last executing test programs: 4.252214719s ago: executing program 2 (id=3233): syz_80211_inject_frame(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="d0187f0008021100000108041100000050505050505020000f"], 0x3c) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") writev(0xffffffffffffffff, &(0x7f0000001340)=[{&(0x7f0000000040)="ccd7a824903e0f439263c785e0bd25ac65e287057edb256f0d8bf04b994fbbbda023cd95d89db7471265814aab694153a729ab7947f62ac4528473485a036e7c4344a0b96f7cd898a509d6a1e00f70bcebd34f17dc985dc0e25a861d321c41b0810a8f8594996464857966aff9b136ce2ab0d13651b58f52c87cc14599a918b46381cbc1d307df16f111755820764782561515dac9874ab50b96d99a29f225075cba9b1c1e0db5422a17e78cdfb5f38f3b093b8e1b9cf87edee485df8fea590f3c4a5086ad272f0a57cd328c670ed6943e1ad776c2b826c418f859c970f4387877ff0174f2b0c15f51faf23a5a9a9f35709dc43b60b53eb9bd595b041992a466ad9b763037c4342cc312897c63fee49fd536921cac1db02832552ef50d000c0ddee4601cafa8525aa978e7f77711107a20b70ecaa75b0141eb8cad7660cd228f3839b4f71a51c20bffeb023c963f9efaaae53c440a647bea869119d1cf957df3343b3697028453c3eb0e937ef81bb42551b57a2600cfe17160ed5643cafbe4fcc49f6615897fef844b6a81b22154673079bea283ca3397213d52bb5f6422a885b7cb28212268ae3a04d14c378f2df243530c80ee3a829a517025cf42a83fda7f1ce5de1a3d8cc7e7acb703849972833374eea1233f4aae1a71ceb7a07e555d544f98a00bbc86174298e550356bd6d531f8a2d491739e7845fd027f8109ae41cdbadf6d2d8f81ce2f4912f5e21d79c13023b0086452080dfb1eefc3124f88b612a8e2a163408a1866c7f8cde294686b4ca54c0c4a47006021fcf10ca6a7d7673418f18a34e3ea263a82d7a0a38da89771f0acd45daf33b2b5595d9b8b18b5f36bd1520acd821aa70d4e4d16f98ff442e3d6bb40b57328f3614fdc592dceb4d855481e4a52c3b816f4d6e13701ad0c4e8b256f19ad0cb4444108bfb3dbb68fd0aa741a7712ffa2cb3d2a14f49c6ed5df945806e204ba802991958aef7f53d1dd734de39214889fe620cad7d5c9f4df0d052fee1c2fcfccde8f636efc9d2db126e7b540b0742b1f619f2ce726d817c5d8b46a65726a93073c23d872807a2791de31ec93bff39f28e1a25de48e5f37fc3e7dd7f66d89ca8700ad13cef284cd7689fd7a7336b58b811265c8507b2a21261df52d7f58641c664e315e20c23ed7cde1e24ca6c1fefb0860b21cee2b6740470dd7d1dd2deae921a4e494dddcb936310f450d67dd0b21e36075c8e2daff8afc54c9a2646eb7ea3242da637c4324f99b0220c736d7ef5ec5829dd936d3d13ede2ff90d57e9f2aec5fa0280845897cecf9c87c5da6734ffcebf432d0afc4a1b55897a90b05e82777b8c52cf43e6c331ecc913cf8f9ee4880e43159f2909e89b08f62f28c70992e46a10470d201a9fc4d8dcd1a59604a6aebe502afae5211ef195e19fa558c47aa7c3409ff2e8468bfbbf4a8f7f928794d3414140f525aa10a819d4313e6c82f9753a7952c82d26379e117c5a62b510aa15916eac6517528bf750aafeec1c977600399c84347ff1fa807e7a6d8dce8a15eb33a8e717af552e14acffda852138359d734e5db59b7034158214c7b73f0bbc6bb851edf68ac0f933f76232f615cb2f132fdf7e658bf52a87410efdac43c7af42039909d3305fd88d64e8a76dd4811ef0bee77f8ee6dd7aa9a51348ea978bccdcd5007cda2128e64066418c3499371667b18319a1c89614ff0ec05acd9b7de19c1e89daa0e63d75b873cf9fce1045110d7c6f93f1f956d89c735e3f4e731acd4afa5ee7294522c8ac13640241be43105af20058eaadc1d8adc14055ba1c6ac31c73016ab3e685b561da53a39562964114fcd2d7cbe4a5fee2858d2114d0800a985b5a44299df61b17ab17ac497fe5df77f420d21b62b4803d1d385f3f9d90c39561d9c86b5a5809bf5833e4d200381e1c28578159982a7cc0f3deeb6e4414d75e7f15ac4143faa73154ffecbd25c9d5446b6664bbe90f8d70bdf5dda62dcb56b02694a7cee0b61650a5363c7c05a8e3159135f82a966f37a66f47354e2ed27c275070036dba4e1dc1b67de526188175ee80b99459b6db5e184fab4ff311a559fac7274bfb7cc7211154d862be3c526813dff9ec57e30a3711ba9497d5a6ffa3d7901949cac4ca95b6cc6c6b973765c99345fddf6c81ddf097489b29dca8f242df1a362d63e6f7dc2d363cd006189fe13fa9c5d0ae9aaab6a12aed233333471e4f58127201d5cc4006d9b5b5e91d636574a9a36865443dbaf3f37dbc424d25939ec81e1ab73c80a6161fbdddb703173786d600ccb0b2e653c80ae7b3765a950b5f5e694ca604a9d29694241c57f13e8911d8d1ddd9687b98b9adaf62a1cdd0df66b318cc7b0e7506de1abce1f93da3cb904dabc827c0db3695cb13c40a071b9317be784ca77fc584e3a549cd56866470ef76ad259edeef649fd67e342531d5ed2e3f6eb01e1ab00f567a82a164be40b988da458cd7f1a64f62205185a686eb956cace9cd1db7bc989cf961016b57c5f061be0fa830a73f733bca1457022204419e93c1d70094671d56d9d4cfc313bf59f46333d8f5fafbf7ebee91096c84f93b00c88366b6ec10622a71c9bc337845549bbfec036b57ad68b46518032904ebae5fd390ccae870ce9ce58f5be7a865e80869e2108c879142e68567577fa21c734aa8841b4b33567472d1cae7d150d9baa08323635304b028b5823b638edd8fbd6e56c1dfa7bcf839244d05af8e186ad47d38785342e308fb2231679fb7e8a01392c6a1517237fc99a8ec8afe6c4422537bb6e3fd2e5d1fc8577c290b8116b5dc2ef0522ef69998520b89ec23b5aee06195994a429992ea720cc4b5829ce2f15f1df1c81146d8d07f7f5995cce8a4f690026a1a513648cee6207e42faf2f3ed3ed41d2c17c637ec40029b9af3a708498f2c258281b8edcf3806d0128c7e0686cba211baf2f54bd1b0d4cc3515045beed0d1afab4db49c123211cbe099f63331b1de4b508b6c836ed643420d1b03a8ecd7ef35cb2fc4d8b78a4316981d1676dc83d9abdcc84efc0554265a4277c90990306dd7058ef4e5dec09721b40e1b15c2ceb031aa5370afc8b09640dd9a056503d708088d5823eb88a7786c28d9c45061a4b10f2a23d70afd6a5d2e1f431ff96c187102c37c6c90ad392a5757b2640594d859625bae5d68ea4931a9bdee7a94ff56f9bc0e3fb57e5323fce670164092acd6dcc72601f380f34863a882d516772faa63e8be5a8d548c39cc2085d66d6a5e281bf9fee4c932910d20751b1853594aec364eff8605b52e264d7a7eed46c4571c632300847353eeb49faf0a38d862121f59466a78620fa0c7e2d9e49f8d6305459ba03c7d2920659c01b7ebf75f729237ddbf35e395e08a9282e4978d3d33fd06b11b434b291b5a9ce7d053945e526c6bca1ce95c27eebb84031f6ad930089d503cf61d60fdb5ec0177a3cd87359f7b0c7abef1e108fb8653f6e7d1003a442fe9d431054830a4aa158cf7b800822a386a1ea31fb6ab685dd3efb4758ee53c7cb6c1051e0eafc315101af53f39133db0355b8cd5aea31d91afcb7d0d4cbbfa526dadbb8ba5ecbda7876102860e2ebb772a1f552a68e4fc7c2579cb484acdb68ac271154a209289fe3526571ee22a8fbdd9ef0fe72d31e8fae87949709c3f193569dc886de62f9e0729b0399e348c2735ecb5ad65aa275dd5eb894521972bc9b130112157b141428f20117896dd34740317afa5f162b5e806861a44a2eefb3cb1664509d70c1b72309d3e1de84e8586b3193c33acfc28f843517d0a6cd1aad52e0e8d850fde97f9af804048246f352ed96effd833c20d1ff7fddd683dc3ba67514957db3a6e7477c1c9a603f2e4b9171c0f1faf60da20f82eed3c2514ce775ebe1215eb6b6eb2a0cc842e323c3e88856cea9dd69412f48e93ac31cef34a4ed60c706705d0464e7bce27e0a90702b1bfc16a663b03af9175551fe399dc5a6e905038293978f173e266d943891e584429df0bc54481b6b13fb3188c8e1982e7cf68174c3aae44862c223c823727eb312e602f25dac8235472b1f400204feed7290e12a3dbbf593b1a9639940c2a480e4b742528cf7be505dd7c5b40a75f043792ac1f119e8aba9556f526fb256d06484628e7a5348fecb139a87e07bcfb2f02dca3164c4cc8105017ace30087433533bcf47754f7fd71ee48b1826a34d7a1d23a64651f3c556cf262abf9b5b96f9d364caf2ef88dbed04eff0a54be3d913018b62ddd2a62ea89f58b9516cd8fb96320e3ca882eff37835d6e34cf93990b6c4725d5a9d0bb4781d8d0900b4fff4638e9b9e2772f68e6e941d4cfc50fc1b93156d1a995ab7b7344543b8ae2079b9a5e84970a7edb38e02469c1b6569dc9180384b0e0a000d3533189c65fce1dbbb72cb0a7f4c39411e9515227cbfda99f73e3e5839c1ddaa180a4d0fc0a22f6963e7e9a4e431d67ce34a455b7401004ec56e80e890df53a62e01e6ef40292a26f898993e57c9b2ef8bbcca3904f6e607bc19c1f7daff570132abf7ac86358b7a5f1775638b958c3a1f6ff6e25f32638321e6f0ef4fd1598aca94eb46d68d30b01021c25d552141b009f1b44f8f8c64e58a85ac9e7b2f438df99ca427f8c4872a67c16b6cbcf6a10c75f137248dd12112a6154484ee2480d3edddf8cfcfe7507c808309b1094d582147d4491c0de6d738db30", 0xcff}], 0x1) madvise(&(0x7f0000000000/0x8000)=nil, 0x8000, 0x15) 3.797778628s ago: executing program 3 (id=3235): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c40)=@newqdisc={0x6c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x40, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0x1f77}, @TCA_TBF_PRATE64={0xc, 0x5, 0x14ec469775bc0058}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x80000000}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x3}, 0xffffffff, 0x4}}]}}]}, 0x6c}}, 0x0) 3.626352463s ago: executing program 0 (id=3237): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x508, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @filter_kind_options=@f_fw={{0x7}, {0x4cc, 0x2, [@TCA_FW_CLASSID={0x8}, @TCA_FW_INDEV={0x14, 0x3, 'batadv_slave_1\x00'}, @TCA_FW_INDEV={0x14, 0x3, 'veth0_to_bond\x00'}, @TCA_FW_ACT={0x2fc, 0x4, [@m_vlan={0x9c, 0x0, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6}]}, {0x65, 0x6, "f370dfc26bda3e8bd45216da1aa3964ed3b60b4334447ba4ec948d16c5ea9e784cb150ef66ab93528c18790962548e5c98822116cbfdcf7c3a8c7c2ee29dd2ff997bf0d0f836545bbd9b9302deb518f69dfe39552cca68ac02e9c6dbf11370b01a"}, {0xc}, {0xc}}}, @m_ctinfo={0xec, 0x0, 0x0, 0x0, {{0xb}, {0x6c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18}, @TCA_CTINFO_ACT={0x18}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8}, @TCA_CTINFO_ACT={0x18}, @TCA_CTINFO_ZONE={0x6}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8}]}, {0x55, 0x6, "8c4274210bf4344eee0ade94d895eb3f5fdc4ec866ec0d5005a60331686a8486fa8e91c85c847181e823fee4afb8a60979707828e026c45a9f6bd9f7ee27bef80232e58cb39f657808a8baeadea90445f2"}, {0xc}, {0xc}}}, @m_skbedit={0xc0, 0x0, 0x0, 0x0, {{0xc}, {0x14, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6}, @TCA_SKBEDIT_MARK={0x8}]}, {0x81, 0x6, "c7edfeac621139196345a6f8a58e296e7b575b7c0378eaffc10c3da07f6334206643a2e68c91a8b4902ecb43b8a7f223c44b62e3db93dda61a92e5954dc28e03fbca5aa97221e43a236c3a9ceec773a2788904f1555a0ad9445498987e4e4c2eec07efb6469fd17acc2abe301331b06a3bd50774f35a7dc2597ab865c0"}, {0xc}, {0xc}}}, @m_skbmod={0xb0, 0x0, 0x0, 0x0, {{0xb}, {0x4}, {0x81, 0x6, "be55bff691533e94de09ed9bad82256009362c9d3574a6b99e33706b0f0231574705a47990aef3802fbf834b6a38694135ceea751b58dbb126083b120c1a2fdc50bdb043e9620b3ed622634d55d1ebdf64b587e4e5ce2f87cd842a014f2429c40521b161d39ecd7569abacb93592b30a623b5a2d1bb484573e87ba3247"}, {0xc}, {0xc}}}]}, @TCA_FW_CLASSID={0x8}, @TCA_FW_POLICE={0x18, 0x2, [@TCA_POLICE_AVRATE={0x8}, @TCA_POLICE_RATE64={0xc}]}, @TCA_FW_CLASSID={0x8}, @TCA_FW_INDEV={0x14, 0x3, 'pimreg1\x00'}, @TCA_FW_ACT={0x160, 0x4, [@m_simple={0x15c, 0x0, 0x0, 0x0, {{0xb}, {0x84, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18}, @TCA_DEF_PARMS={0x18}, @TCA_DEF_DATA={0x7, 0x3, '9p\x00'}, @TCA_DEF_PARMS={0x18}, @TCA_DEF_PARMS={0x18}, @TCA_DEF_PARMS={0x18}]}, {0xad, 0x6, "4609dc63a7e2c1e8d8f3947bfe64049bafc10942cf56376c73961c5ee06f3a38e48c1a286e545dd4a521f2869b54fbcf1c7958eb636e54a910cbe3d0b34b67c9400d92c4bd68f2a5e196d558cfa1c8440806e82a3b539579ffad8fa8a57d9e0f03a55d685ca9804d9ab3e8fc9ec628c9215f2dd203c0df39c16e305c6a3779e502b765346f18214d779c47efff0383ed043d1ab0f727724ceef38cec021286c237c74581b6534e7063"}, {0xc}, {0xc}}}]}]}}]}, 0x508}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x7e}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xb00}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 3.190443524s ago: executing program 3 (id=3238): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000380)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) setsockopt$sock_int(r0, 0x1, 0x22, &(0x7f0000000200)=0xffffffff, 0x4) recvmmsg(r0, &(0x7f0000000600), 0x204083acb88ff8b, 0x0, 0x0) 2.95888728s ago: executing program 0 (id=3239): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000440)={&(0x7f0000000400)=[0x0, 0x0], 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.859302075s ago: executing program 1 (id=3240): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e40), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002340)={0x34, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x99e}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x34}}, 0x0) 2.714195233s ago: executing program 4 (id=3241): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xb, 0x21, &(0x7f0000000480)=@framed={{}, [@map_fd={0x18, 0x8}, @map_val={0x18, 0xa, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, @tail_call, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3}, @cb_func, @alu={0x0, 0x0, 0x0, 0x0, 0x1, 0xc}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x7}, @jmp={0x5, 0x0, 0xa, 0x0, 0x7}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x4b) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8946, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'}) 2.713941312s ago: executing program 1 (id=3242): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x5, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000240)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f00000003c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @loopback}}}, 0x108) 2.530401893s ago: executing program 1 (id=3243): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xd}}, [@TCA_RATE={0x6, 0x5, {0x40, 0x6}}]}, 0x2c}}, 0x0) 2.489566768s ago: executing program 2 (id=3244): r0 = io_uring_setup(0x3dd3, &(0x7f0000001100)={0x0, 0x0, 0x40}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) io_uring_register$IORING_REGISTER_IOWQ_AFF(r0, 0x11, &(0x7f0000000600)="bf4b", 0x2) 2.297795234s ago: executing program 0 (id=3245): syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x1000000, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x2, 0x58a, &(0x7f0000000740)="$eJzs3c1rXWkZAPDnPc1NbzrtzJ22ttaOckHBMmJJ006qpjjWyQSE4oRp04UrY5N2wtwkJclIOgzahejG/8HVbBRkQN0ILnTrQnciA67ErVEGBhRHOSfnfiUZk5mbm4/m94PknnvOcz7eAwk872cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFff/nm8JW0308BAAAA9NM3b786PCL/BwAAgCfaHe3/AAAAAAAAAHDYpcjih5Fi9dRaOll8X1e9NbfwxurU+MTWpw2l4sxjRXz+U70ycvXaC6PXv9T8/P/n77YL8crtOzfrLy3OP1yaXV6enalPLczdW5yZ3fEVej1/o+eLF1Cff/2Nmfv3l+sjl692HV6t/e34U+dqY19++eytZuzU+MTE7Y6YgcrHvvsmengAAAAcbYORxbVIcefiz9OpiMii91x4m7qDfhuKWp5/F4WYGp8oCtKYm15YyQ9ONhPhWndOPNjMkfcgF+9JLeJ0/qyDMnoAAAB2rhJZfCZSXPhgLT0dEceaefAXiokBt79AbQ8ecgsDEXEmIi7FIcjZAQAAYJ8djyxejRS/adTimTKvLvL/r0WM7ffDAQAAALtiILK4HineG1tLtaI/QEQ8PzU+Ub91t/6NhfuLHbGTqWxRP+zjA/aSvgkAAAAcANXI4lTR4r+Wnv2QmIE9fiYAAABgdw1FFv+KFJ9/8bvFvHJRzEv/zNhXTt6Y6Jxh7vw218ljL0fExR2Oya+Ucw1OpsmUsk1Xe7wrhQMAAAAK1ZTFXyPF+3+uFt8vlbl50ugPAAAAT46UxQ8ixVcn11LasC79sY71/VsO+9j//j7/UPWlxYePluYevLay5fET1ZvfWV5Zmr639eH1tQu7ukNst44hAAAA7EAlZfHPSPH7xjutvLNcA6DsAdBONN++0c5Nq2nD0aLe4Omi3qA1huCpkZHO7S1T1o8wP16tvO+x3osNAAAAR0pKWQxGis/97pPl2v8nYlMbdBn3h0hxY/G5Mi4bzOOawwRqxe/q/bnG7HAeOx4pftloxkYRe7yMPdOOvZLH/ja/7nR3bLWMPduOHcljP4gUry1tHfuJduzVPHYpUvzsJ/Vm7Ik89mQZe64de/neYmOmby8YAAAADoBKyuJXkeLH/663hvx3t/+3W9vffqvd3r9pgr4PafPvtf2/1rHvcVkPcbysrxjYpr7ilUhx4dnnmuUp6gqa3QrW1zpo11f8I1Isfas7drCMPd2OvbLjFwsAAAAHSLP//x/v/rrV5b7MgcuvW+f/n9o4P2Cf8v/ONQnzey4/evP16UZjdmk/Nyof8azvR0TXnnQQSmHjv6WD8jx7ulH+UT0+KM/T60Zv/wcBAOAoyPP/u5Fi9b13W+3dZf5fdpVv5//vf6+d/49tvFCf8v/THfvGyvkGKgMR1ZX5h5XzEdXlR29+cW5++sHsg9mFq6MvjA6Pjl6/NlIZbDbut7d6flcAAABwWOX5/3Ck+PuPftoan7+T9v8TGy/Up/z/TMe+/J7tRr98z196LT4AAAAcCXn+/4tI8aeL77Tm0evO/zvm/3+rPc7+0mfXewu0agf6lP+f7dhXK+4bMbRLZQcAAAAAAAAAAAAAAAAAAICDopKy+E+keLc6kMoJ/3c0/9/Mxgv1afz/uY59M7E36//1/FIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkMoii7lI8enza+nFfMe3I052fgIAAACH3v8CAAD//16XHzs=") r0 = openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0x1c5002, 0x0) ftruncate(r0, 0x5d801) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000400)={0x28}, 0x28) 2.192590982s ago: executing program 4 (id=3246): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB='6'], 0x20) 2.175267273s ago: executing program 1 (id=3247): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = timerfd_create(0x8, 0x0) capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000140)) timerfd_settime(r0, 0x0, &(0x7f0000000180)={{}, {0x77359400}}, 0x0) 2.066203061s ago: executing program 3 (id=3248): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r0) sendmsg$IEEE802154_LLSEC_DEL_KEY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000002800000005002e00000000000a0001007770616e3000000005002b0004"], 0x30}}, 0x0) 1.934398898s ago: executing program 3 (id=3249): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x65) connect$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xb}, 0x20) syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe80000b0000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0) 1.808803546s ago: executing program 2 (id=3250): r0 = socket$nl_generic(0x10, 0x3, 0x10) fstat(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000400)='./file1\x00', 0x100080d, &(0x7f0000000480)=ANY=[@ANYRES32=r2, @ANYRES16, @ANYBLOB="9cf45332f216e72f1916be622afc444f62ea0b68c42a77b352fe0afddfb1cc8ff9c0f9e899ea9ae7c30f5a192b0b16000080dfa20a2768950b186e295805038569d0c9f57f41da86410da421701f524e99d5bea9716fa0990dd3611859be346c36edb30828401d5122a1bad83ae10d49e288b3950ae045ad2a04ddc191fcc6abf55e98491049b415163b7e3a99c0a4544190c2011be3a25a85ceab73485f64f25ad6d435b24f2f400d9bef712f399339d02bfd26bf20324b098b673189cd82a5cbf5c5a53fbda881d47d43e25919884a8cd525436c46d28d7c4173aabcc00da4ac21514eb67e0eb9849548fe217ab6bb03ac5d203f8427c8402b016b5b9e83d16cb759a42b6a7f7115433776b3eb8091edf8030f522ae488d96280e59d5b0ddc36f441dfff7700000000000000000000000000000000000000000000000000000000000000000000002c14da6155698f83a9e5d32830f3dc68cfff8cf5b7e936b51590ec6fc503b6ca46a5aa1b35163c0081ae2491391194d483d35de250e75d7d6ae7901b6c9663ddcbecd4bc17a043808b280000000000000000000000000000c8f455465cbebc162473fbee10d24b1e5aded77bc959e4d72cb67a00491fd4696da9de540e0d9ecefa00648305f1ea375309bb41460389068a12930587eef76c7e0359b64a2153d2c1e1a07b0125808f1805beb49929003354aab5fe9f966009e4f90fc66cc885c9406c532a40ec0b76a3757cf11d9e907a44cbc32dbb10", @ANYRESDEC, @ANYRESOCT, @ANYRESOCT, @ANYRES8=r1, @ANYRES32], 0xff, 0x1f7, &(0x7f0000000200)="$eJzsmb9rFEEUx78zu7mNQQQbCxsLA0Y0++tU0qSIIFaCEEUtD7MJp5ucXFZIAkIOGxtLEcHWf8DC4mo7O1stVBAsvFKwEEbmh7vjnnuucHIHeR+4ue+8ffvezNzdt7gFQRAHlk8fv314fHHp2lkAhzEPz8S/OEUOt/LfP7t/5snypecv3714vXXkQb9cbxaAEPX7M2AfKw6yiuvzcnj6e+w6OE4bfQMMvpY/hEJPEjDcMjl3LN05ZESa+Lc76dp6O01COURyiOXQtHu5AAY9hrV8b0Iw6/r27t7dVpom3bKYEb/6DF36VzHq/NT6VjiWzVyuT35eNx897Mm5ORuE4PosAUTgiIxugmHV6CV48H2/OBJr/8fdor5TZ/+TEuy7/hrIyNHFsbdwMOkNTqsQ3lQso4Zg5Yj8QeeRY4P+m+G7Pv/H9XjjqcNQ4TjKuADkkcsm5+1cml6p3QL7ukwRaaAcsUThT8wFTln+5MLN/SPINu8F27t7i+3N1kaykWzFcfNCeC4Mz8fBettDGCg7GuF/s8qf5qz6MxW5DdbATivLutEOkHWjfB7r0XLc1Vedr+oervyPY+GkriEPWW3b+3MPZl5cvUu14FQuniAIgiAIgiAIgiAIgiAI4q/Yf0aeAIN+BKIeVIkK4qsq+2cAAAD///fNZhA=") mount$overlay(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x200020, 0x0) 1.634264468s ago: executing program 4 (id=3251): recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x5, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, &(0x7f0000000380), 0x20000000}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r0, &(0x7f0000000000), 0x0}, 0x20) 1.634065187s ago: executing program 1 (id=3252): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb01e218000000000000001c"], 0x0, 0x36, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00\a'], 0xd) 1.503496612s ago: executing program 0 (id=3253): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) lsetxattr$security_capability(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, 0x0, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000100)) llistxattr(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)=""/40, 0x28) 1.480456709s ago: executing program 3 (id=3254): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784004000340000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 1.294091784s ago: executing program 1 (id=3255): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d90000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x87, 0x88, 0x5e, 0x10, 0x7ab, 0xfc01, 0x8d90, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8, 0x2b, 0xcb}}]}}]}}, 0x0) 1.0797414s ago: executing program 2 (id=3256): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000140)="7f", 0x1}, {&(0x7f0000000200)="156d5651d6a8f6af2bfcd073d5bded2ccd0c15ef46407b7e475b6f2aca143bf2bb17d55a", 0x24}], 0x2}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000001400)="f8", 0x1}, {&(0x7f0000001500)="c04ada3eaf154cf27e57a914bb40b2151c2ec39a5f8ef29f75a444d805de632f4a1e74979f91e0a0cd37bd6a0a2a3d661a5864109fa6716bd85f698cbd07c3b7430377eeb3ed3342d174769ee92c13fd11f3675e45ca775fc68ec599db1eea91b934c6dff9588ce4cfae8326414ca0eb91544876052b886122ac11d0ee8f39dfeb790cc7e9fbda4949a9fdc039695109e7ccf996e8090c0f2288ebd203cb3af48c91ee62d1d3cd3d793c496d6ef00da6a8244e48d76db6c761cdbf", 0xbb}], 0x2}}], 0x2, 0x0) 909.745722ms ago: executing program 0 (id=3257): syz_mount_image$hfsplus(&(0x7f0000007340), &(0x7f0000000000)='./file1\x00', 0x1600008, &(0x7f0000000100)=ANY=[@ANYRES16=0x0], 0x3, 0x632, &(0x7f0000001840)="$eJzs3UtsG2kdAPD/OI4TB9TN7qa7Ba1EtJUWRESbh7IQLpSHUA4rtFoOnKPWbay6aZW4KK0QCi9x4MKh4lwOuXFC6j1SOcMF9ZpjJVAvPaDcjGY8dpy386qd7e8Xjb/v8zfzzX/+9jzsyJoA3lrzE1HciCTmJz5bTdub6zO1zfWZoby7FhFpvRBRbBaRLEUkz5vdN9KHr6VP5vMnB63nSXXuixevN182W8XWwkkprQ0fvNxRmguu5VOMR8RAXu412O2oO8a7eeB4+/nvn/YPshlous1XW4mDXmvssXacxU+83wL9I2meN/cYjRjJztDN64DIjw6FNxvd2TvWUQ4AAAAuqHe2Ymut0Wj0Og4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4SPL7/yf5VGjVxyNp3f+/1DF7qYehnomNXgcAAAAAAAAAACfSGOhsfWMrtmI1LrV7k+x//h9njbHs8SvxMFaiEstxLVZjIepRj+WYiojRjoFKqwv1+vJUF0tO77vk9LluNAAAAAAAAAB82f025rf//w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP0giRhoFtk01qqPRqEYEcMRUUrnW4v4V6t+kW30OgAAAAB4A97Ziq1YjUutdiPJPvN/kH3uH46HsRT1qEY9alGJW9l3Ac1P/YXN9Zna5vrMvXTaO+5f/tfIdBlGNmI0v3vYf81XsjnKcTuq2TPX4mbcj1q5c5QrrXj2j+s3r9Kxf5DrMrJbeZlu+Z/zsj+MZhkZbGdkMo8tzeO7h2fih69OtaapKLS/+Rk7h5yP5GWyq+y93ZmYjkKW79QHh2ci4pvP/vaLxdrS3cXbKxP9s0kn1MxEo9HMxFDWamXiw7cqE5PZtl9ut+fjp/HzmIjx+DyWoxq/jIWoRyXG4ydZbSF/P6ePo7syVdg59I0drc+PiqSUvy7No+jxYvo4W/ZSVONncT9uRSU+zf6mYyq+G7MxG3Mdr/DlLvb6wvH2+qvfyivpIf2Pedkf0ry+25HXzmPuaNbX+cx2lt47+2Nj8et5JV3H7yLix2e4naezOxPpWeLZV5t97x+eib9m1wkrtaW7y4sLD7pc3yd5me5Hf+irs0T6fnkvfbGy1s53R9r3/r59U1nfWLuvsKfvcrvvqD21lF/D7R1pOuv7cN++mazvSkffnuut9vUQAH1s5NsjpfJ/yv8sPy3/vrxY/mz4R0PfG/qoFIP/GPx+cXLgk8JHyd/jafx6+/M/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwciuPHt9dqNUqy0dWkuzm/xFdzdxRad3O6fCZk/xGPscZWaVWqwxHX4RxrErt3xEdzyS9jqcfKkP99ubv7XEJOH/X6/ceXF959Pg71XsLdyp3KkuDs7Nzk3Ozn85cv12tDUT6WJnsdZTAedg+6fc6EgAAAAAAAAAAAKBbh/8MYDCf63Q/J+jxJgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX3PxEFDciianJa5Npe3N9ppZOrfr2nMWIKERE8quI5HnEjWhOMdoxXHLQep5U57548Xrz5fZYxdb8hcOW685aPsV4RAzk5VmNd/PU4yXtLUwTdrV0uuDgzPw/AAD//4oVCL4=") creat(&(0x7f0000000100)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) 905.026776ms ago: executing program 4 (id=3258): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_emit_ethernet(0x36, &(0x7f0000000540)={@multicast, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0xfffe, 0x0, 0x11, 0x0, @rand_addr, @broadcast}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 586.211448ms ago: executing program 4 (id=3259): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='gretap0\x00', 0x10) r1 = dup(r0) sendmmsg$inet6(r1, &(0x7f0000003180)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000600)="1f", 0x1}], 0x1}}], 0x1, 0x0) 571.337514ms ago: executing program 2 (id=3260): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_ORPHAN_MASK={0x8, 0xa, 0x9}, @TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0x1}]}}]}, 0x40}}, 0x4) 263.323911ms ago: executing program 4 (id=3261): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x22840, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000140)=0x9) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100)=0x4) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r0, 0x2000) 94.60874ms ago: executing program 0 (id=3262): socket$packet(0x11, 0x3, 0x300) r0 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x220}}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) 94.313939ms ago: executing program 3 (id=3263): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0x52, &(0x7f00000007c0)={@local, @random="89ab9b4c72ca", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x1c, 0x2c, 0x0, @remote, @local, {[@routing={0x0, 0x0, 0x0, 0x8}], {{0x0, 0x400, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa"], 0x0) 0s ago: executing program 2 (id=3264): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @remote}, 0x10) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000700)=0x15) kernel console output (not intermixed with test programs): nvalid maxpacket 50274, setting to 1024 [ 630.025151][ T4877] usb 1-1: config 0 interface 230 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 630.039146][ T4877] usb 1-1: New USB device found, idVendor=0c2e, idProduct=0720, bcdDevice=9b.f7 [ 630.049091][ T4877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.233282][ T4877] usb 1-1: config 0 descriptor?? [ 630.244868][T10351] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 630.287698][ T4877] metro_usb 1-1:0.230: Metrologic USB to Serial converter detected [ 630.336948][ T4877] usb 1-1: Metrologic USB to Serial converter now attached to ttyUSB0 [ 630.513793][ T4877] usb 1-1: USB disconnect, device number 12 [ 630.567402][ T4877] metro-usb ttyUSB0: Metrologic USB to Serial converter now disconnected from ttyUSB0 [ 630.583868][ T4877] metro_usb 1-1:0.230: device disconnected [ 630.590108][T10363] loop2: detected capacity change from 0 to 512 [ 630.718068][T10363] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 630.737285][T10363] ext4 filesystem being mounted at /446/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 631.266753][ T5191] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 631.278762][T10374] loop4: detected capacity change from 0 to 16 [ 631.319850][T10374] erofs: (device loop4): mounted with root inode @ nid 36. [ 631.353034][T10376] program syz.1.1915 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 631.472551][ T29] audit: type=1800 audit(2000000079.790:41): pid=10374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1913" name="file1" dev="loop4" ino=86 res=0 errno=0 [ 632.625301][T10402] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 633.047225][T10407] loop3: detected capacity change from 0 to 256 [ 634.140417][T10424] loop3: detected capacity change from 0 to 1024 [ 634.169734][T10426] loop0: detected capacity change from 0 to 2048 [ 634.248072][T10426] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 634.326335][T10431] loop4: detected capacity change from 0 to 1024 [ 634.389784][T10426] UDF-fs: error (device loop0): udf_fiiter_advance_blk: extent after position 232 not allocated in directory (ino 1376) [ 634.490505][ T3183] hfsplus: b-tree write err: -5, ino 4 [ 634.786199][T10439] loop0: detected capacity change from 0 to 256 [ 634.842649][ T3350] hfsplus: b-tree write err: -5, ino 4 [ 634.861553][T10437] loop3: detected capacity change from 0 to 512 [ 634.907602][T10437] EXT4-fs: Ignoring removed mblk_io_submit option [ 634.980593][T10439] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 635.020178][T10437] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 635.169148][T10437] EXT4-fs (loop3): 1 truncate cleaned up [ 635.177148][T10437] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 635.507962][T10449] loop2: detected capacity change from 0 to 512 [ 635.646405][T10449] EXT4-fs (loop2): mounted filesystem 00800000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 635.665032][T10449] ext4 filesystem being mounted at /454/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 635.693467][T10449] EXT4-fs error (device loop2): ext4_generic_delete_entry:2680: inode #2: block 3: comm syz.2.1948: bad entry in directory: rec_len is too small for name_len - offset=24, inode=11, rec_len=20, size=4096 fake=0 [ 635.730834][T10449] EXT4-fs error (device loop2) in ext4_delete_entry:2751: Corrupt filesystem [ 635.759074][T10449] EXT4-fs warning (device loop2): ext4_rename_delete:3733: inode #2: comm syz.2.1948: Deleting old file: nlink 4, error=-117 [ 635.779472][T10449] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 635.916441][ T5191] EXT4-fs (loop2): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 635.997462][ T9024] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 637.045119][T10483] loop4: detected capacity change from 0 to 512 [ 637.068532][T10483] EXT4-fs: Ignoring removed orlov option [ 637.101819][T10483] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 637.215131][T10483] EXT4-fs (loop4): 1 truncate cleaned up [ 637.225688][T10483] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 637.312659][T10489] loop0: detected capacity change from 0 to 1024 [ 637.323399][T10489] EXT4-fs: Ignoring removed orlov option [ 637.331962][T10489] EXT4-fs: Ignoring removed nomblk_io_submit option [ 637.419447][T10493] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1965'. [ 637.528627][T10489] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 637.542721][T10489] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869) [ 637.622020][T10489] EXT4-fs (loop0): invalid journal inode [ 637.628099][T10489] EXT4-fs (loop0): can't get journal size [ 637.662091][ T5188] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 637.706295][T10489] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 637.867192][T10499] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1970'. [ 637.881888][T10499] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1970'. [ 638.333860][ T7120] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 638.606738][T10516] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0. [ 638.759559][T10520] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1977'. [ 639.094865][T10524] loop3: detected capacity change from 0 to 1024 [ 639.719629][T10524] hfsplus: xattr searching failed [ 639.833754][T10538] loop2: detected capacity change from 0 to 256 [ 640.016520][ T2553] hfsplus: bad catalog file entry [ 640.025089][ T2553] hfsplus: b-tree write err: -5, ino 3 [ 640.599449][T10554] team0: Device gre0 is of different type [ 641.101426][ T4877] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 641.291461][ T4877] usb 4-1: Using ep0 maxpacket: 16 [ 641.348040][ T4877] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 641.357789][ T4877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.367779][ T4877] usb 4-1: Product: syz [ 641.372773][ T4877] usb 4-1: Manufacturer: syz [ 641.377617][ T4877] usb 4-1: SerialNumber: syz [ 641.456174][ T4877] usb 4-1: config 0 descriptor?? [ 641.497954][T10578] sctp: [Deprecated]: syz.4.2002 (pid 10578) Use of struct sctp_assoc_value in delayed_ack socket option. [ 641.497954][T10578] Use struct sctp_sack_info instead [ 641.550446][ T4877] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 642.130750][ T4877] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71 [ 642.164745][ T4877] usb 4-1: USB disconnect, device number 9 [ 642.622526][T10592] loop4: detected capacity change from 0 to 512 [ 642.644483][T10592] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 642.685920][T10595] netlink: 'syz.1.2010': attribute type 1 has an invalid length. [ 642.714420][T10592] EXT4-fs (loop4): 1 truncate cleaned up [ 642.722320][T10592] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 642.818947][T10592] EXT4-fs error (device loop4): ext4_empty_dir:3128: inode #2: block 13: comm syz.4.2008: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 643.362296][ T5188] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 644.582079][T10634] netlink: 'syz.3.2027': attribute type 49 has an invalid length. [ 644.811112][T10637] netlink: 196 bytes leftover after parsing attributes in process `syz.2.2028'. [ 644.823065][T10637] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 645.080836][T10645] loop4: detected capacity change from 0 to 64 [ 645.101548][T10641] loop1: detected capacity change from 0 to 1024 [ 645.168569][T10636] loop0: detected capacity change from 0 to 2048 [ 645.249302][T10636] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 645.278503][T10641] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 645.417296][T10641] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #14: comm syz.1.2029: attempt to clear invalid blocks 1886221359 len 1 [ 645.456206][T10641] EXT4-fs (loop1): Remounting filesystem read-only [ 645.606199][T10653] loop2: detected capacity change from 0 to 512 [ 645.607979][ T5189] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 645.670498][T10653] EXT4-fs (loop2): filesystem is read-only [ 645.698692][T10653] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 645.801676][T10653] EXT4-fs (loop2): filesystem is read-only [ 645.807878][T10653] EXT4-fs (loop2): orphan cleanup on readonly fs [ 645.818642][T10653] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2034: bg 0: block 64: padding at end of block bitmap is not set [ 645.996574][T10653] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 646.080802][T10653] EXT4-fs (loop2): 1 orphan inode deleted [ 646.091397][T10653] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 646.630512][ T5191] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 646.738807][T10674] sit0: entered promiscuous mode [ 646.776015][T10674] netlink: 'syz.3.2044': attribute type 1 has an invalid length. [ 646.784140][T10674] netlink: 1 bytes leftover after parsing attributes in process `syz.3.2044'. [ 647.301477][ T4877] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 647.501582][ T4877] usb 3-1: Using ep0 maxpacket: 8 [ 647.535804][ T4877] usb 3-1: config 0 interface 0 has no altsetting 0 [ 647.594180][ T4877] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 647.604052][ T4877] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 647.613988][ T4877] usb 3-1: Product: syz [ 647.618410][ T4877] usb 3-1: Manufacturer: syz [ 647.626707][ T4877] usb 3-1: SerialNumber: syz [ 647.716205][ T4877] usb 3-1: config 0 descriptor?? [ 647.745770][ T4877] gspca_main: se401-2.14.0 probing 047d:5003 [ 647.784897][T10691] loop3: detected capacity change from 0 to 24 [ 648.110910][T10696] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2055'. [ 648.272320][ T5268] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 648.496990][ T5268] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 648.514467][ T5268] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 648.564434][ T5268] usb 5-1: config 0 descriptor?? [ 648.587989][ T5268] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 648.591346][ T4877] usb 3-1: reset high-speed USB device number 9 using dummy_hcd [ 649.030237][ T5268] cpia1 5-1:0.0: unexpected state after lo power cmd: 5d [ 649.180052][ T1243] ieee802154 phy0 wpan0: encryption failed: -22 [ 649.187415][ T1243] ieee802154 phy1 wpan1: encryption failed: -22 [ 649.258443][ T4877] gspca_se401: read req failed req 0x06 error -71 [ 649.265805][ T4877] se401 3-1:0.0: probe with driver se401 failed with error -71 [ 649.357320][ T4877] usb 3-1: USB disconnect, device number 9 [ 649.427049][ T5268] gspca_cpia1: usb_control_msg 02, error -71 [ 649.434608][ T5268] gspca_cpia1: usb_control_msg 05, error -71 [ 649.446381][ T5268] cpia1 5-1:0.0: unexpected systemstate: 5d [ 649.525309][ T5268] usb 5-1: USB disconnect, device number 12 [ 649.560780][T10701] loop0: detected capacity change from 0 to 4096 [ 649.584948][T10701] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 649.850387][T10701] ntfs3: loop0: Failed to initialize $Extend/$Reparse. [ 650.178447][ T7120] ntfs3: loop0: ino=1a, ntfs_sync_fs failed, -22. [ 650.833862][T10730] devtmpfs: Unknown parameter 'silent' [ 651.292106][T10740] loop0: detected capacity change from 0 to 1024 [ 651.900196][T10753] netlink: 'syz.0.2081': attribute type 64 has an invalid length. [ 652.850671][T10765] loop1: detected capacity change from 0 to 2048 [ 652.884533][T10767] loop0: detected capacity change from 0 to 256 [ 652.977497][T10765] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 653.252255][ T9210] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 653.480827][T10779] loop0: detected capacity change from 0 to 256 [ 653.590104][ T9210] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 653.607826][ T9210] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 653.616350][ T9210] usb 5-1: Product: syz [ 653.620769][ T9210] usb 5-1: Manufacturer: syz [ 653.628051][ T9210] usb 5-1: SerialNumber: syz [ 653.737183][T10783] program syz.3.2097 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 653.900433][ T9210] usb 5-1: config 0 descriptor?? [ 653.966111][ T9210] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 013 [ 654.345086][T10791] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2100'. [ 654.495401][T10772] loop4: detected capacity change from 0 to 64 [ 654.733506][T10796] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2103'. [ 654.836148][ T9210] i2c i2c-1: failure reading functionality [ 654.874695][ T9210] i2c i2c-1: connected i2c-tiny-usb device [ 654.922313][ T9210] usb 5-1: USB disconnect, device number 13 [ 657.493627][ T4877] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 657.731444][ T4877] usb 5-1: Using ep0 maxpacket: 32 [ 657.785249][ T4877] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 657.797029][ T4877] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 657.858364][T10824] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2115'. [ 657.915535][ T4877] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 657.925712][ T4877] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 657.934595][ T4877] usb 5-1: Product: syz [ 657.939002][ T4877] usb 5-1: Manufacturer: syz [ 658.120777][ T4877] hub 5-1:4.0: USB hub found [ 658.140322][T10808] loop3: detected capacity change from 0 to 32768 [ 658.459433][ T4877] hub 5-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 658.802165][ T5251] usb 5-1: USB disconnect, device number 14 [ 658.829458][T10833] loop2: detected capacity change from 0 to 1024 [ 659.054431][T10833] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 659.686779][ T5191] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 660.155970][T10855] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551615) [ 660.171775][T10855] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647 [ 661.865222][T10887] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 661.971620][T10889] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2143'. [ 662.311549][T10895] loop3: detected capacity change from 0 to 8 [ 662.422770][T10895] SQUASHFS error: lzo decompression failed, data probably corrupt [ 662.430923][T10895] SQUASHFS error: Failed to read block 0x28d: -5 [ 662.438420][T10895] SQUASHFS error: Unable to read metadata cache entry [28b] [ 662.453987][T10895] SQUASHFS error: Unable to read inode 0x11f [ 662.809464][ T4877] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 662.976951][ T4877] usb 5-1: Using ep0 maxpacket: 8 [ 662.998671][ T4877] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 663.011800][ T4877] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 663.098504][ T4877] usb 5-1: New USB device found, idVendor=0b05, idProduct=19b6, bcdDevice= 0.40 [ 663.108366][ T4877] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 663.117085][ T4877] usb 5-1: Product: syz [ 663.121702][ T4877] usb 5-1: Manufacturer: syz [ 663.126618][ T4877] usb 5-1: SerialNumber: syz [ 663.866360][ T4877] hid (null): report_id 2668810406 is invalid [ 663.883567][ T5251] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 663.912961][ T4877] asus 0003:0B05:19B6.001A: report_id 2668810406 is invalid [ 663.920558][ T4877] asus 0003:0B05:19B6.001A: item 0 4 1 8 parsing failed [ 663.941561][ T4877] asus 0003:0B05:19B6.001A: Asus hid parse failed: -22 [ 663.949276][ T4877] asus 0003:0B05:19B6.001A: probe with driver asus failed with error -22 [ 663.995236][T10924] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2158'. [ 664.086815][ T4877] usb 5-1: USB disconnect, device number 15 [ 664.124433][ T5251] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 664.133891][ T5251] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 664.143728][ T5251] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 664.153325][ T5251] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 664.328500][ T5251] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 664.531908][ T5251] gspca_sn9c2028: read1 error -32 [ 664.561856][ T5251] gspca_sn9c2028: read1 error -32 [ 664.786991][ T5251] usb 3-1: USB disconnect, device number 10 [ 666.079196][T10947] loop3: detected capacity change from 0 to 4096 [ 666.142188][T10958] IPVS: stopping backup sync thread 10960 ... [ 666.230594][T10947] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 667.962461][T10954] loop1: detected capacity change from 0 to 32768 [ 668.022992][T10969] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2179'. [ 668.813309][T10982] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2186'. [ 668.844150][T10983] usb usb8: usbfs: process 10983 (syz.3.2187) did not claim interface 0 before use [ 670.499083][T11014] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2199'. [ 671.336739][T11029] loop4: detected capacity change from 0 to 256 [ 671.389859][T11029] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009b275e, utbl_chksum : 0x7319d30d) [ 671.454639][T11033] loop0: detected capacity change from 0 to 512 [ 671.986780][T11044] loop1: detected capacity change from 0 to 1024 [ 672.031881][T11033] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 672.048489][T11033] ext4 filesystem being mounted at /297/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 672.100482][T11045] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2213'. [ 672.420779][ T7120] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 672.694201][T11054] loop2: detected capacity change from 0 to 2048 [ 672.770874][T11054] loop2: p3 < > p4 < > [ 672.775492][T11054] loop2: partition table partially beyond EOD, truncated [ 672.783339][T11054] loop2: p3 start 4284289 is beyond EOD, truncated [ 672.979466][T11066] loop0: detected capacity change from 0 to 256 [ 672.986339][T11023] Bluetooth: hci1: command 0x0406 tx timeout [ 673.090199][T11066] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 673.103721][T11066] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 673.343502][T11066] exFAT-fs (loop0): error, invalid size(size(24576) > aligned(512) [ 673.343502][T11066] [ 673.354123][T11066] exFAT-fs (loop0): Filesystem has been set read-only [ 673.711839][T11073] exFAT-fs (loop0): error, invalid size(size(24576) > aligned(512) [ 673.711839][T11073] [ 673.977886][T11079] netlink: 'syz.2.2222': attribute type 8 has an invalid length. [ 674.617666][T11096] netlink: 'syz.1.2235': attribute type 29 has an invalid length. [ 674.644043][T11096] netlink: 'syz.1.2235': attribute type 29 has an invalid length. [ 674.656514][T11096] netlink: 'syz.1.2235': attribute type 29 has an invalid length. [ 674.889776][ T9210] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 675.159768][T11107] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2239'. [ 675.169681][T11107] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2239'. [ 675.201775][ T9210] usb 5-1: Using ep0 maxpacket: 32 [ 675.279106][ T9210] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 675.291140][ T9210] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 675.310767][ T9210] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 675.324805][ T9210] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 675.335054][ T9210] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 675.433423][ T9210] usb 5-1: config 0 descriptor?? [ 675.460501][T11090] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 675.474520][ T9210] hub 5-1:0.0: USB hub found [ 675.745131][ T9210] hub 5-1:0.0: 2 ports detected [ 676.236326][ T9210] hub 5-1:0.0: hub_hub_status failed (err = -71) [ 676.246476][ T9210] hub 5-1:0.0: config failed, can't get hub status (err -71) [ 676.340413][ T9210] usbhid 5-1:0.0: can't add hid device: -71 [ 676.358775][ T9210] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 676.458124][ T9210] usb 5-1: USB disconnect, device number 16 [ 677.124794][T11137] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2251'. [ 677.134625][T11137] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2251'. [ 677.404393][T11141] loop4: detected capacity change from 0 to 1024 [ 677.487878][T11141] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 677.567381][T11139] loop0: detected capacity change from 0 to 2048 [ 677.623069][T11141] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 677.639296][T11141] EXT4-fs (loop4): too many log groups per flexible block group [ 677.648825][T11141] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 677.704538][T11144] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2255'. [ 677.727019][T11141] EXT4-fs (loop4): mount failed [ 677.807208][T11139] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 677.837092][T11139] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 677.847920][T11148] loop3: detected capacity change from 0 to 512 [ 677.850630][T11148] EXT4-fs: Ignoring removed mblk_io_submit option [ 678.028278][T11148] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.2256: corrupted in-inode xattr: invalid ea_ino [ 678.114387][T11148] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.2256: couldn't read orphan inode 15 (err -117) [ 678.159876][T11154] loop1: detected capacity change from 0 to 512 [ 678.163630][T11148] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 678.208061][T11154] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 678.315206][T11154] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.2259: invalid indirect mapped block 512 (level 0) [ 678.377170][T11154] EXT4-fs (loop1): Remounting filesystem read-only [ 678.459788][T11154] EXT4-fs (loop1): 1 orphan inode deleted [ 678.466314][T11154] EXT4-fs (loop1): 1 truncate cleaned up [ 678.473934][T11154] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 678.623015][T11162] netlink: 'syz.0.2262': attribute type 33 has an invalid length. [ 678.631379][T11162] netlink: 'syz.0.2262': attribute type 13 has an invalid length. [ 678.641495][T11162] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2262'. [ 678.762955][T11162] netlink: 'syz.0.2262': attribute type 33 has an invalid length. [ 678.775854][T11167] EXT4-fs: can't change dax mount option while remounting [ 678.881984][ T9024] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 679.353801][T11174] tipc: Started in network mode [ 679.362199][T11174] tipc: Node identity fe800000000000000000000000000012, cluster identity 4711 [ 679.374142][T11174] tipc: Enabled bearer , priority 10 [ 679.917019][ T5189] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 679.955838][ T5246] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 680.051344][ T2553] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.319335][ T2553] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.491740][ T5251] tipc: Node number set to 4269801490 [ 680.621339][T11187] mmap: syz.3.2274 (11187) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 680.787878][ T2553] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.911697][ T2553] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 681.196296][T11194] loop2: detected capacity change from 0 to 16 [ 681.239571][ T5246] usb 1-1: Using ep0 maxpacket: 16 [ 681.365648][T11194] erofs: (device loop2): mounted with root inode @ nid 36. [ 681.433793][T11023] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 681.457578][T11023] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 681.493337][T11023] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 681.530656][T11023] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 681.560872][ T5246] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 681.583545][ T5246] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 681.629505][T11023] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 681.706466][T11023] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 681.833715][ T5246] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 681.839813][ T2553] bridge_slave_1: left allmulticast mode [ 681.843075][ T5246] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 681.843212][ T5246] usb 1-1: Product: syz [ 681.843319][ T5246] usb 1-1: Manufacturer: syz [ 681.843425][ T5246] usb 1-1: SerialNumber: syz [ 681.849195][ T2553] bridge_slave_1: left promiscuous mode [ 681.882964][ T2553] bridge0: port 2(bridge_slave_1) entered disabled state [ 681.899480][ T2553] bridge_slave_0: left allmulticast mode [ 681.905692][ T2553] bridge_slave_0: left promiscuous mode [ 681.912429][ T2553] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.940307][ T5246] usb 1-1: config 0 descriptor?? [ 681.967198][ T5246] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 681.981685][ T5246] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 682.345544][T11206] loop2: detected capacity change from 0 to 512 [ 682.399097][T11206] EXT4-fs: Ignoring removed nobh option [ 682.462449][T11206] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 682.599784][T11206] EXT4-fs (loop2): 1 truncate cleaned up [ 682.609827][T11206] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 682.684325][ T5246] em28xx 1-1:0.0: chip ID is em2874 [ 682.769105][T11211] loop4: detected capacity change from 0 to 256 [ 682.824741][T11212] loop3: detected capacity change from 0 to 1024 [ 682.919927][ T2553] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 682.931518][T11212] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 682.948833][T11211] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010530, chksum : 0x90502ed2, utbl_chksum : 0xe619d30d) [ 682.964436][ T4877] usb 1-1: USB disconnect, device number 13 [ 682.965732][ T4877] em28xx 1-1:0.0: Disconnecting em28xx [ 682.988721][ T5191] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 683.005644][ T4877] em28xx 1-1:0.0: Freeing device [ 683.043212][ T2553] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 683.082934][ T2553] bond0 (unregistering): Released all slaves [ 683.128301][ T29] audit: type=1800 audit(2000000131.440:42): pid=11211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2285" name="file1" dev="loop4" ino=1048723 res=0 errno=0 [ 683.181294][ T29] audit: type=1804 audit(2000000131.490:43): pid=11211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2285" name="/newroot/492/file1/file1" dev="loop4" ino=1048723 res=1 errno=0 [ 683.460576][ T9024] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 683.528717][ T2553] tipc: Disabling bearer [ 683.534775][ T2553] tipc: Left network mode [ 683.953065][T11223] loop4: detected capacity change from 0 to 512 [ 684.050098][T11023] Bluetooth: hci2: command tx timeout [ 684.077821][T11223] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2289: corrupted in-inode xattr: invalid ea_ino [ 684.148778][T11227] loop3: detected capacity change from 0 to 1024 [ 684.170566][T11223] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.2289: couldn't read orphan inode 15 (err -117) [ 684.178302][T11231] loop0: detected capacity change from 0 to 128 [ 684.216173][T11223] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 684.284252][ T2553] hsr_slave_0: left promiscuous mode [ 684.299246][ T2553] hsr_slave_1: left promiscuous mode [ 684.318957][T11227] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 684.335469][ T2553] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 684.351642][ T2553] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 684.376961][T11223] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.2289: invalid indirect mapped block 234881024 (level 0) [ 684.415256][ T2553] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 684.423683][ T2553] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 684.447148][ T29] audit: type=1800 audit(2000000132.760:44): pid=11227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2287" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 684.476953][ T29] audit: type=1800 audit(2000000132.760:45): pid=11227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2287" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 684.577514][ T2553] veth1_macvtap: left promiscuous mode [ 684.586936][ T2553] veth0_macvtap: left promiscuous mode [ 684.593389][ T2553] veth1_vlan: left promiscuous mode [ 684.598995][ T2553] veth0_vlan: left promiscuous mode [ 684.672159][ T9024] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 684.949049][ T5188] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 685.590275][ T2553] team0 (unregistering): Port device team_slave_1 removed [ 685.631443][ T2553] team0 (unregistering): Port device team_slave_0 removed [ 686.168289][T11023] Bluetooth: hci2: command tx timeout [ 686.655432][T11248] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 686.662108][T11248] syzkaller0: linktype set to 65535 [ 686.704044][T11198] chnl_net:caif_netlink_parms(): no params data found [ 687.596649][T11198] bridge0: port 1(bridge_slave_0) entered blocking state [ 687.616111][T11198] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.624342][T11198] bridge_slave_0: entered allmulticast mode [ 687.638676][T11198] bridge_slave_0: entered promiscuous mode [ 687.657562][T11264] netlink: 'syz.0.2305': attribute type 5 has an invalid length. [ 687.730272][T11198] bridge0: port 2(bridge_slave_1) entered blocking state [ 687.746713][T11198] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.755854][T11198] bridge_slave_1: entered allmulticast mode [ 687.767560][T11198] bridge_slave_1: entered promiscuous mode [ 687.997970][T11198] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 688.051697][T11198] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 688.184101][T11023] Bluetooth: hci2: command tx timeout [ 688.364389][T11198] team0: Port device team_slave_0 added [ 688.380277][T11275] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 688.414855][T11275] CIFS mount error: No usable UNC path provided in device string! [ 688.414855][T11275] [ 688.425406][T11275] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 688.471986][T11280] bridge0: port 3(syz_tun) entered blocking state [ 688.479400][T11280] bridge0: port 3(syz_tun) entered disabled state [ 688.486916][T11280] syz_tun: entered allmulticast mode [ 688.495280][T11280] syz_tun: entered promiscuous mode [ 688.503103][T11280] bridge0: port 3(syz_tun) entered blocking state [ 688.510174][T11280] bridge0: port 3(syz_tun) entered forwarding state [ 688.538101][T11198] team0: Port device team_slave_1 added [ 688.811522][T11198] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 688.818907][T11198] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 688.848186][T11198] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 688.887792][T11198] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 688.895282][T11198] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 688.922362][T11198] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 689.097536][T11198] hsr_slave_0: entered promiscuous mode [ 689.166046][T11198] hsr_slave_1: entered promiscuous mode [ 689.670324][T11302] loop0: detected capacity change from 0 to 256 [ 690.039620][T11305] input: syz1 as /devices/virtual/input/input16 [ 690.261763][T11023] Bluetooth: hci2: command tx timeout [ 690.443817][T11311] loop3: detected capacity change from 0 to 24 [ 690.469164][T11311] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 691.012898][T11322] tap0: tun_chr_ioctl cmd 1074025673 [ 691.036978][T11323] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2330'. [ 691.046440][T11323] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2330'. [ 691.189878][T11325] netlink: 'syz.3.2332': attribute type 5 has an invalid length. [ 691.200731][T11325] netlink: 7 bytes leftover after parsing attributes in process `syz.3.2332'. [ 691.385565][T11198] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 691.519365][T11198] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 691.562971][T11328] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2333'. [ 691.578712][T11198] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 691.638635][T11198] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 691.745296][T11331] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2335'. [ 691.757113][T11331] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2335'. [ 692.440767][T11198] 8021q: adding VLAN 0 to HW filter on device bond0 [ 692.488634][T11198] 8021q: adding VLAN 0 to HW filter on device team0 [ 692.638715][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 692.646485][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 692.672216][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 692.679887][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 692.919845][T11345] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0. [ 693.469373][T11353] loop3: detected capacity change from 0 to 1024 [ 693.731305][T11353] hfsplus: extend alloc file! (8192,65536,366) [ 693.893812][T11362] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2347'. [ 694.109688][T11198] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 694.280308][T11198] veth0_vlan: entered promiscuous mode [ 694.318363][T11198] veth1_vlan: entered promiscuous mode [ 694.472124][T11198] veth0_macvtap: entered promiscuous mode [ 694.583958][T11198] veth1_macvtap: entered promiscuous mode [ 694.638326][T11198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.651885][T11198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.664922][T11198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.679954][T11198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.693781][T11198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.707425][T11198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.725373][T11198] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 694.757619][T11198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 694.770826][T11198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.784049][T11198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 694.795773][T11198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.806003][T11198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 694.816839][T11198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.831833][T11198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 694.842961][T11198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.857931][T11198] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 694.881736][T11198] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.890834][T11198] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.900047][T11198] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 694.909403][T11198] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.967450][T11384] loop4: detected capacity change from 0 to 1024 [ 696.276266][T11384] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 696.306254][T11390] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2355'. [ 696.511133][ T29] audit: type=1800 audit(2000000144.820:46): pid=11384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2354" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 696.541447][ T29] audit: type=1800 audit(2000000144.830:47): pid=11384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2354" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 696.786680][ T5188] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 699.763400][T11459] loop0: detected capacity change from 0 to 256 [ 700.087444][T11459] syz.0.2379: attempt to access beyond end of device [ 700.087444][T11459] loop0: rw=2049, sector=256, nr_sectors = 4 limit=256 [ 700.734379][T11476] loop0: detected capacity change from 0 to 256 [ 701.237312][ T3755] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 701.245818][ T3755] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 701.327371][ T3183] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 701.337956][ T3183] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 702.529817][T11506] team0: Device gre0 is of different type [ 703.120819][T11520] sctp: [Deprecated]: syz.2.2401 (pid 11520) Use of struct sctp_assoc_value in delayed_ack socket option. [ 703.120819][T11520] Use struct sctp_sack_info instead [ 703.310781][T11523] loop0: detected capacity change from 0 to 16 [ 703.360427][T11523] erofs: (device loop0): mounted with root inode @ nid 36. [ 703.559155][T11530] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 703.577276][ T29] audit: type=1800 audit(2000000151.720:48): pid=11523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2406" name="file1" dev="loop0" ino=86 res=0 errno=0 [ 704.007001][T11536] loop3: detected capacity change from 0 to 512 [ 704.091293][T11538] loop2: detected capacity change from 0 to 512 [ 704.139919][T11536] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 704.227914][T11536] EXT4-fs (loop3): 1 truncate cleaned up [ 704.237734][T11536] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 704.480557][T11538] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 704.484396][T11536] EXT4-fs error (device loop3): ext4_empty_dir:3128: inode #2: block 13: comm syz.3.2409: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 704.495528][T11538] ext4 filesystem being mounted at /556/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 704.556089][T11538] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 12: comm syz.2.2410: path /556/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 704.601260][T11538] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 13: comm syz.2.2410: path /556/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 704.633159][T11538] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 14: comm syz.2.2410: path /556/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 704.712933][T11538] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 15: comm syz.2.2410: path /556/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 704.733585][ C0] vkms_vblank_simulate: vblank timer overrun [ 704.780010][T11538] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 16: comm syz.2.2410: path /556/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 704.873241][T11538] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 17: comm syz.2.2410: path /556/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 704.896916][T11538] EXT4-fs error (device loop2): ext4_map_blocks:671: inode #2: block 18: comm syz.2.2410: lblock 23 mapped to illegal pblock 18 (length 1) [ 705.008785][ T9024] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 705.173252][ T5191] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 705.761254][T11570] netlink: 196 bytes leftover after parsing attributes in process `syz.1.2423'. [ 705.772395][T11570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:bb) already exists on: batadv_slave_0 [ 705.788477][T11570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 705.803085][T11570] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 705.824522][T11568] loop3: detected capacity change from 0 to 512 [ 705.852455][T11568] EXT4-fs (loop3): filesystem is read-only [ 705.882389][T11568] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 706.089424][T11568] EXT4-fs (loop3): filesystem is read-only [ 706.095874][T11568] EXT4-fs (loop3): orphan cleanup on readonly fs [ 706.213731][T11568] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2419: bg 0: block 64: padding at end of block bitmap is not set [ 706.262635][T11577] loop2: detected capacity change from 0 to 512 [ 706.317382][T11568] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 706.343422][T11577] EXT4-fs: Ignoring removed orlov option [ 706.353762][T11568] EXT4-fs (loop3): 1 orphan inode deleted [ 706.366914][T11568] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 706.412582][T11577] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 706.426552][T11583] netlink: 'syz.0.2425': attribute type 1 has an invalid length. [ 706.490505][T11577] EXT4-fs (loop2): 1 truncate cleaned up [ 706.503339][T11577] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 706.681991][ T9024] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 706.771201][T11590] loop4: detected capacity change from 0 to 24 [ 707.155093][ T5191] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 707.289547][T11598] loop0: detected capacity change from 0 to 1024 [ 707.359193][T11598] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 707.376001][T11597] loop1: detected capacity change from 0 to 2048 [ 707.544355][T11597] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 707.739873][ T7120] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 708.049404][T11606] loop4: detected capacity change from 0 to 1024 [ 708.170307][T11606] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 708.362545][T11606] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #14: comm syz.4.2434: attempt to clear invalid blocks 1886221359 len 1 [ 708.472042][T11606] EXT4-fs (loop4): Remounting filesystem read-only [ 708.946627][ T5188] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 709.854119][T11641] tap0: tun_chr_ioctl cmd 1074025677 [ 709.859999][T11641] tap0: linktype set to 825 [ 710.613321][ T1243] ieee802154 phy0 wpan0: encryption failed: -22 [ 710.620032][ T1243] ieee802154 phy1 wpan1: encryption failed: -22 [ 710.636568][T11655] loop1: detected capacity change from 0 to 64 [ 711.009902][T11659] sit0: entered promiscuous mode [ 711.030329][T11659] netlink: 'syz.4.2460': attribute type 1 has an invalid length. [ 711.038759][T11659] netlink: 1 bytes leftover after parsing attributes in process `syz.4.2460'. [ 711.630860][T11673] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2464'. [ 711.930478][T11675] netlink: 'syz.0.2465': attribute type 3 has an invalid length. [ 712.254965][T11683] loop4: detected capacity change from 0 to 1024 [ 712.536127][T11688] loop2: detected capacity change from 0 to 256 [ 712.740148][ T34] hfsplus: b-tree write err: -5, ino 4 [ 712.791644][T11692] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2474'. [ 713.767301][T11708] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2491'. [ 714.186368][T11717] loop0: detected capacity change from 0 to 1024 [ 714.198403][T11719] loop4: detected capacity change from 0 to 256 [ 714.243856][T11719] exfat: Deprecated parameter 'utf8' [ 714.249642][T11719] exfat: Deprecated parameter 'namecase' [ 714.256257][T11719] exfat: Deprecated parameter 'namecase' [ 714.262358][T11719] exfat: Deprecated parameter 'utf8' [ 714.384188][T11719] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012153, chksum : 0x822ffc2e, utbl_chksum : 0xe619d30d) [ 714.974923][T11717] EXT4-fs: Ignoring removed orlov option [ 715.018974][T11717] EXT4-fs (loop0): Test dummy encryption mode enabled [ 715.083016][T11730] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2489'. [ 715.186499][T11734] loop1: detected capacity change from 0 to 1024 [ 715.484837][T11717] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 715.738385][ T7120] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 716.582681][T11755] loop3: detected capacity change from 0 to 256 [ 716.977402][T11766] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 716.977402][T11766] The task syz.2.2503 (11766) triggered the difference, watch for misbehavior. [ 717.053359][T11755] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 717.153838][ T29] audit: type=1800 audit(2000000165.470:49): pid=11755 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2501" name="file1" dev="loop3" ino=1048734 res=0 errno=0 [ 717.177505][T11755] exFAT-fs (loop3): hint_cluster is invalid (65537), rewind to the first cluster [ 717.178002][T11755] exFAT-fs (loop3): error, failed to bmap (inode : ffff8880130857f0 iblock : 8, err : -5) [ 717.178290][T11755] exFAT-fs (loop3): Filesystem has been set read-only [ 717.179114][T11755] exFAT-fs (loop3): error, invalid access to FAT (entry 0x00010000) [ 717.179384][T11755] syz.3.2501: attempt to access beyond end of device [ 717.179384][T11755] loop3: rw=2049, sector=524408, nr_sectors = 8 limit=256 [ 717.181980][T11755] exFAT-fs (loop3): error, invalid access to FAT (entry 0x00010000) [ 717.182101][T11755] exFAT-fs (loop3): error, failed to bmap (inode : ffff8880130857f0 iblock : 8, err : -5) [ 717.183155][T11755] exFAT-fs (loop3): error, invalid access to FAT (entry 0x00010000) [ 717.183415][T11755] syz.3.2501: attempt to access beyond end of device [ 717.183415][T11755] loop3: rw=2049, sector=524408, nr_sectors = 8 limit=256 [ 717.769510][T11776] netlink: 'syz.3.2509': attribute type 10 has an invalid length. [ 717.778080][T11776] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2509'. [ 717.805973][T11776] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 718.051647][T11779] loop4: detected capacity change from 0 to 256 [ 718.766200][T11791] loop4: detected capacity change from 0 to 256 [ 718.835693][T11791] exfat: Deprecated parameter 'utf8' [ 718.918835][T11795] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2518'. [ 719.085377][T11791] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d) [ 719.142610][T11801] usb usb8: check_ctrlrecip: process 11801 (syz.0.2521) requesting ep 01 but needs 81 [ 719.155263][T11801] usb usb8: usbfs: process 11801 (syz.0.2521) did not claim interface 0 before use [ 719.157466][T11791] Process accounting resumed [ 719.593117][T11808] netlink: 'syz.3.2524': attribute type 1 has an invalid length. [ 719.861646][T11809] hub 6-0:1.0: USB hub found [ 719.919658][T11809] hub 6-0:1.0: 1 port detected [ 720.295304][T11820] program syz.0.2530 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 721.486715][T11842] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2541'. [ 721.701496][ T5251] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 721.804252][T11848] loop2: detected capacity change from 0 to 8 [ 721.835772][T11848] SQUASHFS error: lzo decompression failed, data probably corrupt [ 721.844274][T11848] SQUASHFS error: Failed to read block 0x28d: -5 [ 721.850816][T11848] SQUASHFS error: Unable to read metadata cache entry [28b] [ 721.867722][T11848] SQUASHFS error: Unable to read inode 0x11f [ 721.915771][ T5251] usb 2-1: Using ep0 maxpacket: 16 [ 721.928176][ T5251] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 721.940293][ T5251] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 721.951837][ T5251] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 721.967042][ T5251] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 721.979480][ T5251] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 721.990635][ T5251] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 722.034396][ T5251] usb 2-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=94.d7 [ 722.044098][ T5251] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 722.052625][ T5251] usb 2-1: Product: syz [ 722.060860][ T5251] usb 2-1: Manufacturer: syz [ 722.067124][ T5251] usb 2-1: SerialNumber: syz [ 722.082958][ T5251] usb 2-1: config 0 descriptor?? [ 722.112521][ T5251] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 722.348510][ T5268] usb 2-1: USB disconnect, device number 14 [ 722.682055][T11860] netlink: 'syz.0.2550': attribute type 4 has an invalid length. [ 723.240272][T11867] netlink: 'syz.4.2553': attribute type 29 has an invalid length. [ 723.282913][T11869] netlink: 'syz.4.2553': attribute type 29 has an invalid length. [ 723.364813][T11867] netlink: 'syz.4.2553': attribute type 29 has an invalid length. [ 723.663675][T11872] loop0: detected capacity change from 0 to 1024 [ 723.851927][T11872] syz.0.2555: attempt to access beyond end of device [ 723.851927][T11872] loop0: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 724.907969][T11895] loop0: detected capacity change from 0 to 1024 [ 724.978709][T11898] loop1: detected capacity change from 0 to 128 [ 725.000888][T11895] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 725.295315][T11895] EXT4-fs: Ignoring removed mblk_io_submit option [ 725.295570][T11895] EXT4-fs: Remounting file system with no journal so ignoring journalled data option [ 725.295666][T11895] EXT4-fs (loop0): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 725.320245][T11895] EXT4-fs (loop0): changing journal_checksum during remount not supported; ignoring [ 725.323784][T11895] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 725.846140][ T7120] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 727.271750][T11932] loop0: detected capacity change from 0 to 64 [ 729.547229][T11964] loop4: detected capacity change from 0 to 16 [ 729.568110][T11964] erofs: (device loop4): mounted with root inode @ nid 36. [ 729.587102][T11964] erofs: (device loop4): erofs_read_inode: unsupported i_format 36 of nid 37 [ 729.791410][ T4877] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 729.970416][ T4877] usb 1-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 729.980215][ T4877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 730.023591][ T4877] usb 1-1: config 0 descriptor?? [ 730.493324][ T4877] gs_usb 1-1:0.0: Configuring for 1 interfaces [ 730.712196][ T29] audit: type=1326 audit(2000000179.020:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11965 comm="syz.2.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18a037def9 code=0x7fc00000 [ 730.896506][ T4877] gs_usb 1-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 730.929500][ T4877] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -22 [ 731.100502][ T4877] usb 1-1: USB disconnect, device number 14 [ 731.145307][T11989] vivid-008: disconnect [ 731.150674][T11988] vivid-008: reconnect [ 732.197953][T12011] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 732.206409][T12011] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 732.220877][T12011] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 732.229381][T12011] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 732.370900][T11023] Bluetooth: hci1: unexpected event for opcode 0x1408 [ 733.340203][T12036] loop1: detected capacity change from 0 to 128 [ 734.141567][T12050] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2634'. [ 734.150796][T12050] netlink: 'syz.4.2634': attribute type 1 has an invalid length. [ 734.257401][T12052] netlink: 'syz.3.2635': attribute type 1 has an invalid length. [ 734.265747][T12052] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2635'. [ 734.804234][T12058] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2638'. [ 734.816980][T12058] netlink: 'syz.3.2638': attribute type 9 has an invalid length. [ 735.001376][ T4877] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 735.201386][ T4877] usb 1-1: Using ep0 maxpacket: 8 [ 735.219637][ T4877] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 735.283735][ T4877] usb 1-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 735.293357][ T4877] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 735.301801][ T4877] usb 1-1: Product: syz [ 735.306210][ T4877] usb 1-1: Manufacturer: syz [ 735.311207][ T4877] usb 1-1: SerialNumber: syz [ 735.431227][ T4877] usb 1-1: config 0 descriptor?? [ 735.448021][ T4877] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 735.553111][T12068] loop4: detected capacity change from 0 to 256 [ 735.798123][T12070] loop2: detected capacity change from 0 to 2048 [ 735.994542][T12072] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 736.132780][ T4877] gspca_zc3xx: reg_w_i err -71 [ 736.423981][ T5192] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 736.433292][ T5192] Bluetooth: hci1: Injecting HCI hardware error event [ 736.441999][ T5192] Bluetooth: hci1: hardware error 0x00 [ 736.703784][T12082] loop2: detected capacity change from 0 to 2048 [ 736.733745][ T4877] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 736.740731][ T4877] gspca_zc3xx 1-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 736.778272][ T4877] usb 1-1: USB disconnect, device number 15 [ 736.790104][T12082] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 737.019248][ T5191] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 737.451505][T12090] loop3: detected capacity change from 0 to 128 [ 737.485610][T12090] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 737.528641][T12090] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 737.718046][T12093] loop4: detected capacity change from 0 to 128 [ 737.791325][T12093] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 738.512662][ T5192] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 738.758397][T12106] loop3: detected capacity change from 0 to 1024 [ 738.991912][T12106] hfsplus: bad catalog entry type [ 739.148482][T12118] loop0: detected capacity change from 0 to 512 [ 739.197339][T12118] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 739.284543][T12118] EXT4-fs (loop0): 1 truncate cleaned up [ 739.292271][T12118] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 739.330230][ T2553] hfsplus: b-tree write err: -5, ino 4 [ 739.624241][T12126] loop4: detected capacity change from 0 to 2048 [ 739.814662][T12126] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 739.897118][ T7120] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 740.648273][T12151] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2679'. [ 740.661601][T12151] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 740.671843][T12151] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 740.766103][T12151] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 740.774486][T12151] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 741.057333][T12148] loop3: detected capacity change from 0 to 8192 [ 741.113359][T12148] loop3: p1 p2 p4 [ 741.117391][T12148] loop3: partition table partially beyond EOD, truncated [ 741.152381][T12148] loop3: p2 start 4292936063 is beyond EOD, truncated [ 741.159659][T12148] loop3: p4 start 4294967295 is beyond EOD, truncated [ 741.452895][T12164] loop3: detected capacity change from 0 to 128 [ 741.538848][T12164] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 741.557748][T12164] ext4 filesystem being mounted at /244/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 742.044001][ T9024] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 742.281956][T10904] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 742.452869][T10904] usb 5-1: Using ep0 maxpacket: 16 [ 742.501977][T10904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 742.514142][T10904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 742.524459][T10904] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 742.542077][T10904] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 742.553245][T10904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 742.574929][T10904] usb 5-1: config 0 descriptor?? [ 743.027229][T10904] microsoft 0003:045E:07DA.001B: No inputs registered, leaving [ 743.074819][T10904] microsoft 0003:045E:07DA.001B: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 743.087706][T10904] microsoft 0003:045E:07DA.001B: no inputs found [ 743.094547][T10904] microsoft 0003:045E:07DA.001B: could not initialize ff, continuing anyway [ 743.240771][T10904] usb 5-1: USB disconnect, device number 17 [ 743.265147][T12185] sctp: failed to load transform for md5: -2 [ 745.399449][T12229] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2706'. [ 745.462081][T10904] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 745.899469][T10904] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 745.910155][T10904] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 746.063236][T10904] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 746.073603][T10904] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 746.084372][T10904] usb 3-1: SerialNumber: syz [ 746.409279][T10904] usb 3-1: 0:2 : does not exist [ 746.551501][T10904] usb 3-1: USB disconnect, device number 11 [ 747.429990][T12268] loop2: detected capacity change from 0 to 512 [ 747.542177][T12268] evm: overlay not supported [ 748.580336][ T5246] kernel write not supported for file /sequencer (pid: 5246 comm: kworker/1:4) [ 748.831676][ T5246] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 748.892187][T12294] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2736'. [ 748.906934][T12294] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2736'. [ 748.916326][T12294] bridge0: entered promiscuous mode [ 748.922047][T12294] bridge0: entered allmulticast mode [ 749.016319][T10904] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 749.036899][ T5246] usb 4-1: Using ep0 maxpacket: 16 [ 749.064447][ T5246] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 749.081403][ T5246] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 749.091888][ T5246] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 749.110657][ T5246] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 749.120162][ T5246] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 749.184207][T10904] usb 3-1: not running at top speed; connect to a high speed hub [ 749.198501][ T5246] usb 4-1: config 0 descriptor?? [ 749.271646][T10904] usb 3-1: config 95 has an invalid interface number: 1 but max is 0 [ 749.280191][T10904] usb 3-1: config 95 has no interface number 0 [ 749.287138][T10904] usb 3-1: config 95 interface 1 has no altsetting 0 [ 749.375456][T10904] usb 3-1: string descriptor 0 read error: -22 [ 749.385737][T10904] usb 3-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79 [ 749.395506][T10904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 749.469029][T12289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 749.572849][T12289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 749.605384][T12302] loop1: detected capacity change from 0 to 16 [ 749.660738][T12302] erofs: (device loop1): mounted with root inode @ nid 36. [ 749.859093][ T5246] microsoft 0003:045E:07DA.001C: unknown main item tag 0x0 [ 749.874860][ T5246] microsoft 0003:045E:07DA.001C: unknown main item tag 0x0 [ 749.883650][ T5246] microsoft 0003:045E:07DA.001C: unknown main item tag 0x0 [ 749.893925][ T5246] microsoft 0003:045E:07DA.001C: unknown main item tag 0x0 [ 749.976128][T10904] usb 3-1: USB disconnect, device number 12 [ 750.006623][ T5246] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.001C/input/input19 [ 750.092422][ T5246] microsoft 0003:045E:07DA.001C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 750.138476][ T5251] kernel write not supported for file /snd/seq (pid: 5251 comm: kworker/0:6) [ 750.178053][ T5246] usb 4-1: USB disconnect, device number 10 [ 751.008333][T12311] loop4: detected capacity change from 0 to 2048 [ 751.521594][T12311] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 751.826874][T12328] loop2: detected capacity change from 0 to 256 [ 752.151897][T12328] MINIX-fs: mounting file system with errors, running fsck is recommended [ 754.101418][T10904] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 754.338821][T10904] usb 5-1: Using ep0 maxpacket: 16 [ 754.365000][T10904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 754.378880][T10904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 754.390357][T10904] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 754.403976][T10904] usb 5-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00 [ 754.413470][T10904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 754.464474][T10904] usb 5-1: config 0 descriptor?? [ 754.863729][T12387] netlink: 'syz.3.2776': attribute type 5 has an invalid length. [ 755.206211][T10904] hid-u2fzero 0003:10C4:8ACF.001D: unknown main item tag 0x0 [ 755.214577][T10904] hid-u2fzero 0003:10C4:8ACF.001D: unknown main item tag 0x0 [ 755.222567][T10904] hid-u2fzero 0003:10C4:8ACF.001D: item fetching failed at offset 2/5 [ 755.260077][T10904] hid-u2fzero 0003:10C4:8ACF.001D: probe with driver hid-u2fzero failed with error -22 [ 755.467143][ T5246] usb 5-1: USB disconnect, device number 18 [ 755.870576][T12400] loop3: detected capacity change from 0 to 512 [ 755.889820][T12398] loop2: detected capacity change from 0 to 1024 [ 755.964995][T12400] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 755.976927][T12402] input: syz1 as /devices/virtual/input/input20 [ 756.169243][T12400] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.2783: invalid indirect mapped block 512 (level 0) [ 756.194864][T12407] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2784'. [ 756.205446][T12398] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 756.238187][T12400] EXT4-fs (loop3): Remounting filesystem read-only [ 756.290026][T12400] EXT4-fs (loop3): 1 orphan inode deleted [ 756.296276][T12400] EXT4-fs (loop3): 1 truncate cleaned up [ 756.303944][T12400] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 756.639038][T12400] EXT4-fs: can't change dax mount option while remounting [ 756.726482][ T5191] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 757.528827][T10291] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 757.597419][T10291] bridge0: port 3(syz_tun) entered disabled state [ 757.646534][T10291] syz_tun (unregistering): left allmulticast mode [ 757.658757][T10291] syz_tun (unregistering): left promiscuous mode [ 757.669064][T10291] bridge0: port 3(syz_tun) entered disabled state [ 757.799547][ T2553] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.919530][ T2553] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 758.102426][ T2553] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 758.226307][ T2553] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 758.247283][T12416] loop1: detected capacity change from 0 to 4096 [ 758.345460][T12416] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 758.586962][ T2553] bridge_slave_1: left allmulticast mode [ 758.598303][ T2553] bridge_slave_1: left promiscuous mode [ 758.605111][ T2553] bridge0: port 2(bridge_slave_1) entered disabled state [ 758.622002][ T2553] bridge_slave_0: left allmulticast mode [ 758.627891][ T2553] bridge_slave_0: left promiscuous mode [ 758.639906][ T2553] bridge0: port 1(bridge_slave_0) entered disabled state [ 759.244278][ T2553] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 759.309340][ T2553] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 759.360619][ T2553] bond0 (unregistering): Released all slaves [ 759.498923][ T2553] tipc: Disabling bearer [ 759.505247][ T2553] tipc: Left network mode [ 760.020785][ T2553] hsr_slave_0: left promiscuous mode [ 760.085982][ T2553] hsr_slave_1: left promiscuous mode [ 760.138360][ T2553] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 760.146353][ T2553] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 760.203792][ T2553] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 760.219029][ T2553] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 760.277011][ T2553] veth1_macvtap: left promiscuous mode [ 760.283262][ T2553] veth0_macvtap: left promiscuous mode [ 760.289178][ T2553] veth1_vlan: left promiscuous mode [ 760.295035][ T2553] veth0_vlan: left promiscuous mode [ 760.673846][T11023] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 760.684329][T11023] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 760.696166][T11023] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 760.710373][T11023] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 760.839549][T11023] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 760.844766][ T2553] pim6reg (unregistering): left allmulticast mode [ 760.890213][T11023] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 761.465816][ T2553] team0 (unregistering): Port device team_slave_1 removed [ 761.513707][ T2553] team0 (unregistering): Port device team_slave_0 removed [ 761.909739][T12434] bridge0: port 2(syz_tun) entered blocking state [ 761.916993][T12434] bridge0: port 2(syz_tun) entered disabled state [ 761.924348][T12434] syz_tun: entered allmulticast mode [ 761.932599][T12434] syz_tun: entered promiscuous mode [ 762.681427][T10904] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 762.838160][T12439] chnl_net:caif_netlink_parms(): no params data found [ 762.907766][T10904] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 762.921903][T10904] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 762.931457][T10904] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 762.956329][T10904] usb 2-1: config 0 descriptor?? [ 763.051672][T11023] Bluetooth: hci1: command tx timeout [ 763.252989][T12457] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2804'. [ 763.257875][T10904] usb 2-1: string descriptor 0 read error: -71 [ 763.269744][T10904] usb 2-1: Found UVC 0.00 device (046d:08c1) [ 763.277850][T10904] usb 2-1: No valid video chain found. [ 763.427870][T12460] loop2: detected capacity change from 0 to 512 [ 763.443611][T10904] usb 2-1: USB disconnect, device number 15 [ 763.471453][T12460] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 763.555560][T12460] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 763.598318][T12460] System zones: 1-12 [ 763.650753][T12460] EXT4-fs (loop2): 1 truncate cleaned up [ 763.660574][T12460] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 764.027562][T12439] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.035492][T12439] bridge0: port 1(bridge_slave_0) entered disabled state [ 764.047020][T12439] bridge_slave_0: entered allmulticast mode [ 764.056066][T12439] bridge_slave_0: entered promiscuous mode [ 764.082060][T12439] bridge0: port 2(bridge_slave_1) entered blocking state [ 764.089744][T12439] bridge0: port 2(bridge_slave_1) entered disabled state [ 764.092100][ T5191] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 764.098491][T12439] bridge_slave_1: entered allmulticast mode [ 764.118912][T12439] bridge_slave_1: entered promiscuous mode [ 764.244280][T12439] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 764.284283][T12439] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 764.377275][T12469] loop2: detected capacity change from 0 to 128 [ 764.557396][T12439] team0: Port device team_slave_0 added [ 764.578743][T12439] team0: Port device team_slave_1 added [ 764.710470][T12468] loop4: detected capacity change from 0 to 2048 [ 764.758568][T12439] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 764.765843][T12439] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 764.797723][T12439] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 764.814293][T12439] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 764.829710][T12439] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 764.861996][T12439] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 764.885913][T12468] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 764.960022][T12468] UDF-fs: incorrect filename length (10) [ 765.061738][T11023] Bluetooth: hci1: command tx timeout [ 765.062652][T12439] hsr_slave_0: entered promiscuous mode [ 765.218565][T12439] hsr_slave_1: entered promiscuous mode [ 765.244642][T12439] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 765.252847][T12439] Cannot create hsr debugfs directory [ 765.709155][T12480] loop1: detected capacity change from 0 to 512 [ 765.809375][T12480] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 765.877204][T12480] EXT4-fs (loop1): 1 orphan inode deleted [ 765.885965][T12480] EXT4-fs (loop1): 1 truncate cleaned up [ 765.896752][T12480] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 766.057719][T12480] EXT4-fs error (device loop1): ext4_search_dir:1505: inode #12: block 7: comm syz.1.2813: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0 [ 766.167138][T12480] EXT4-fs (loop1): Remounting filesystem read-only [ 766.639785][T11198] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 766.746377][T12439] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 766.827128][T12439] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 766.895047][T12439] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 766.979631][T12439] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 767.150076][T11023] Bluetooth: hci1: command tx timeout [ 767.563053][ T5192] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 767.581541][T12439] 8021q: adding VLAN 0 to HW filter on device bond0 [ 767.653591][ T5192] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 767.663525][ T5192] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 767.670727][T12439] 8021q: adding VLAN 0 to HW filter on device team0 [ 767.676756][ T5192] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 767.695784][ T5192] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 767.705082][ T5192] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 767.748058][ T3350] bridge0: port 1(bridge_slave_0) entered blocking state [ 767.755826][ T3350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 767.773009][ T3350] bridge0: port 2(bridge_slave_1) entered blocking state [ 767.780664][ T3350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 768.019732][T12439] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 769.248776][T12439] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 769.306381][ T5192] Bluetooth: hci1: command tx timeout [ 769.433818][T12439] veth0_vlan: entered promiscuous mode [ 769.467473][T12502] chnl_net:caif_netlink_parms(): no params data found [ 769.627859][T12439] veth1_vlan: entered promiscuous mode [ 769.942665][ T5192] Bluetooth: hci5: command tx timeout [ 770.130098][T12439] veth0_macvtap: entered promiscuous mode [ 770.230184][T12439] veth1_macvtap: entered promiscuous mode [ 770.311484][T12528] sctp: [Deprecated]: syz.1.2826 (pid 12528) Use of struct sctp_assoc_value in delayed_ack socket option. [ 770.311484][T12528] Use struct sctp_sack_info instead [ 770.368461][T12439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 770.379617][T12439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.400556][T12439] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 770.482798][T12439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 770.496929][T12439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.508083][T12439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 770.518958][T12439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.529197][T12439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 770.540036][T12439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.558597][T12439] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 770.804036][T12439] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.813414][T12439] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.822681][T12439] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.831894][T12439] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 771.100102][T12502] bridge0: port 1(bridge_slave_0) entered blocking state [ 771.108065][T12502] bridge0: port 1(bridge_slave_0) entered disabled state [ 771.116129][T12502] bridge_slave_0: entered allmulticast mode [ 771.130494][T12502] bridge_slave_0: entered promiscuous mode [ 771.147206][T12502] bridge0: port 2(bridge_slave_1) entered blocking state [ 771.160325][T12502] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.170667][T12502] bridge_slave_1: entered allmulticast mode [ 771.179927][T12502] bridge_slave_1: entered promiscuous mode [ 771.516968][T12502] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 771.546811][T12502] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 771.664910][T12244] coredump: 150(syz.1.2711): written to core: VMAs: 34, size 97419264; core: 62112710 bytes, pos 97427456 [ 771.812289][T12502] team0: Port device team_slave_0 added [ 771.912187][T12502] team0: Port device team_slave_1 added [ 772.055637][ T1243] ieee802154 phy0 wpan0: encryption failed: -22 [ 772.057423][ T5192] Bluetooth: hci5: command tx timeout [ 772.063345][ T1243] ieee802154 phy1 wpan1: encryption failed: -22 [ 772.221463][ T5251] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 772.248869][T12502] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 772.256190][T12502] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 772.288095][T12502] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 772.399329][T12502] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 772.411271][ T5251] usb 5-1: Using ep0 maxpacket: 8 [ 772.418765][T12502] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 772.431137][ T5251] usb 5-1: config 0 interface 0 has no altsetting 0 [ 772.451642][T12502] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 772.531287][ T5251] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 772.543250][ T5251] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 772.554227][ T5251] usb 5-1: Product: syz [ 772.558662][ T5251] usb 5-1: Manufacturer: syz [ 772.563844][ T5251] usb 5-1: SerialNumber: syz [ 772.588550][ T5251] usb 5-1: config 0 descriptor?? [ 772.658544][ T5251] gspca_main: se401-2.14.0 probing 047d:5003 [ 772.880166][T12502] hsr_slave_0: entered promiscuous mode [ 772.904661][T12502] hsr_slave_1: entered promiscuous mode [ 772.948686][T12502] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 772.959736][T12502] Cannot create hsr debugfs directory [ 773.460577][T12563] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2836'. [ 773.508537][ T5251] usb 5-1: reset high-speed USB device number 19 using dummy_hcd [ 773.963535][T12502] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 774.105668][ T5192] Bluetooth: hci5: command tx timeout [ 774.156408][ T5251] gspca_se401: read req failed req 0x06 error -71 [ 774.163940][ T5251] se401 5-1:0.0: probe with driver se401 failed with error -71 [ 774.171982][T12502] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 774.224879][ T5251] usb 5-1: USB disconnect, device number 19 [ 774.477059][T12502] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 774.618507][T12502] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 775.289143][T12502] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 775.372723][T12502] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 775.444670][T12502] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 775.501396][T12502] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 776.181649][ T5192] Bluetooth: hci5: command tx timeout [ 776.717406][T12502] 8021q: adding VLAN 0 to HW filter on device bond0 [ 776.967279][T12502] 8021q: adding VLAN 0 to HW filter on device team0 [ 777.058401][ T3350] bridge0: port 1(bridge_slave_0) entered blocking state [ 777.066444][ T3350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 777.190695][ T3350] bridge0: port 2(bridge_slave_1) entered blocking state [ 777.198647][ T3350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 777.227406][ T3755] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 777.235943][ T3755] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 777.279677][T12598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2848'. [ 777.567916][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 777.581608][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 779.074792][T12502] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 779.261787][T12622] IPVS: stopping backup sync thread 12624 ... [ 779.268648][ T5251] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 779.451501][ T5251] usb 2-1: Using ep0 maxpacket: 32 [ 779.483016][ T5251] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 779.495205][ T5251] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 779.510049][ T5251] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 779.522928][ T5251] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 779.532525][ T5251] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 779.721743][T12502] veth0_vlan: entered promiscuous mode [ 779.748858][ T5251] usb 2-1: config 0 descriptor?? [ 779.779629][T12618] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 779.824509][T12502] veth1_vlan: entered promiscuous mode [ 779.902494][ T5251] hub 2-1:0.0: USB hub found [ 780.146627][T12628] tap0: tun_chr_ioctl cmd 1074025677 [ 780.158990][T12628] tap0: linktype set to 825 [ 780.206920][T12502] veth0_macvtap: entered promiscuous mode [ 780.260759][ T5251] hub 2-1:0.0: 2 ports detected [ 780.354056][T12502] veth1_macvtap: entered promiscuous mode [ 780.521519][ T5251] hub 2-1:0.0: hub_hub_status failed (err = -71) [ 780.533172][ T5251] hub 2-1:0.0: config failed, can't get hub status (err -71) [ 780.544595][T12502] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.555438][T12502] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.571822][T12502] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 780.582863][T12502] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.605908][T12502] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 780.656773][ T5251] usbhid 2-1:0.0: can't add hid device: -71 [ 780.664821][ T5251] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 780.809940][T12502] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.818228][ T5251] usb 2-1: USB disconnect, device number 16 [ 780.820719][T12502] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.843226][T12502] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.854487][T12502] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.867433][T12502] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.881452][T12502] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.894359][T12502] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 780.913814][T12502] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 780.933366][T12502] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 781.085926][T12502] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.095215][T12502] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.107468][T12502] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 781.117752][T12502] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.517604][T12636] loop3: detected capacity change from 0 to 32768 [ 783.685415][T12655] loop1: detected capacity change from 0 to 512 [ 783.725512][T12655] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 783.734024][T12655] UDF-fs: Scanning with blocksize 512 failed [ 783.898831][T12655] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 783.913079][T12655] UDF-fs: Scanning with blocksize 1024 failed [ 783.964294][T12655] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 783.974764][T12655] UDF-fs: Scanning with blocksize 2048 failed [ 784.042932][T12655] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 784.134904][T12655] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 784.698452][T12673] loop1: detected capacity change from 0 to 512 [ 784.894794][T12673] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 785.190172][T12673] EXT4-fs (loop1): 1 truncate cleaned up [ 785.199731][T12673] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 785.435657][T12671] sctp: failed to load transform for md5: -2 [ 785.779927][T11198] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 786.105631][T12695] loop3: detected capacity change from 0 to 1024 [ 786.497138][ T5246] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 786.737151][ T5246] usb 5-1: Using ep0 maxpacket: 32 [ 786.762567][ T5246] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 786.774777][ T5246] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 786.790602][ T5246] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 786.800093][ T5246] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 786.821441][ T5246] usb 5-1: config 0 descriptor?? [ 787.275455][ T5246] ft260 0003:0403:6030.001E: unknown main item tag 0x0 [ 787.561506][ T5246] ft260 0003:0403:6030.001E: chip code: 6424 8183 [ 787.804605][ T5246] ft260 0003:0403:6030.001E: failed to retrieve system status [ 787.819446][ T5246] ft260 0003:0403:6030.001E: probe with driver ft260 failed with error -71 [ 788.008318][ T5246] usb 5-1: USB disconnect, device number 20 [ 788.035307][ T3350] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 788.043648][ T3350] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 788.135012][ T3755] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 788.143313][ T3755] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 789.431659][ T5244] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 789.661192][ T5244] usb 5-1: Using ep0 maxpacket: 16 [ 789.695043][ T5244] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 789.706231][ T5244] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 789.722109][ T5244] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 789.732192][ T5244] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 789.744905][ T5244] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 789.756557][ T5244] usb 5-1: config 1 interface 0 has no altsetting 0 [ 789.766730][ T5244] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 789.779329][ T5244] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 789.843820][ T5244] ums-sddr09 5-1:1.0: USB Mass Storage device detected [ 790.100339][ T5244] ums-sddr09 5-1:1.0: probe with driver ums-sddr09 failed with error -22 [ 790.132262][ T5244] usb 5-1: USB disconnect, device number 21 [ 792.044677][ T5268] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 792.223968][ T5268] usb 4-1: Using ep0 maxpacket: 16 [ 792.239817][ T5268] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 792.255682][ T5268] usb 4-1: config 0 interface 0 has no altsetting 0 [ 792.264417][ T5268] usb 4-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 792.274445][ T5268] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 792.347191][ T5268] usb 4-1: config 0 descriptor?? [ 792.957594][ T5268] kye 0003:0458:0138.001F: unknown main item tag 0x0 [ 792.970232][ T5268] kye 0003:0458:0138.001F: unknown main item tag 0x0 [ 792.980148][ T5268] kye 0003:0458:0138.001F: unexpected long global item [ 793.036826][ T5268] kye 0003:0458:0138.001F: parse failed [ 793.043428][ T5268] kye 0003:0458:0138.001F: probe with driver kye failed with error -22 [ 793.164926][ T5268] usb 4-1: USB disconnect, device number 11 [ 793.220221][T12788] netlink: 92 bytes leftover after parsing attributes in process `syz.4.2917'. [ 793.957280][T12792] netlink: 'syz.4.2919': attribute type 15 has an invalid length. [ 794.437316][T12799] loop1: detected capacity change from 0 to 1024 [ 795.345919][T12814] loop1: detected capacity change from 0 to 512 [ 795.452036][T12814] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 795.460250][T12814] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002] [ 795.483540][T12814] EXT4-fs (loop1): orphan cleanup on readonly fs [ 795.494788][T12814] EXT4-fs warning (device loop1): ext4_block_to_path:107: block 3279949761 > max in inode 13 [ 795.505471][T12814] EXT4-fs warning (device loop1): ext4_block_to_path:107: block 3279949762 > max in inode 13 [ 795.530740][T12814] EXT4-fs (loop1): 1 truncate cleaned up [ 795.545767][T12814] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 795.626488][T12814] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz.1.2928: dx entry: limit 65535 != root limit 120 [ 795.641929][T12814] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.2928: Corrupt directory, running e2fsck is recommended [ 795.880231][T12823] loop0: detected capacity change from 0 to 64 [ 795.914947][T11198] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 798.491952][T12837] loop2: detected capacity change from 0 to 32768 [ 798.869538][T12856] netlink: 21 bytes leftover after parsing attributes in process `syz.4.2948'. [ 798.902438][T12842] loop0: detected capacity change from 0 to 4096 [ 798.929394][T12842] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 799.087130][T12862] netlink: 'syz.3.2951': attribute type 4 has an invalid length. [ 799.214820][T12860] IPVS: Error connecting to the multicast addr [ 799.550599][T12866] loop1: detected capacity change from 0 to 256 [ 800.012277][T12866] FAT-fs (loop1): Directory bread(block 64) failed [ 800.019128][T12866] FAT-fs (loop1): Directory bread(block 65) failed [ 800.026363][T12866] FAT-fs (loop1): Directory bread(block 66) failed [ 800.033388][T12866] FAT-fs (loop1): Directory bread(block 67) failed [ 800.040344][T12866] FAT-fs (loop1): Directory bread(block 68) failed [ 800.050039][T12866] FAT-fs (loop1): Directory bread(block 69) failed [ 800.058001][T12866] FAT-fs (loop1): Directory bread(block 70) failed [ 800.065170][T12866] FAT-fs (loop1): Directory bread(block 71) failed [ 800.072311][T12866] FAT-fs (loop1): Directory bread(block 72) failed [ 800.079120][T12866] FAT-fs (loop1): Directory bread(block 73) failed [ 800.203183][T12872] loop4: detected capacity change from 0 to 64 [ 800.358063][T12872] hfs: bad catalog entry type 0 [ 800.703481][T12880] loop3: detected capacity change from 0 to 512 [ 800.828098][T12884] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2947'. [ 800.842979][T12884] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2947'. [ 800.875225][T12884] bridge0: port 2(bridge_slave_1) entered disabled state [ 800.883892][T12884] bridge0: port 1(bridge_slave_0) entered disabled state [ 800.895998][T12884] bridge0: entered promiscuous mode [ 800.906078][T12884] bridge0: entered allmulticast mode [ 801.049128][T12887] Process accounting resumed [ 801.313401][T12880] EXT4-fs error (device loop3): __ext4_iget:4952: inode #15: block 1803188595: comm syz.3.2959: invalid block [ 801.406937][T12894] loop1: detected capacity change from 0 to 764 [ 801.420499][T12880] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.2959: couldn't read orphan inode 15 (err -117) [ 801.514459][T12880] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 801.647595][T12880] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.2959: invalid indirect mapped block 234881024 (level 0) [ 801.987773][T12439] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 802.274406][ T29] audit: type=1326 audit(2000000250.590:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12908 comm="syz.3.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55c577def9 code=0x7ffc0000 [ 802.299743][ T29] audit: type=1326 audit(2000000250.600:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12908 comm="syz.3.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f55c577def9 code=0x7ffc0000 [ 802.323679][ T29] audit: type=1326 audit(2000000250.600:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12908 comm="syz.3.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55c577def9 code=0x7ffc0000 [ 802.560560][ T29] audit: type=1326 audit(2000000250.690:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12908 comm="syz.3.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7f55c577def9 code=0x7ffc0000 [ 802.583858][ T29] audit: type=1326 audit(2000000250.690:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12908 comm="syz.3.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55c577def9 code=0x7ffc0000 [ 802.979029][T12921] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2977'. [ 802.988699][T12921] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2977'. [ 803.083194][T12921] bridge0: port 2(bridge_slave_1) entered disabled state [ 803.093049][T12921] bridge0: port 1(bridge_slave_0) entered disabled state [ 803.102822][T12921] bridge0: entered promiscuous mode [ 803.108292][T12921] bridge0: entered allmulticast mode [ 803.429265][ T5268] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 803.473549][T12932] loop3: detected capacity change from 0 to 8 [ 803.478263][T12930] block nbd1: shutting down sockets [ 803.540472][T12932] unable to read inode lookup table [ 803.682046][ T5268] usb 3-1: Using ep0 maxpacket: 16 [ 803.695014][ T5268] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 803.711836][ T5268] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 803.722012][ T5268] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 803.739517][ T5268] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 803.752276][ T5268] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 803.766554][T12935] 9pnet_fd: Insufficient options for proto=fd [ 803.808738][ T5268] usb 3-1: config 0 descriptor?? [ 803.816946][T12937] loop0: detected capacity change from 0 to 128 [ 803.908267][T12937] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 803.930298][T12937] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 804.312257][ T5268] microsoft 0003:045E:07DA.0020: unknown main item tag 0x0 [ 804.319872][ T5268] microsoft 0003:045E:07DA.0020: ignoring exceeding usage max [ 804.478881][ T5268] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0020/input/input21 [ 804.606149][ T5268] microsoft 0003:045E:07DA.0020: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 804.716552][T12502] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 804.733023][ T5268] usb 3-1: USB disconnect, device number 13 [ 804.745618][T12946] loop1: detected capacity change from 0 to 256 [ 804.777157][T12948] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2990'. [ 804.786887][T12948] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2990'. [ 804.864038][T11023] Bluetooth: hci2: command 0x0405 tx timeout [ 804.996342][T12946] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 805.404434][T12956] netem: change failed [ 805.452589][T12959] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2991'. [ 805.919650][T12970] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2998'. [ 805.936318][T12970] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2998'. [ 805.959037][T12967] loop4: detected capacity change from 0 to 512 [ 806.020153][T12967] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 806.077965][T12967] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 806.102073][T12967] System zones: 1-12 [ 806.121962][T12967] EXT4-fs (loop4): 1 truncate cleaned up [ 806.133846][T12967] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 806.514754][ T5188] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 807.096714][ T29] audit: type=1326 audit(2000000255.410:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.0.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03f997def9 code=0x7ffc0000 [ 807.121982][ T29] audit: type=1326 audit(2000000255.410:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.0.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03f997def9 code=0x7ffc0000 [ 807.201570][ T29] audit: type=1326 audit(2000000255.480:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.0.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7f03f997def9 code=0x7ffc0000 [ 807.234065][ T29] audit: type=1326 audit(2000000255.480:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.0.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03f997def9 code=0x7ffc0000 [ 807.260407][ T29] audit: type=1326 audit(2000000255.480:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12989 comm="syz.0.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03f997def9 code=0x7ffc0000 [ 807.405933][T12995] loop2: detected capacity change from 0 to 1024 [ 807.524907][T13003] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3013'. [ 807.565052][T12995] syz.2.3007: attempt to access beyond end of device [ 807.565052][T12995] loop2: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 807.608247][T12996] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 807.615127][T12996] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 807.628132][T12996] vhci_hcd vhci_hcd.0: Device attached [ 807.678012][T13001] vhci_hcd: connection closed [ 807.782512][ T3350] vhci_hcd: stop threads [ 807.792106][ T3350] vhci_hcd: release socket [ 807.796779][ T3350] vhci_hcd: disconnect device [ 807.832979][T12154] vhci_hcd: vhci_device speed not set [ 808.165657][T13014] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 808.699810][T13022] overlayfs: workdir and upperdir must reside under the same mount [ 808.721758][T13021] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 808.728167][T13021] syzkaller0: linktype set to 65535 [ 808.936640][T13019] loop2: detected capacity change from 0 to 2048 [ 809.112073][T13019] EXT4-fs error (device loop2): ext4_orphan_get:1414: comm syz.2.3018: bad orphan inode 8192 [ 809.151622][T13019] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 809.581522][ T5191] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 810.458181][T13050] loop3: detected capacity change from 0 to 1024 [ 810.527291][T13050] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 810.663411][T13050] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 810.774329][T13051] loop0: detected capacity change from 0 to 4096 [ 810.804994][T13051] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 811.096935][T12439] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 811.374012][T13051] ntfs3: loop0: failed to convert "c46c" to koi8-r [ 812.231613][T13082] loop0: detected capacity change from 0 to 512 [ 812.256810][T13082] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 812.340311][T13082] EXT4-fs (loop0): 1 orphan inode deleted [ 812.354247][T13082] EXT4-fs (loop0): 1 truncate cleaned up [ 812.363749][T13082] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 812.597506][T13089] loop1: detected capacity change from 0 to 64 [ 812.653884][T12502] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 813.190466][T13091] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 813.723947][T13106] loop2: detected capacity change from 0 to 512 [ 813.829820][T13109] loop0: detected capacity change from 0 to 2048 [ 813.927837][T13113] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 813.978155][T13106] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 813.986908][T13106] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 814.010251][T13106] System zones: 0-1, 15-15, 18-18, 34-34 [ 814.016324][T13113] NILFS (loop0): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 814.016479][T13113] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=4) [ 814.028608][T13113] Remounting filesystem read-only [ 814.053188][T13106] EXT4-fs (loop2): orphan cleanup on readonly fs [ 814.059988][T13106] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 814.075775][T13106] EXT4-fs warning (device loop2): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 814.092794][T13106] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 814.179460][T13106] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3057: bg 0: block 40: padding at end of block bitmap is not set [ 814.279541][T13106] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 814.399753][T13106] EXT4-fs (loop2): 1 truncate cleaned up [ 814.407601][T13106] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 814.817970][ T5191] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 815.210602][T13119] loop1: detected capacity change from 0 to 4096 [ 815.237498][T13119] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 815.470097][T13119] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 815.628809][ T29] audit: type=1800 audit(2000000263.950:61): pid=13119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3062" name="bus" dev="loop1" ino=0 res=0 errno=0 [ 816.158989][T13143] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3070'. [ 816.219393][T13147] loop2: detected capacity change from 0 to 256 [ 816.520411][T13152] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3078'. [ 816.531991][T13152] netlink: 116 bytes leftover after parsing attributes in process `syz.0.3078'. [ 816.567873][T13147] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xcc9b7de9, utbl_chksum : 0xe619d30d) [ 817.761444][ T5244] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 817.945231][ T5244] usb 5-1: config 0 has an invalid interface number: 6 but max is 0 [ 817.959145][ T5244] usb 5-1: config 0 has no interface number 0 [ 817.967351][ T5244] usb 5-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 817.977275][ T5244] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 817.995295][ T5244] usb 5-1: config 0 descriptor?? [ 818.033661][ T5244] ums-realtek 5-1:0.6: USB Mass Storage device detected [ 819.890465][ T5244] usb 5-1: USB disconnect, device number 22 [ 819.916341][T13171] netlink: 'syz.2.3081': attribute type 5 has an invalid length. [ 819.928327][T13171] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 820.176914][ T5268] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 820.437199][ T5268] usb 2-1: Using ep0 maxpacket: 8 [ 820.475330][ T5268] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 820.506966][ T5268] usb 2-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 820.516528][ T5268] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 820.531799][ T5268] usb 2-1: Product: syz [ 820.536212][ T5268] usb 2-1: Manufacturer: syz [ 820.541758][ T5268] usb 2-1: SerialNumber: syz [ 820.593324][ T5268] usb 2-1: config 0 descriptor?? [ 820.634792][ T5268] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 820.657402][T12154] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0 [ 820.665517][T12154] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0 [ 820.678755][T12154] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0 [ 820.688184][T12154] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0 [ 820.696107][T12154] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0 [ 820.784610][T12154] hid-generic 0000:0000:0000.0021: hidraw0: HID v0.00 Device [syz0] on syz0 [ 821.280635][ T5268] gspca_zc3xx: reg_w_i err -71 [ 821.911511][T12154] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 822.009996][ T5268] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 822.016951][ T5268] gspca_zc3xx 2-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 822.036064][ T5268] usb 2-1: USB disconnect, device number 17 [ 822.084283][T12154] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 822.094321][T12154] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 822.209721][T12154] usb 5-1: config 0 descriptor?? [ 823.692596][T13209] hub 6-0:1.0: USB hub found [ 823.771787][T13209] hub 6-0:1.0: 1 port detected [ 825.291886][T12154] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00 [ 825.300682][T12154] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 825.332755][T12154] [drm:udl_init] *ERROR* Selecting channel failed [ 825.457062][T12154] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 825.583854][T12154] [drm] Initialized udl on minor 2 [ 825.628593][T12154] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 825.639657][T12154] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 825.852773][ T5251] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 825.907801][T12154] usb 5-1: USB disconnect, device number 23 [ 825.924199][ T5251] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 825.932915][ T5251] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 826.392772][T13237] vxcan1: tx address claim with dlc 1 [ 826.555526][T13239] netlink: 2 bytes leftover after parsing attributes in process `syz.3.3113'. [ 826.700104][T13241] hub 6-0:1.0: USB hub found [ 826.734604][T13241] hub 6-0:1.0: 1 port detected [ 827.339049][T13247] loop1: detected capacity change from 0 to 512 [ 827.986530][ T3755] bond0: (slave bond_slave_0): interface is now down [ 827.994332][ T3755] bond0: (slave bond_slave_1): interface is now down [ 828.008230][ T3755] bond0: now running without any active interface! [ 828.272777][T13275] @: renamed from vlan0 (while UP) [ 828.947298][T13272] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3129'. [ 829.022054][ T4877] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 829.201809][ T4877] usb 4-1: Using ep0 maxpacket: 32 [ 829.223505][ T4877] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 829.238029][ T4877] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 829.251858][ T4877] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 829.263741][ T4877] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 829.277007][ T4877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 829.317687][ T4877] usb 4-1: config 0 descriptor?? [ 829.348593][T13287] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 829.355632][T13295] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 829.430162][ T4877] hub 4-1:0.0: USB hub found [ 829.556248][T13295] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 829.746552][T13295] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 829.827301][ T4877] hub 4-1:0.0: 2 ports detected [ 829.924601][T13295] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 830.039904][ T4877] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 830.050382][ T4877] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 830.112775][ T4877] usbhid 4-1:0.0: can't add hid device: -71 [ 830.119676][ T4877] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 830.153764][ T4877] usb 4-1: USB disconnect, device number 12 [ 830.338170][T13295] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.376152][T13295] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.409449][T13295] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.441145][T13295] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.123732][T13315] loop1: detected capacity change from 0 to 1024 [ 831.238895][T12154] kernel write not supported for file /sequencer (pid: 12154 comm: kworker/0:1) [ 831.250470][T13315] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 831.693483][T11198] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 831.917542][T13332] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3155'. [ 833.237637][ T5244] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 833.260168][T13353] loop3: detected capacity change from 0 to 512 [ 833.293983][T13354] loop4: detected capacity change from 0 to 1024 [ 833.338919][T13354] EXT4-fs: Ignoring removed nobh option [ 833.371479][T13353] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 833.384741][T13353] ext4 filesystem being mounted at /67/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 833.485560][ T1243] ieee802154 phy0 wpan0: encryption failed: -22 [ 833.491028][ T5244] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 833.492275][ T1243] ieee802154 phy1 wpan1: encryption failed: -22 [ 833.501207][ T5244] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 833.521461][ T5244] usb 3-1: Product: syz [ 833.525894][ T5244] usb 3-1: Manufacturer: syz [ 833.532445][ T5244] usb 3-1: SerialNumber: syz [ 833.557467][T13354] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 833.603132][ T5244] usb 3-1: config 0 descriptor?? [ 833.688922][ T29] audit: type=1800 audit(2000000281.970:62): pid=13354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3165" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 833.782139][T13353] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.3164: corrupted xattr block 33: invalid ea_ino [ 833.991842][ T5244] ch341 3-1:0.0: ch341-uart converter detected [ 834.076049][ T5188] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 834.140884][T12439] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 834.540494][ T5244] usb 3-1: failed to send control message: -71 [ 834.547244][ T5244] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 834.573595][ T5244] usb 3-1: USB disconnect, device number 14 [ 834.586735][ T5244] ch341 3-1:0.0: device disconnected [ 835.327521][T13385] loop0: detected capacity change from 0 to 256 [ 835.362026][T13384] netlink: 'syz.3.3176': attribute type 22 has an invalid length. [ 835.510305][T13389] mkiss: ax0: crc mode is auto. [ 835.557906][ T29] audit: type=1326 audit(2000000283.880:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13382 comm="syz.0.3175" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f03f997def9 code=0x0 [ 835.981488][ T5246] usb 5-1: new full-speed USB device number 24 using dummy_hcd [ 836.148282][ T5246] usb 5-1: config 0 has an invalid interface number: 255 but max is 0 [ 836.162273][ T5246] usb 5-1: config 0 has no interface number 0 [ 836.168658][ T5246] usb 5-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 836.180350][ T5246] usb 5-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 836.201609][ T5246] usb 5-1: config 0 interface 255 has no altsetting 0 [ 836.208737][ T5246] usb 5-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 836.218280][ T5246] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 836.296559][T13400] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3183'. [ 836.305837][T13400] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3183'. [ 836.323762][ T5246] usb 5-1: config 0 descriptor?? [ 836.355874][T13400] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3183'. [ 836.387737][ T5246] ums-realtek 5-1:0.255: USB Mass Storage device detected [ 836.586098][ T4877] usb 5-1: USB disconnect, device number 24 [ 836.766621][T12154] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 836.937157][T12154] usb 3-1: config 0 has no interfaces? [ 836.943163][T12154] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 836.957292][T12154] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 837.033316][T12154] usb 3-1: config 0 descriptor?? [ 837.159767][T13417] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3190'. [ 837.170527][T13417] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3190'. [ 837.344546][T12154] usb 3-1: USB disconnect, device number 15 [ 840.330602][T13462] loop0: detected capacity change from 0 to 256 [ 840.340113][T13462] exfat: Deprecated parameter 'namecase' [ 840.457912][T13462] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x18acca35, utbl_chksum : 0xe619d30d) [ 840.574302][T13462] netlink: 84 bytes leftover after parsing attributes in process `syz.0.3210'. [ 840.587475][T13462] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 841.195706][T13476] loop1: detected capacity change from 0 to 128 [ 841.247966][T13476] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 841.307970][T13476] ext4 filesystem being mounted at /176/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 841.437960][T13476] fscrypt (loop1, inode 12): Unsupported encryption flags (0x23) [ 841.709549][T11198] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 842.355878][T13502] loop1: detected capacity change from 0 to 256 [ 842.399563][T13502] exfat: Deprecated parameter 'namecase' [ 842.487435][T13502] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 842.588693][ T29] audit: type=1800 audit(2000000290.900:64): pid=13502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3227" name="file0" dev="loop1" ino=1048751 res=0 errno=0 [ 843.023848][T13511] loop1: detected capacity change from 0 to 128 [ 843.186106][T13515] netlink: 'syz.0.3234': attribute type 1 has an invalid length. [ 843.216327][T13513] loop2: detected capacity change from 0 to 512 [ 843.323318][T13513] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 843.336695][T13513] ext4 filesystem being mounted at /723/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 843.420024][T13520] sch_tbf: burst 480 is lower than device veth1_to_bridge mtu (1514) ! [ 843.489510][T13512] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 844.738390][ T5191] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 844.984030][T13540] loop0: detected capacity change from 0 to 512 [ 845.266460][T13540] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 845.279618][T13540] UDF-fs: Scanning with blocksize 512 failed [ 845.300404][T13540] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 845.315574][T13540] UDF-fs: Scanning with blocksize 1024 failed [ 845.367224][T13540] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 845.377825][T13540] UDF-fs: Scanning with blocksize 2048 failed [ 845.425060][T13540] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 845.485159][T13540] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 845.555173][ T29] audit: type=1800 audit(2000000293.860:65): pid=13540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3245" name="file1" dev="loop0" ino=26 res=0 errno=0 [ 845.670131][T13551] loop2: detected capacity change from 0 to 16 [ 845.809665][T13551] erofs: (device loop2): mounted with root inode @ nid 36. [ 845.933041][T13551] erofs: (device loop2): erofs_find_target_block: corrupted dir block 0 @ nid 36 [ 846.341396][ T4877] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 846.510184][ T4877] usb 2-1: Using ep0 maxpacket: 16 [ 846.691718][ T4877] usb 2-1: New USB device found, idVendor=07ab, idProduct=fc01, bcdDevice=8d.90 [ 846.701747][ T4877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 846.705497][T13568] loop0: detected capacity change from 0 to 1024 [ 846.709971][ T4877] usb 2-1: Product: syz [ 846.710082][ T4877] usb 2-1: Manufacturer: syz [ 846.726328][ T4877] usb 2-1: SerialNumber: syz [ 846.744076][ T4877] usb 2-1: config 0 descriptor?? [ 846.760544][ T4877] ums-freecom 2-1:0.0: USB Mass Storage device detected [ 847.007087][ T4877] usb 2-1: USB disconnect, device number 18 [ 847.055016][T12502] hfsplus: bad catalog entry type [ 847.191929][T12502] ===================================================== [ 847.199170][T12502] BUG: KMSAN: uninit-value in hfsplus_uni2asc+0x821/0x2350 [ 847.212576][T12502] hfsplus_uni2asc+0x821/0x2350 [ 847.217660][T12502] hfsplus_readdir+0xbd7/0x18d0 [ 847.223038][T12502] iterate_dir+0x5b3/0x9e0 [ 847.227641][T12502] __se_sys_getdents64+0x169/0x530 [ 847.235625][T12502] __x64_sys_getdents64+0x96/0xe0 [ 847.240855][T12502] x64_sys_call+0x3430/0x3ba0 [ 847.248596][T12502] do_syscall_64+0xcd/0x1e0 [ 847.255021][T12502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.264480][T12502] [ 847.266915][T12502] Uninit was created at: [ 847.274106][T12502] __kmalloc_noprof+0x661/0xf30 [ 847.279174][T12502] hfsplus_find_init+0x95/0x1d0 [ 847.284454][T12502] hfsplus_readdir+0x1da/0x18d0 [ 847.289489][T12502] iterate_dir+0x5b3/0x9e0 [ 847.298379][T12502] __se_sys_getdents64+0x169/0x530 [ 847.307109][T12502] __x64_sys_getdents64+0x96/0xe0 [ 847.312448][T12502] x64_sys_call+0x3430/0x3ba0 [ 847.317345][T12502] do_syscall_64+0xcd/0x1e0 [ 847.324662][T12502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.330801][T12502] [ 847.336790][T12502] CPU: 1 UID: 0 PID: 12502 Comm: syz-executor Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 847.348898][T12502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 847.366837][T12502] ===================================================== [ 847.375040][T12502] Disabling lock debugging due to kernel taint [ 847.382215][T12502] Kernel panic - not syncing: kmsan.panic set ... [ 847.388776][T12502] CPU: 1 UID: 0 PID: 12502 Comm: syz-executor Tainted: G B 6.11.0-syzkaller-08833-gde5cb0dcb74c #0 [ 847.401073][T12502] Tainted: [B]=BAD_PAGE [ 847.405378][T12502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 847.415603][T12502] Call Trace: [ 847.418998][T12502] [ 847.422043][T12502] dump_stack_lvl+0x216/0x2d0 [ 847.426925][T12502] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 847.432999][T12502] dump_stack+0x1e/0x30 [ 847.437333][T12502] panic+0x4e2/0xcf0 [ 847.441449][T12502] ? kmsan_get_metadata+0xc1/0x1c0 [ 847.446827][T12502] kmsan_report+0x2c7/0x2d0 [ 847.451558][T12502] ? kmsan_get_metadata+0x13e/0x1c0 [ 847.456999][T12502] ? kmsan_get_metadata+0x13e/0x1c0 [ 847.462433][T12502] ? __msan_warning+0x95/0x120 [ 847.467418][T12502] ? hfsplus_uni2asc+0x821/0x2350 [ 847.472657][T12502] ? hfsplus_readdir+0xbd7/0x18d0 [ 847.477961][T12502] ? iterate_dir+0x5b3/0x9e0 [ 847.482742][T12502] ? __se_sys_getdents64+0x169/0x530 [ 847.488235][T12502] ? __x64_sys_getdents64+0x96/0xe0 [ 847.493632][T12502] ? x64_sys_call+0x3430/0x3ba0 [ 847.498710][T12502] ? do_syscall_64+0xcd/0x1e0 [ 847.503595][T12502] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.509876][T12502] ? filter_irq_stacks+0x60/0x1a0 [ 847.515146][T12502] ? kmsan_get_metadata+0x13e/0x1c0 [ 847.520574][T12502] ? kmsan_get_metadata+0x13e/0x1c0 [ 847.526004][T12502] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 847.532187][T12502] ? hfsplus_bnode_read_u16+0x3e/0x2b0 [ 847.537857][T12502] ? filter_irq_stacks+0x60/0x1a0 [ 847.543106][T12502] ? kmsan_get_metadata+0x13e/0x1c0 [ 847.548539][T12502] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 847.554596][T12502] ? utf32_to_utf8+0x4b1/0x4e0 [ 847.559574][T12502] ? kmsan_get_metadata+0x13e/0x1c0 [ 847.565090][T12502] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 847.571132][T12502] __msan_warning+0x95/0x120 [ 847.575926][T12502] hfsplus_uni2asc+0x821/0x2350 [ 847.580983][T12502] ? __msan_memcpy+0x108/0x1c0 [ 847.585944][T12502] ? kmsan_get_metadata+0x13e/0x1c0 [ 847.591377][T12502] ? __msan_memcpy+0x108/0x1c0 [ 847.596389][T12502] hfsplus_readdir+0xbd7/0x18d0 [ 847.601462][T12502] ? __rcu_read_unlock+0x7b/0xe0 [ 847.606691][T12502] ? aa_file_perm+0x3de/0x1780 [ 847.611628][T12502] ? kmsan_get_metadata+0x13e/0x1c0 [ 847.617061][T12502] ? kmsan_get_metadata+0x13e/0x1c0 [ 847.622486][T12502] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 847.629042][T12502] ? kmsan_get_metadata+0x13e/0x1c0 [ 847.634472][T12502] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 847.640557][T12502] ? __pfx_hfsplus_readdir+0x10/0x10 [ 847.646027][T12502] iterate_dir+0x5b3/0x9e0 [ 847.650628][T12502] ? __pfx_hfsplus_readdir+0x10/0x10 [ 847.656099][T12502] ? mutex_lock+0x38/0x60 [ 847.660654][T12502] __se_sys_getdents64+0x169/0x530 [ 847.665968][T12502] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 847.672525][T12502] ? __pfx_filldir64+0x10/0x10 [ 847.677494][T12502] __x64_sys_getdents64+0x96/0xe0 [ 847.682728][T12502] x64_sys_call+0x3430/0x3ba0 [ 847.687620][T12502] do_syscall_64+0xcd/0x1e0 [ 847.692306][T12502] ? clear_bhb_loop+0x25/0x80 [ 847.697196][T12502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.703305][T12502] RIP: 0033:0x7f03f99b0093 [ 847.707953][T12502] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 62 43 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 847.727775][T12502] RSP: 002b:00007ffe94225868 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 847.736389][T12502] RAX: ffffffffffffffda RBX: 000055558d8be600 RCX: 00007f03f99b0093 [ 847.744576][T12502] RDX: 0000000000008000 RSI: 000055558d8be600 RDI: 0000000000000005 [ 847.752708][T12502] RBP: 000055558d8be5d4 R08: 0000000000000000 R09: 0000000000000000 [ 847.760831][T12502] R10: 0000000000000100 R11: 0000000000000293 R12: ffffffffffffffa8 [ 847.768961][T12502] R13: 0000000000000016 R14: 000055558d8be5d0 R15: 00007ffe94227b10 [ 847.777110][T12502] [ 847.780541][T12502] Kernel Offset: disabled [ 847.784927][T12502] Rebooting in 86400 seconds..