknown main item tag 0x0 [ 151.939938][ T5714] lenovo 0003:17EF:60EE.0006: unknown main item tag 0x0 [ 151.960517][ T5714] lenovo 0003:17EF:60EE.0006: unknown main item tag 0x0 [ 151.967543][ T5714] lenovo 0003:17EF:60EE.0006: unknown main item tag 0x0 [ 151.979143][ T6244] XFS (loop4): Ending clean mount [ 151.984866][ T5714] lenovo 0003:17EF:60EE.0006: hidraw0: USB HID v0.00 Device [HID 17ef:60ee] on usb-dummy_hcd.2-1/input0 [ 152.000082][ T6244] XFS (loop4): Quotacheck needed: Please wait. [ 152.070756][ T5711] usb 3-1: USB disconnect, device number 3 [ 152.079447][ T6244] XFS (loop4): Quotacheck: Done. [ 152.185048][ T3798] XFS (loop4): Unmounting Filesystem [ 152.308365][ T6255] loop1: detected capacity change from 0 to 32768 [ 152.337146][ T6259] loop0: detected capacity change from 0 to 32768 [ 152.399454][ T6255] XFS (loop1): Mounting V5 Filesystem [ 152.443337][ T6259] ERROR: (device loop0): dbAlloc: the hint is outside the map [ 152.443337][ T6259] [ 152.466219][ T6259] ERROR: (device loop0): remounting filesystem as read-only [ 152.479078][ T6259] syz.0.814: attempt to access beyond end of device [ 152.479078][ T6259] loop0: rw=2049, sector=2621792, nr_sectors = 8 limit=32768 [ 152.507642][ T6255] XFS (loop1): Ending clean mount [ 152.526495][ T134] blkno = 5002c, nblocks = 1 [ 152.537100][ T134] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 152.537100][ T134] [ 152.858962][ T6292] loop2: detected capacity change from 0 to 2048 [ 152.869403][ T6292] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 152.989193][ T6296] loop4: detected capacity change from 0 to 4096 [ 153.002409][ T6298] loop3: detected capacity change from 0 to 1024 [ 153.030632][ T6296] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 153.069776][ T6298] hfsplus: bad catalog entry type [ 153.139792][ T6296] ntfs3: loop4: failed to convert "c46c" to cp737 [ 153.148975][ T102] hfsplus: b-tree write err: -5, ino 4 [ 153.339166][ C1] eth0: bad gso: type: 1, size: 1408 [ 153.350179][ C1] eth0: bad gso: type: 1, size: 1408 [ 153.644839][ T6255] syz.1.813 (6255) used greatest stack depth: 18224 bytes left [ 153.652899][ T3943] XFS (loop1): Unmounting Filesystem [ 153.670453][ T5714] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 153.920449][ T5714] usb 4-1: Using ep0 maxpacket: 16 [ 153.930286][ T6304] loop0: detected capacity change from 0 to 32768 [ 153.984661][ T6313] loop2: detected capacity change from 0 to 4096 [ 154.026341][ T6313] ntfs: volume version 3.1. [ 154.062341][ T5714] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.093605][ T5714] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.132825][ T5714] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 154.215546][ T5714] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 154.256091][ T5714] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.264495][ T4886] kernel write not supported for file /amidi2 (pid: 4886 comm: kworker/1:15) [ 154.295098][ T5714] usb 4-1: config 0 descriptor?? [ 154.311764][ T6304] XFS (loop0): Mounting V5 Filesystem [ 154.424722][ T6332] netlink: 8 bytes leftover after parsing attributes in process `syz.1.835'. [ 154.458841][ T6304] XFS (loop0): Ending clean mount [ 154.572972][ T6311] loop4: detected capacity change from 0 to 32768 [ 154.627191][ T6311] [ 154.627191][ T6311] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.627191][ T6311] [ 154.642732][ T5035] XFS (loop0): Unmounting Filesystem [ 154.699192][ T6311] [ 154.699192][ T6311] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.699192][ T6311] [ 154.727469][ T6311] [ 154.727469][ T6311] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.727469][ T6311] [ 154.771051][ T6311] [ 154.771051][ T6311] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.771051][ T6311] [ 154.788208][ T5714] microsoft 0003:045E:07DA.0007: unbalanced delimiter at end of report description [ 154.801620][ T6336] netlink: 268 bytes leftover after parsing attributes in process `syz.2.838'. [ 154.809749][ T6311] [ 154.809749][ T6311] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.809749][ T6311] [ 154.824134][ T5714] microsoft 0003:045E:07DA.0007: parse failed [ 154.830240][ T5714] microsoft: probe of 0003:045E:07DA.0007 failed with error -22 [ 154.868800][ T6311] [ 154.868800][ T6311] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.868800][ T6311] [ 154.904182][ T134] [ 154.904182][ T134] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.904182][ T134] [ 154.972846][ T4134] [ 154.972846][ T4134] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.972846][ T4134] [ 154.986180][ T6341] loop2: detected capacity change from 0 to 128 [ 155.003252][ T4134] [ 155.003252][ T4134] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 155.003252][ T4134] [ 155.035449][ T4881] usb 4-1: USB disconnect, device number 7 [ 155.035458][ T3798] [ 155.035458][ T3798] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 155.035458][ T3798] [ 155.082679][ T134] [ 155.082679][ T134] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 155.082679][ T134] [ 155.115613][ T3798] [ 155.115613][ T3798] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 155.115613][ T3798] [ 155.247450][ T6345] netlink: 116 bytes leftover after parsing attributes in process `syz.0.837'. [ 155.726392][ T6339] loop1: detected capacity change from 0 to 32768 [ 155.749307][ T6339] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 scanned by syz.1.839 (6339) [ 155.818794][ T6339] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 155.863134][ T6339] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 155.903356][ T6339] BTRFS info (device loop1): using free space tree [ 156.172228][ T6343] loop2: detected capacity change from 0 to 32768 [ 156.195706][ T6339] BTRFS info (device loop1): enabling ssd optimizations [ 156.253756][ T6343] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.841 (6343) [ 156.310207][ T6343] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 156.386748][ T6343] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 156.440038][ T6343] BTRFS info (device loop2): using free space tree [ 156.577873][ T3943] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 156.659753][ T6343] BTRFS info (device loop2): enabling ssd optimizations [ 156.858300][ T6343] BTRFS info (device loop2): Snapshot src from another FS [ 156.999011][ T6413] loop0: detected capacity change from 0 to 512 [ 157.096170][ T6413] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 157.138001][ T6413] ext4 filesystem being mounted at /67/file0 supports timestamps until 2038 (0x7fffffff) [ 157.216665][ T6418] netlink: 16 bytes leftover after parsing attributes in process `syz.1.853'. [ 157.240167][ T4169] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 157.279538][ T5035] EXT4-fs (loop0): unmounting filesystem. [ 157.670870][ T6391] loop4: detected capacity change from 0 to 32768 [ 157.679281][ T6430] loop1: detected capacity change from 0 to 64 [ 157.687599][ T6391] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 157.716713][ T6391] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 157.719823][ T6432] loop3: detected capacity change from 0 to 64 [ 157.772538][ T6430] hfs: request for non-existent node 131072 in B*Tree [ 157.782938][ T6391] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 157.808054][ T6430] hfs: request for non-existent node 131072 in B*Tree [ 157.818556][ T4786] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 157.829951][ T4786] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 157.999816][ T4786] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 169ms [ 158.020808][ T4786] gfs2: fsid=syz:syz.0: jid=0: Done [ 158.027147][ T6391] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 158.416776][ T6448] loop4: detected capacity change from 0 to 1024 [ 158.544897][ T3705] hfsplus: b-tree write err: -5, ino 4 [ 158.842636][ T6458] Falling back ldisc for ptm0. [ 158.890485][ T3682] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 158.957197][ T6462] loop2: detected capacity change from 0 to 512 [ 159.044613][ T6462] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.876: bg 0: block 5: invalid block bitmap [ 159.084086][ T6462] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6172: Corrupt filesystem [ 159.086682][ T6442] loop1: detected capacity change from 0 to 32768 [ 159.116821][ T6442] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.865 (6442) [ 159.130661][ T3682] usb 4-1: Using ep0 maxpacket: 16 [ 159.139586][ T6462] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.876: invalid indirect mapped block 3 (level 2) [ 159.169914][ T6442] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 159.188844][ T6442] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 159.215192][ T6442] BTRFS info (device loop1): using free space tree [ 159.221930][ T6464] loop4: detected capacity change from 0 to 4096 [ 159.233843][ T6462] EXT4-fs (loop2): 1 orphan inode deleted [ 159.255016][ T6462] EXT4-fs (loop2): 1 truncate cleaned up [ 159.291345][ T3682] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 159.293723][ T6462] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 159.319395][ T3682] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.380300][ T6462] EXT4-fs: Can't set or change test_dummy_encryption on remount [ 159.407765][ T3682] usb 4-1: config 0 descriptor?? [ 159.417208][ T4169] EXT4-fs error (device loop2): ext4_lookup:1856: inode #17: comm syz-executor: iget: bad extended attribute block 6904 [ 159.437026][ T4169] EXT4-fs error (device loop2): ext4_lookup:1856: inode #17: comm syz-executor: iget: bad extended attribute block 6904 [ 159.464819][ T6464] ntfs3: loop4: failed to convert "0080" to cp936 [ 159.493713][ T3682] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 159.519220][ T6464] ntfs3: loop4: failed to convert name for inode 1e. [ 159.531618][ T5245] EXT4-fs (loop2): unmounting filesystem. [ 159.579320][ T6442] BTRFS info (device loop1): enabling ssd optimizations [ 159.660534][ T5715] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 159.687695][ T3943] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 159.704087][ T6492] netlink: 9 bytes leftover after parsing attributes in process `syz.4.881'. [ 159.722785][ T6492] device gretap0 entered promiscuous mode [ 159.920507][ T5715] usb 1-1: Using ep0 maxpacket: 8 [ 159.935232][ T102] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.060329][ T102] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.134185][ T102] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.162461][ T6500] loop4: detected capacity change from 0 to 512 [ 160.193984][ T6501] pim6reg0: tun_chr_ioctl cmd 2147767517 [ 160.261034][ T6500] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 160.269994][ T6500] ext4 filesystem being mounted at /170/file0 supports timestamps until 2038 (0x7fffffff) [ 160.285678][ T5715] usb 1-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=7a.1a [ 160.305735][ T5715] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.331964][ T5715] usb 1-1: Product: syz [ 160.344815][ T5715] usb 1-1: Manufacturer: syz [ 160.358947][ T5715] usb 1-1: SerialNumber: syz [ 160.381047][ T5715] usb 1-1: config 0 descriptor?? [ 160.393043][ T102] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.410843][ T3682] gspca_sonixj: reg_r err -71 [ 160.415591][ T3682] sonixj: probe of 4-1:0.0 failed with error -71 [ 160.439160][ T5715] gspca_main: sn9c2028-2.14.0 probing 0458:7003 [ 160.459018][ T3682] usb 4-1: USB disconnect, device number 8 [ 160.588845][ T3798] EXT4-fs (loop4): unmounting filesystem. [ 160.650658][ T5715] gspca_sn9c2028: read1 error -32 [ 160.667104][ T3637] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 160.677638][ T3637] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 160.687151][ T3637] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 160.695769][ T3637] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 160.705009][ T3637] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 160.712657][ T3637] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 160.743120][ T5715] gspca_sn9c2028: read1 error -32 [ 161.025918][ T5715] usb 1-1: USB disconnect, device number 4 [ 161.219849][ T6505] loop1: detected capacity change from 0 to 40427 [ 161.278676][ T6505] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 161.312958][ T6505] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 161.346906][ T6505] F2FS-fs (loop1): invalid crc value [ 161.378359][ T6505] F2FS-fs (loop1): Found nat_bits in checkpoint [ 161.551516][ T6505] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 161.558587][ T6505] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 161.858517][ T3701] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 161.887346][ T3701] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 162.059988][ T6506] chnl_net:caif_netlink_parms(): no params data found [ 162.236589][ T6525] loop4: detected capacity change from 0 to 32768 [ 162.301863][ T6525] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.892 (6525) [ 162.381594][ T6525] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 162.420456][ T6525] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 162.470459][ T6525] BTRFS info (device loop4): using free space tree [ 162.675173][ T6583] loop1: detected capacity change from 0 to 512 [ 162.688519][ T6583] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 162.770295][ T6583] EXT4-fs (loop1): 1 truncate cleaned up [ 162.771038][ T6506] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.777729][ T6583] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 162.792585][ T3637] Bluetooth: hci4: command tx timeout [ 162.793665][ T6525] BTRFS info (device loop4): enabling ssd optimizations [ 162.801974][ T6506] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.821474][ T6506] device bridge_slave_0 entered promiscuous mode [ 162.838000][ T6583] fscrypt (loop1, inode 18): Unsupported encryption flags (0xc5) [ 162.870843][ T6506] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.878543][ T6506] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.919242][ T6506] device bridge_slave_1 entered promiscuous mode [ 162.940873][ T6553] loop3: detected capacity change from 0 to 32768 [ 162.967098][ T6553] XFS: attr2 mount option is deprecated. [ 163.041030][ T3943] EXT4-fs (loop1): unmounting filesystem. [ 163.069635][ T3798] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 163.131586][ T6553] XFS (loop3): Mounting V5 Filesystem [ 163.177881][ T6506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.345343][ T6609] loop0: detected capacity change from 0 to 2048 [ 163.424848][ T6553] XFS (loop3): Ending clean mount [ 163.445500][ T6553] XFS (loop3): Quotacheck needed: Please wait. [ 163.468941][ T102] device hsr_slave_0 left promiscuous mode [ 163.476460][ T102] device hsr_slave_1 left promiscuous mode [ 163.496634][ T6609] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 163.509774][ T102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.517910][ T6553] XFS (loop3): Quotacheck: Done. [ 163.529628][ T102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.586260][ T102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.608730][ T102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.618520][ T102] device bridge_slave_1 left promiscuous mode [ 163.626102][ T102] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.643402][ T102] device bridge_slave_0 left promiscuous mode [ 163.653628][ T5035] EXT4-fs (loop0): unmounting filesystem. [ 163.655973][ T102] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.678423][ T3642] XFS (loop3): Unmounting Filesystem [ 163.756643][ T6616] loop0: detected capacity change from 0 to 64 [ 163.810101][ T102] device veth1_macvtap left promiscuous mode [ 163.822028][ T102] device veth0_macvtap left promiscuous mode [ 163.846955][ T102] device veth1_vlan left promiscuous mode [ 163.866309][ T102] device veth0_vlan left promiscuous mode [ 163.971461][ T6618] loop0: detected capacity change from 0 to 256 [ 163.991513][ T6620] loop3: detected capacity change from 0 to 128 [ 164.017776][ T6620] EXT4-fs (loop3): Test dummy encryption mode enabled [ 164.044532][ T6620] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 164.060236][ T6620] ext4 filesystem being mounted at /188/mnt supports timestamps until 2038 (0x7fffffff) [ 164.165149][ T3642] EXT4-fs (loop3): unmounting filesystem. [ 164.724303][ T102] device team_slave_0 left promiscuous mode [ 164.735312][ T102] team0 (unregistering): Port device team_slave_0 removed [ 164.775868][ T102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.780845][ T3683] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 164.841385][ T102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.868429][ T3646] Bluetooth: hci4: command tx timeout [ 165.150832][ T3683] usb 1-1: unable to get BOS descriptor or descriptor too short [ 165.160535][ T3683] usb 1-1: no configurations [ 165.171877][ T3683] usb 1-1: can't read configurations, error -22 [ 165.184587][ T3686] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 165.224002][ T102] bond0 (unregistering): Released all slaves [ 165.302673][ T6506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.340653][ T3646] Bluetooth: hci5: command 0x1003 tx timeout [ 165.347623][ T3637] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 165.493866][ T6506] team0: Port device team_slave_0 added [ 165.544281][ T6506] team0: Port device team_slave_1 added [ 165.550683][ T3686] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.563578][ T3686] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 165.590032][ T3686] usb 4-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 165.614089][ T3686] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.647968][ T3686] usb 4-1: config 0 descriptor?? [ 165.711811][ T6506] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 165.750648][ T6506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.805376][ T6506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 165.828450][ T6655] loop0: detected capacity change from 0 to 2048 [ 165.838190][ T6506] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 165.886278][ T6506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.937144][ T6655] EXT4-fs error (device loop0): ext4_orphan_get:1422: comm syz.0.925: bad orphan inode 8192 [ 165.942964][ T6506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 165.978305][ T6655] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 166.106970][ T27] audit: type=1800 audit(1724941573.776:23): pid=6655 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.925" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 166.146244][ T3686] logitech 0003:046D:C29C.0008: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.3-1/input0 [ 166.200024][ T5035] EXT4-fs (loop0): unmounting filesystem. [ 166.224509][ T6506] device hsr_slave_0 entered promiscuous mode [ 166.246776][ T6506] device hsr_slave_1 entered promiscuous mode [ 166.255280][ T6649] loop4: detected capacity change from 0 to 32768 [ 166.352036][ T3686] logitech 0003:046D:C29C.0008: no inputs found [ 166.407528][ T3686] usb 4-1: USB disconnect, device number 9 [ 166.416000][ T6652] loop1: detected capacity change from 0 to 32768 [ 166.434582][ T6649] XFS (loop4): Mounting V5 Filesystem [ 166.502899][ T6652] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 166.552673][ T6649] XFS (loop4): Ending clean mount [ 166.560053][ T6649] XFS (loop4): Quotacheck needed: Please wait. [ 166.574442][ T6652] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 166.626570][ T6649] XFS (loop4): Quotacheck: Done. [ 166.706812][ T6652] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 166.741732][ T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 166.748611][ T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 166.776723][ T3798] XFS (loop4): Unmounting Filesystem [ 166.891581][ T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 142ms [ 166.899224][ T14] gfs2: fsid=syz:syz.0: jid=0: Done [ 166.940458][ T3637] Bluetooth: hci4: command tx timeout [ 166.950504][ T6652] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 167.614934][ T6696] loop3: detected capacity change from 0 to 2048 [ 167.694010][ T6701] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 168.453804][ T6506] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 168.641322][ T3861] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 168.823406][ T6506] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 168.910547][ T3861] usb 5-1: Using ep0 maxpacket: 16 [ 169.020490][ T3637] Bluetooth: hci4: command tx timeout [ 169.030845][ T3861] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.052775][ T3861] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 169.081451][ T3861] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 169.132534][ T3861] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 169.169320][ T3861] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.200044][ T3861] usb 5-1: config 0 descriptor?? [ 169.207690][ T6506] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 169.238179][ T6506] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 169.533242][ T6506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.568753][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 169.598230][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 169.615863][ T6732] loop1: detected capacity change from 0 to 32768 [ 169.625847][ T6506] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.651129][ T6732] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.942 (6732) [ 169.670195][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 169.696204][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 169.702661][ T3861] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0 [ 169.716854][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.724014][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.741196][ T6732] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 169.745714][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 169.760007][ T6732] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 169.770053][ T6732] BTRFS info (device loop1): using free space tree [ 169.787363][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 169.789155][ T3861] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0009/input/input9 [ 169.806627][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 169.823855][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.830999][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.842168][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 169.850125][ T3861] microsoft 0003:045E:07DA.0009: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 169.851616][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 169.912560][ T3861] usb 5-1: USB disconnect, device number 5 [ 169.920971][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 169.940022][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 169.986266][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 170.058447][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 170.064068][ T27] audit: type=1326 audit(1724941577.736:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6758 comm="syz.0.948" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3363579ef9 code=0x0 [ 170.076445][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 170.099583][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 170.112249][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 170.131052][ T6732] BTRFS info (device loop1): enabling ssd optimizations [ 170.160129][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 170.188041][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 170.205471][ T3943] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 170.231945][ T6506] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 170.657555][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 170.682155][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 170.721764][ T6506] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.820455][ T3686] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 170.944162][ T6791] loop0: detected capacity change from 0 to 64 [ 170.986543][ T6791] hfs: unable to locate alternate MDB [ 171.010558][ T6791] hfs: continuing without an alternate MDB [ 171.108795][ T3637] Bluetooth: hci4: command tx timeout [ 171.180728][ T3686] usb 4-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 171.189797][ T3686] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.199392][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 171.251189][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 171.313671][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 171.318694][ T27] audit: type=1326 audit(1724941578.986:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.1.953" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd222b79ef9 code=0x0 [ 171.322752][ T3686] usb 4-1: config 0 descriptor?? [ 171.371204][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 171.381541][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 171.389452][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 171.409338][ T6506] device veth0_vlan entered promiscuous mode [ 171.471342][ T6506] device veth1_vlan entered promiscuous mode [ 171.538802][ T4134] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 171.557202][ T4134] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 171.584774][ T4134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 171.600027][ T4134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 171.616977][ T6506] device veth0_macvtap entered promiscuous mode [ 171.627316][ T4134] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 171.654167][ T6506] device veth1_macvtap entered promiscuous mode [ 171.718276][ T6506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.739386][ T6506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.753172][ T6810] loop4: detected capacity change from 0 to 256 [ 171.765904][ T6506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.793599][ T6506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.811771][ T6813] IPVS: sh: TCP 172.20.20.170:0 - no destination available [ 171.822382][ T6506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.837157][ T6506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.868297][ T6506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.870187][ C1] eth0: bad gso: type: 1, size: 1408 [ 171.883110][ T6506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.885362][ T3686] gs_usb 4-1:0.0: Configuring for 1 interfaces [ 171.900825][ C1] eth0: bad gso: type: 1, size: 1408 [ 171.944551][ T6506] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.961833][ T4134] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 171.981576][ T4134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 171.998153][ T6506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.017075][ T6506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.027719][ T6506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.043448][ T6506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.084893][ T6506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.097990][ T6506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.126654][ T6506] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.137395][ T6506] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.162033][ T6506] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 172.189598][ T102] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 172.208276][ T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 172.221853][ T6506] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.240025][ T6506] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.255802][ T6506] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.280633][ T6506] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.458020][ T3686] usb 4-1: USB disconnect, device number 10 [ 172.480664][ T3701] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.492412][ T3701] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.535499][ T4134] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 172.566474][ T4134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.592322][ T4134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.620495][ T3705] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 172.641745][ T27] audit: type=1326 audit(1724941580.316:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6837 comm="syz.4.963" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1dd3f79ef9 code=0x0 [ 173.186189][ T6852] loop2: detected capacity change from 0 to 4096 [ 173.229933][ T6852] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 173.363713][ T6852] ntfs3: loop2: failed to convert "c46c" to cp864 [ 173.684380][ T3646] Bluetooth: hci5: sending frame failed (-49) [ 173.692170][ T3637] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 174.126799][ T6882] loop4: detected capacity change from 0 to 2048 [ 174.216810][ T6882] EXT4-fs error (device loop4): ext4_orphan_get:1422: comm syz.4.973: bad orphan inode 8192 [ 174.268011][ T6882] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 174.335860][ T27] audit: type=1800 audit(1724941582.006:27): pid=6882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.973" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 174.357379][ T6857] loop3: detected capacity change from 0 to 40427 [ 174.408730][ T6857] F2FS-fs (loop3): invalid crc value [ 174.434044][ T6857] F2FS-fs (loop3): Found nat_bits in checkpoint [ 174.459501][ T3798] EXT4-fs (loop4): unmounting filesystem. [ 174.637086][ T6857] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 175.120172][ T6871] loop1: detected capacity change from 0 to 32768 [ 175.251466][ T6871] XFS (loop1): Mounting V5 Filesystem [ 175.400585][ T6871] XFS (loop1): Ending clean mount [ 175.412752][ T6871] XFS (loop1): Quotacheck needed: Please wait. [ 175.542480][ T6871] XFS (loop1): Quotacheck: Done. [ 175.660503][ T3637] Bluetooth: hci2: command 0x0406 tx timeout [ 175.831986][ T3943] XFS (loop1): Unmounting Filesystem [ 176.158946][ T6909] loop0: detected capacity change from 0 to 32768 [ 176.245281][ T6909] XFS (loop0): Mounting V5 Filesystem [ 176.351069][ T6909] XFS (loop0): Ending clean mount [ 176.426243][ T5035] XFS (loop0): Unmounting Filesystem [ 176.431682][ T4880] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 176.664841][ T6942] loop3: detected capacity change from 0 to 32768 [ 176.680683][ T4880] usb 5-1: Using ep0 maxpacket: 8 [ 176.801303][ T4880] usb 5-1: config 135 has an invalid interface number: 230 but max is 0 [ 176.811275][ T4880] usb 5-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 176.865863][ T4880] usb 5-1: config 135 has no interface number 0 [ 176.885690][ T4880] usb 5-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 176.944384][ T6942] XFS (loop3): Mounting V5 Filesystem [ 177.014222][ T6942] XFS (loop3): Ending clean mount [ 177.100945][ T4880] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 177.120411][ T4880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.142058][ T4880] usb 5-1: Product: syz [ 177.146253][ T4880] usb 5-1: Manufacturer: syz [ 177.162955][ T4880] usb 5-1: SerialNumber: syz [ 177.184387][ T3642] XFS (loop3): Unmounting Filesystem [ 177.215179][ T4880] usb 5-1: Found UVC 0.00 device syz (18ec:3288) [ 177.222748][ T4880] usb 5-1: No valid video chain found. [ 177.440012][ T4881] usb 5-1: USB disconnect, device number 6 [ 177.706619][ T6983] loop1: detected capacity change from 0 to 4096 [ 177.818413][ T6983] ntfs: volume version 3.1. [ 177.935601][ T6995] loop3: detected capacity change from 0 to 2048 [ 178.017414][ T6995] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 178.067490][ T7001] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1009'. [ 178.107963][ T6995] ext4 filesystem being mounted at /210/file0 supports timestamps until 2038 (0x7fffffff) [ 178.255022][ T7007] loop1: detected capacity change from 0 to 128 [ 178.399704][ T3642] EXT4-fs (loop3): unmounting filesystem. [ 178.579089][ T7020] loop3: detected capacity change from 0 to 2048 [ 178.607804][ T7020] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 178.660099][ T7020] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 179.148208][ T7046] loop1: detected capacity change from 0 to 64 [ 179.262916][ T7046] hfs: bad catalog entry type 0 [ 179.485028][ T7062] tun0: tun_chr_ioctl cmd 1074025678 [ 179.499009][ T7062] tun0: group set to 0 [ 179.600517][ T4881] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 179.662947][ T7065] loop2: detected capacity change from 0 to 4096 [ 179.683699][ T7065] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) [ 179.755317][ T7065] ntfs3: loop2: Failed to load $Extend. [ 179.840588][ T4881] usb 5-1: Using ep0 maxpacket: 16 [ 179.960710][ T4881] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.981234][ T4881] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.011250][ T4881] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 180.060443][ T4881] usb 5-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 180.091179][ T4881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.127764][ T4881] usb 5-1: config 0 descriptor?? [ 180.249265][ T7081] loop1: detected capacity change from 0 to 512 [ 180.281472][ T7081] EXT4-fs: Ignoring removed mblk_io_submit option [ 180.334582][ T7081] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 180.416090][ T7081] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002] [ 180.457180][ T7081] System zones: 1-12 [ 180.485013][ T7081] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2219: inode #15: comm syz.1.1047: corrupted in-inode xattr [ 180.561296][ T7081] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.1047: couldn't read orphan inode 15 (err -117) [ 180.612497][ T7088] loop0: detected capacity change from 0 to 4096 [ 180.628458][ T4881] ryos 0003:1E7D:31CE.000A: unknown main item tag 0x0 [ 180.642103][ T4881] ryos 0003:1E7D:31CE.000A: unbalanced delimiter at end of report description [ 180.655218][ T7081] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 180.661736][ T4881] ryos 0003:1E7D:31CE.000A: parse failed [ 180.670880][ T4881] ryos: probe of 0003:1E7D:31CE.000A failed with error -22 [ 180.816126][ T7102] loop0: detected capacity change from 0 to 512 [ 180.850063][ T3943] EXT4-fs (loop1): unmounting filesystem. [ 180.854903][ T4881] usb 5-1: USB disconnect, device number 7 [ 180.877501][ T7102] EXT4-fs: Ignoring removed nomblk_io_submit option [ 180.962604][ T7102] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2219: inode #15: comm syz.0.1055: corrupted in-inode xattr [ 181.019266][ T7102] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.1055: couldn't read orphan inode 15 (err -117) [ 181.056306][ T7102] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 181.088044][ T7109] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 181.281774][ T5035] EXT4-fs (loop0): unmounting filesystem. [ 181.404717][ T7107] loop3: detected capacity change from 0 to 32768 [ 181.532299][ T7107] XFS (loop3): Mounting V5 Filesystem [ 181.651733][ T7131] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1066'. [ 181.671185][ T7107] XFS (loop3): Ending clean mount [ 181.693437][ T7136] loop2: detected capacity change from 0 to 64 [ 181.708482][ T7107] XFS (loop3): Quotacheck needed: Please wait. [ 181.776148][ T7107] XFS (loop3): Quotacheck: Done. [ 181.905124][ T3642] XFS (loop3): Unmounting Filesystem [ 182.066470][ T7148] tap0: tun_chr_ioctl cmd 2148553947 [ 182.067893][ T7150] Bluetooth: MGMT ver 1.22 [ 182.218617][ T7152] loop2: detected capacity change from 0 to 512 [ 182.258769][ T7152] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 182.285514][ T7156] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1077'. [ 182.325548][ T7152] ext4 filesystem being mounted at /36/bus supports timestamps until 2038 (0x7fffffff) [ 182.464885][ T7164] netlink: 'syz.4.1079': attribute type 1 has an invalid length. [ 182.511472][ T6506] EXT4-fs (loop2): unmounting filesystem. [ 182.672076][ T7172] loop2: detected capacity change from 0 to 512 [ 182.710470][ T7172] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.1082: inode #1: comm syz.2.1082: iget: illegal inode # [ 182.746418][ T7172] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.1082: error while reading EA inode 1 err=-117 [ 182.764649][ T7172] EXT4-fs (loop2): 1 orphan inode deleted [ 182.788247][ T7172] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 182.892710][ T7184] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 182.892710][ T7184] The task syz.4.1087 (7184) triggered the difference, watch for misbehavior. [ 182.978702][ T6506] EXT4-fs (loop2): unmounting filesystem. [ 183.056206][ T7188] loop1: detected capacity change from 0 to 2048 [ 183.136839][ T7192] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 183.354726][ T7197] loop1: detected capacity change from 0 to 512 [ 183.412640][ T7197] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 183.453111][ T7205] sctp: [Deprecated]: syz.3.1096 (pid 7205) Use of int in maxseg socket option. [ 183.453111][ T7205] Use struct sctp_assoc_value instead [ 183.457046][ T7197] ext4 filesystem being mounted at /190/bus supports timestamps until 2038 (0x7fffffff) [ 183.717733][ T3943] EXT4-fs (loop1): unmounting filesystem. [ 184.019766][ T7225] [ 184.022126][ T7225] ============================================ [ 184.028261][ T7225] WARNING: possible recursive locking detected [ 184.034408][ T7225] 6.1.106-syzkaller #0 Not tainted [ 184.039519][ T7225] -------------------------------------------- [ 184.045667][ T7225] syz.3.1106/7225 is trying to acquire lock: [ 184.051636][ T7225] ffff88805a875458 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x1c0/0x5e0 [ 184.060709][ T7225] [ 184.060709][ T7225] but task is already holding lock: [ 184.068065][ T7225] ffff88805fda0cd8 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x1c0/0x5e0 [ 184.077134][ T7225] [ 184.077134][ T7225] other info that might help us debug this: [ 184.085193][ T7225] Possible unsafe locking scenario: [ 184.085193][ T7225] [ 184.092646][ T7225] CPU0 [ 184.095921][ T7225] ---- [ 184.099195][ T7225] lock(_xmit_ETHER#2); [ 184.103454][ T7225] lock(_xmit_ETHER#2); [ 184.107714][ T7225] [ 184.107714][ T7225] *** DEADLOCK *** [ 184.107714][ T7225] [ 184.115860][ T7225] May be due to missing lock nesting notation [ 184.115860][ T7225] [ 184.124177][ T7225] 12 locks held by syz.3.1106/7225: [ 184.129373][ T7225] #0: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: rawv6_send_hdrinc+0xa8b/0x1850 [ 184.139145][ T7225] #1: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: ip6_finish_output2+0x698/0x1530 [ 184.149002][ T7225] #2: ffffffff8d32b020 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2d6/0x3cf0 [ 184.158944][ T7225] #3: ffff88805aa35258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_queue_xmit+0x131b/0x3cf0 [ 184.171408][ T7225] #4: ffff88805fda0cd8 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x1c0/0x5e0 [ 184.180925][ T7225] #5: ffff88814b7280b0 (k-slock-AF_INET6){+.-.}-{2:2}, at: icmp6_send+0xc10/0x2160 [ 184.190348][ T7225] #6: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: icmp6_send+0xb70/0x2160 [ 184.199505][ T7225] #7: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: ip6_finish_output2+0x698/0x1530 [ 184.209541][ T7225] #8: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: ndisc_send_skb+0x5a8/0x14e0 [ 184.219046][ T7225] #9: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: ip6_finish_output2+0x698/0x1530 [ 184.228899][ T7225] #10: ffffffff8d32b020 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2d6/0x3cf0 [ 184.238923][ T7225] #11: ffff88804a7ea258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_queue_xmit+0x131b/0x3cf0 [ 184.251464][ T7225] [ 184.251464][ T7225] stack backtrace: [ 184.257366][ T7225] CPU: 0 PID: 7225 Comm: syz.3.1106 Not tainted 6.1.106-syzkaller #0 [ 184.265438][ T7225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 184.275493][ T7225] Call Trace: [ 184.278780][ T7225] [ 184.281715][ T7225] dump_stack_lvl+0x1e3/0x2cb [ 184.286409][ T7225] ? nf_tcp_handle_invalid+0x642/0x642 [ 184.291884][ T7225] ? panic+0x764/0x764 [ 184.295971][ T7225] validate_chain+0x4711/0x5950 [ 184.300832][ T7225] ? mark_lock+0x9a/0x340 [ 184.305174][ T7225] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 184.305790][ T7229] loop2: detected capacity change from 0 to 2048 [ 184.311153][ T7225] ? reacquire_held_locks+0x660/0x660 [ 184.311182][ T7225] ? do_raw_spin_unlock+0x137/0x8a0 [ 184.311199][ T7225] ? lockdep_hardirqs_on+0x94/0x130 [ 184.311217][ T7225] ? reacquire_held_locks+0x660/0x660 [ 184.311239][ T7225] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 184.311260][ T7225] ? stack_trace_save+0x113/0x1c0 [ 184.311283][ T7225] ? stack_trace_snprint+0xe0/0xe0 [ 184.311304][ T7225] ? reacquire_held_locks+0x660/0x660 [ 184.311327][ T7225] ? __stack_depot_save+0x3f5/0x470 [ 184.311347][ T7225] ? mark_lock+0x9a/0x340 [ 184.311371][ T7225] __lock_acquire+0x125b/0x1f80 [ 184.311400][ T7225] lock_acquire+0x1f8/0x5a0 [ 184.311422][ T7225] ? sch_direct_xmit+0x1c0/0x5e0 [ 184.311444][ T7225] ? read_lock_is_recursive+0x10/0x10 [ 184.311466][ T7225] ? validate_xmit_skb_list+0x130/0x130 [ 184.394634][ T7225] _raw_spin_lock+0x2a/0x40 [ 184.399132][ T7225] ? sch_direct_xmit+0x1c0/0x5e0 [ 184.404055][ T7225] sch_direct_xmit+0x1c0/0x5e0 [ 184.408806][ T7225] ? mrp_pdu_append_vecattr_event+0x1630/0x1630 [ 184.415032][ T7225] ? ieee80211_stop+0x480/0x480 [ 184.419869][ T7225] __dev_queue_xmit+0x1ace/0x3cf0 [ 184.424882][ T7225] ? __dev_queue_xmit+0x2d6/0x3cf0 [ 184.429974][ T7225] ? netdev_core_pick_tx+0x320/0x320 [ 184.435242][ T7225] ? neigh_event_send+0x120/0x120 [ 184.440247][ T7225] ? neigh_resolve_output+0x2de/0x730 [ 184.445604][ T7225] ? _local_bh_enable+0xa0/0xa0 [ 184.450441][ T7225] ? eth_header+0x118/0x1e0 [ 184.454925][ T7225] ? memcpy+0x3c/0x60 [ 184.458890][ T7225] ? eth_header+0x118/0x1e0 [ 184.463376][ T7225] ? llc_sysctl_exit+0x60/0x60 [ 184.468120][ T7225] ? neigh_resolve_output+0x610/0x730 [ 184.473481][ T7225] ip6_finish_output2+0xee1/0x1530 [ 184.478581][ T7225] ? __lock_acquire+0x1f80/0x1f80 [ 184.483590][ T7225] ? ip6_finish_output2+0x698/0x1530 [ 184.488858][ T7225] ? nf_hook+0x450/0x450 [ 184.493087][ T7225] ? ip6_mtu+0x7d/0x3e0 [ 184.497246][ T7225] ip6_finish_output+0x6a0/0xa80 [ 184.502188][ T7225] ndisc_send_skb+0xbab/0x14e0 [ 184.506942][ T7225] ? ndisc_send_skb+0x5a8/0x14e0 [ 184.511866][ T7225] ? ndisc_mc_map+0x7d0/0x7d0 [ 184.516531][ T7225] ? skb_dst+0xd0/0xd0 [ 184.520591][ T7225] ? memcpy+0x3c/0x60 [ 184.524562][ T7225] ? ndisc_alloc_skb+0x2c0/0x2c0 [ 184.529495][ T7225] ? ipv6_get_lladdr+0x356/0x3c0 [ 184.534430][ T7225] ? ipv6_get_lladdr+0x28/0x3c0 [ 184.539271][ T7225] ndisc_solicit+0x48a/0x690 [ 184.543850][ T7225] ? __neigh_event_send+0xee1/0x1610 [ 184.549119][ T7225] ? ndisc_cleanup+0x30/0x30 [ 184.553697][ T7225] ? ndisc_cleanup+0x30/0x30 [ 184.558273][ T7225] __neigh_event_send+0xf30/0x1610 [ 184.563377][ T7225] neigh_resolve_output+0x1b4/0x730 [ 184.568567][ T7225] ip6_finish_output2+0xee1/0x1530 [ 184.573670][ T7225] ? __lock_acquire+0x1f80/0x1f80 [ 184.578683][ T7225] ? ip6_finish_output2+0x698/0x1530 [ 184.583954][ T7225] ? nf_hook+0x450/0x450 [ 184.588184][ T7225] ? ip6_mtu+0x7d/0x3e0 [ 184.592328][ T7225] ip6_finish_output+0x6a0/0xa80 [ 184.597255][ T7225] ip6_send_skb+0x12b/0x240 [ 184.601744][ T7225] ? icmp6_send+0xb70/0x2160 [ 184.606319][ T7225] icmp6_send+0x166f/0x2160 [ 184.610808][ T7225] ? icmp6_send+0xb70/0x2160 [ 184.615385][ T7225] ? icmpv6_push_pending_frames+0x4a0/0x4a0 [ 184.621266][ T7225] ? ip6_neigh_lookup+0x138/0x580 [ 184.626290][ T7225] ? __lock_acquire+0x1f80/0x1f80 [ 184.631318][ T7225] ? ip6_neigh_lookup+0x447/0x580 [ 184.636332][ T7225] ? rt6_uncached_list_del+0x180/0x180 [ 184.641775][ T7225] ip6_link_failure+0x38/0x4e0 [ 184.646531][ T7225] ? ip6_negative_advice+0x3f0/0x3f0 [ 184.651804][ T7225] ip_tunnel_xmit+0x1905/0x2cc0 [ 184.656640][ T7225] ? __lock_acquire+0x125b/0x1f80 [ 184.661656][ T7225] ? reacquire_held_locks+0x660/0x660 [ 184.667019][ T7225] ? reacquire_held_locks+0x660/0x660 [ 184.672382][ T7225] ? mark_lock+0x9a/0x340 [ 184.676703][ T7225] ? tnl_update_pmtu+0x10b0/0x10b0 [ 184.681801][ T7225] ? __lock_acquire+0x125b/0x1f80 [ 184.686817][ T7225] ? gre_build_header+0x25b/0x9a0 [ 184.691835][ T7225] erspan_xmit+0xaf4/0x1590 [ 184.696325][ T7225] ? read_lock_is_recursive+0x10/0x10 [ 184.701688][ T7225] dev_hard_start_xmit+0x261/0x8c0 [ 184.706786][ T7225] sch_direct_xmit+0x2b2/0x5e0 [ 184.711538][ T7225] ? mrp_pdu_append_vecattr_event+0x1630/0x1630 [ 184.717768][ T7225] __dev_queue_xmit+0x1ace/0x3cf0 [ 184.722779][ T7225] ? __dev_queue_xmit+0x2d6/0x3cf0 [ 184.727873][ T7225] ? netdev_core_pick_tx+0x320/0x320 [ 184.733140][ T7225] ? neigh_event_send+0x120/0x120 [ 184.738145][ T7225] ? neigh_resolve_output+0x2de/0x730 [ 184.743500][ T7225] ? _local_bh_enable+0xa0/0xa0 [ 184.748342][ T7225] ? eth_header+0x118/0x1e0 [ 184.752826][ T7225] ? memcpy+0x3c/0x60 [ 184.756792][ T7225] ? eth_header+0x118/0x1e0 [ 184.761279][ T7225] ? llc_sysctl_exit+0x60/0x60 [ 184.766024][ T7225] ? neigh_resolve_output+0x610/0x730 [ 184.771386][ T7225] ip6_finish_output2+0xee1/0x1530 [ 184.776488][ T7225] ? __lock_acquire+0x1f80/0x1f80 [ 184.781502][ T7225] ? ip6_finish_output2+0x698/0x1530 [ 184.786791][ T7225] ? nf_hook+0x450/0x450 [ 184.791028][ T7225] ? ip6_mtu+0x7d/0x3e0 [ 184.795171][ T7225] ip6_finish_output+0x6a0/0xa80 [ 184.800095][ T7225] ? rawv6_send_hdrinc+0xa8b/0x1850 [ 184.805310][ T7225] rawv6_send_hdrinc+0xd15/0x1850 [ 184.810407][ T7225] ? rawv6_probe_proto_opt+0x300/0x300 [ 184.815857][ T7225] ? ip6_dst_lookup_flow+0x13a/0x170 [ 184.821134][ T7225] ? rawv6_push_pending_frames+0xa00/0xa00 [ 184.826928][ T7225] ? ip6_dst_lookup_tail+0x1470/0x1470 [ 184.832376][ T7225] ? rawv6_sendmsg+0xe19/0x2150 [ 184.837217][ T7225] rawv6_sendmsg+0x1648/0x2150 [ 184.841976][ T7225] ? compat_rawv6_ioctl+0x60/0x60 [ 184.846990][ T7225] ? aa_sk_perm+0x92d/0xa60 [ 184.851480][ T7225] ? aa_af_perm+0x350/0x350 [ 184.855966][ T7225] ? sock_rps_record_flow+0x1a/0x3f0 [ 184.861243][ T7225] ? inet_sendmsg+0x81/0x310 [ 184.865826][ T7225] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 184.871097][ T7225] ? security_socket_sendmsg+0x7d/0xa0 [ 184.876540][ T7225] ? inet_send_prepare+0x250/0x250 [ 184.881646][ T7225] ____sys_sendmsg+0x5a5/0x8f0 [ 184.886401][ T7225] ? __sys_sendmsg_sock+0x30/0x30 [ 184.891416][ T7225] __sys_sendmmsg+0x3ab/0x730 [ 184.896080][ T7225] ? __ia32_sys_sendmsg+0x90/0x90 [ 184.901096][ T7225] ? futex_unqueue+0xc7/0xf0 [ 184.905673][ T7225] ? futex_wait_setup+0x340/0x340 [ 184.910682][ T7225] ? futex_wake+0x4ea/0x590 [ 184.915173][ T7225] ? do_futex+0x3b5/0x490 [ 184.919490][ T7225] ? print_irqtrace_events+0x210/0x210 [ 184.924937][ T7225] ? syscall_enter_from_user_mode+0x2e/0x230 [ 184.930903][ T7225] __x64_sys_sendmmsg+0x9c/0xb0 [ 184.935738][ T7225] do_syscall_64+0x3b/0xb0 [ 184.940139][ T7225] ? clear_bhb_loop+0x45/0xa0 [ 184.944800][ T7225] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 184.950687][ T7225] RIP: 0033:0x7f2907579ef9 [ 184.955087][ T7225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.974674][ T7225] RSP: 002b:00007f29082c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 184.983074][ T7225] RAX: ffffffffffffffda RBX: 00007f2907715f80 RCX: 00007f2907579ef9 [ 184.991030][ T7225] RDX: 0000000000000002 RSI: 0000000020001e80 RDI: 0000000000000003 [ 184.998982][ T7225] RBP: 00007f29075e793e R08: 0000000000000000 R09: 0000000000000000 [ 185.006936][ T7225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 185.014887][ T7225] R13: 0000000000000000 R14: 00007f2907715f80 R15: 00007ffde0627718 [ 185.022845][ T7225] [ 185.052070][ T7229] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 185.069196][ T7229] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 185.113965][ T7225] syz.3.1106 (7225) used greatest stack depth: 17848 bytes left [ 185.900421][ T3637] Bluetooth: hci3: command 0x0406 tx timeout [ 191.020582][ T3637] Bluetooth: hci0: command tx timeout