last executing test programs: 6.214645102s ago: executing program 0 (id=2174): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008000, &(0x7f0000000240)={[{@debug}, {@orlov}, {@nomblk_io_submit}, {@block_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}, {@init_itable_val}, {@usrquota}, {@usrquota}]}, 0x1, 0x5ba, &(0x7f0000001bc0)="$eJzs3c1vVFUbAPDnTD8olPdtIUbFhTQxBhKlpQUMMS5gTxr8iBs3VloIUqChNVo0sSS4MTFujDFx5UL8L5TIlpWuXLhxZUiIGpYmjrkzc0tb7rS0THsr9/dLht57zlzOczt9eu6cnnMngMoayv6pReyLiJkUMZAWFuu6o1U51Hzevb8+OpM9UtTrr/+RIrXK8uen1tf+1sF9EfHTjyn2dj3Y7uz81QsT09NTV1r7I3MXZ0Zm568eOn9x4tzUualLYy+NHT929Njx0cMdO9dT1999f+DT8be+/frvNPrdr+MpTsTuVt3S8+iUoRhqfk92LC/Pvq/HO91YSbpa57P0JU7dJQbEuuSvX09EPBUD0RX3X7yB+OTVUoMDNlU9RdSBikryHyoqvw7I39uvfB9cK+WqBNgKd082BwAezP/u5thg9DXGBnbdS7F0WCdFRCdG5rI2bt8av3721vj12KRxOKDYwrWIeLoo/1MjNwcbo/hZ/teW5X92XXC69TUrf22D7Q+t2Jf/sHWa+d+3ofx/e0n+v7PB9uU/AAAAAAAAdM7NkxHxYtHf/2uL83+iYP5Pf0Sc6ED7a//9r3anA80ABe6ejHilcP5vLZ/9O9jV2vpfYz5ATzp7fnrqcET8PyIORs+ObH90lTYOfbb3q3Z1+fy//JG1f7s1F7AVx53uFetnJyfmJh71vIGIu9cinimc/5sW+/9U0P9nvw9mHrKNvc/fON2ubu38BzZL/ZuIA4X9f1p8Tlr9/hwjjeuBkfyq4EHPfvj59+3al/9Qnqz/37V6/g+mpffrmV1/G0fmu+vt6jZ6/d+b3mjccqa3VfbBxNzcldGI3nSqKytdVj62/pjhcZTnQ54vWf4ffG718b+i6/+dEbGw4v9Ofy5fU5x78p/+39rFo/+H8mT5P7mu/n/9G2M3Bn9o1/7D9f9HG339wVaJ8T9o+jJP097l5QXp2F1UtdXxAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDjoBYRuyPVhhe3a7Xh4Yj+iHgidtWmL8/OvXD28nuXJrO6xuf/1/JP+h1o7qf88/8Hl+yPrdg/EhF7IuKLrp2N/eEzl6cnyz55AAAAAAAAAAAAAAAAAAAA2Cb626z/z/zeVXZ0wKbrLjsAoDQF+f9zGXEAW0//D9Ul/6G65D9Ul/yH6pL/UF3yH6pL/kN1yX8AAAAAAHis7Nl/85cUEQsv72w8Mr2tup5SIwM2W63sAIDSuMUPVJepP1Bd3uMDaY36vrYHrXXkambOPMLBAAAAAAAAAAAAAFA5B/ZZ/w9VZf0/VJf1/1Bd+fr//SXHAWw97/GBWGMlf+H6/zWPAgAAAAAAAAAAAAA6aXb+6oWJ6empKzbe3B5hbOVGvV7/OPsp2C7x/Mc38qnw2yWeR9oo9/cSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw378BAAD//2QiJqY=") syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x4008a, &(0x7f00000001c0)={[{@dioread_nolock}, {@usrjquota, 0x22}, {@errors_continue}, {@noload}, {@data_err_ignore}, {@grpjquota, 0x22}, {@errors_continue}, {@jqfmt_vfsold}, {@usrjquota}]}, 0xfe, 0x44e, &(0x7f0000000900)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==") syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x61, &(0x7f00000001c0)=ANY=[], 0x1, 0x0, &(0x7f0000000000)) 5.246111666s ago: executing program 0 (id=2180): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f000001f9c0)={0xa, {0x8000, 0x200}}) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f00000000c0)={0x2, 0x0, 0x0, {0x0, 0x0, 0xffffffff, 0xfffffff9}}) 4.885677035s ago: executing program 2 (id=2182): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000000100000040000180060001000a00000008000500000000000c000700000000000000000008000900710000000700060072720000080008000000000008000b"], 0x54}}, 0x0) 4.443907761s ago: executing program 0 (id=2185): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f00000009c0)={&(0x7f0000000540)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000005d40)=[@rdma_args={0x48, 0x114, 0xffffffa1, {{}, {0x0}, 0x0}}], 0x48}, 0x0) 4.292870572s ago: executing program 2 (id=2187): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000840), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f00000006c0)={0x34, r1, 0x319, 0x0, 0x0, {0x3d}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) 3.964486759s ago: executing program 0 (id=2190): r0 = fanotify_init(0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) fanotify_mark(r0, 0x102, 0x22, r1, 0x0) 3.761300096s ago: executing program 2 (id=2191): syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000080)={0xf0f040, 0x4}) 3.590120772s ago: executing program 3 (id=2192): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) link(&(0x7f00000011c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0\x00') 3.495044081s ago: executing program 1 (id=2193): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x58, r0, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x44, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x30}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}]}, 0x58}}, 0x0) 3.442114051s ago: executing program 0 (id=2194): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x210040, 0x0) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) 3.192168274s ago: executing program 2 (id=2196): r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$setperm(0x5, r0, 0x280000) keyctl$read(0xb, r0, &(0x7f0000000100)=""/104, 0xffffffffffffff5a) 2.972827314s ago: executing program 3 (id=2197): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0446, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCFLSH(r0, 0x80204705, 0x20000000) 2.933016628s ago: executing program 0 (id=2198): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_4={0x3, 0x1, 0x0, "f7940ef7"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @global=@item_012={0x2, 0x1, 0x1, "b8ef"}, @local=@item_012={0x2, 0x2, 0x0, '\x00\x00'}, @main=@item_4={0x3, 0x0, 0x8, "f8fff2ff"}, @local=@item_4, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) 2.916057352s ago: executing program 1 (id=2199): syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x400, 0x0, 0x0, 0x0, &(0x7f0000000000)) syz_mount_image$fuse(0x0, &(0x7f0000000940)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x8000, &(0x7f0000000540)={[{@userxattr}], [], 0x2c}) 2.737883178s ago: executing program 4 (id=2200): socket$unix(0x1, 0x1, 0x0) r0 = socket$kcm(0x10, 0x100000000002, 0x4) sendmsg$kcm(r0, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601618575e285af0100d41f215c0000883795c04a31ba377a1b2cc32b38d3440c6942cb76cab3000000", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0) 2.694103361s ago: executing program 2 (id=2201): openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009e173610ef171e7206de0102030109021200010000000009040000000206"], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="00000700000035da08"], 0x0, 0x0, 0x0, 0x0}) 2.397545138s ago: executing program 3 (id=2202): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002fc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000260000000820000095000000000000002ba7e1d30c04aa8b3382022ce2a1d97411a0f6b599e83f24a3aa81d36bb7019c13bd23212fb56f040026fbfefc4a056bdc17487902317142fac7e7be168c1886d0d4d94f2f4eb45c652fbc1626cca2a28d67974cbc7651ee988e6e06c8cedf7ceb9fc40400ae5e4aa74c92c6a51cbf9b0a4def23d410f6accd3641130bfc4e90a6341865c3f5ab3e89cf6c662ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0c18ce7400dae15cb7947c491b8bea3fd2f73902ebcfcf4982277d9800011b405bbf7b02433a9bcd715f5888b2007f000000001c000000010000000000000600000000309329170ee5b567e70f000006a10f58fa64533500000000000000000000000031000000000000001208e75a89faffbfb11b7dc6ea31001e846c12423a169f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc21b3f904fef5d7d617de7a6520655a80d0900f4d433623c850af895abba14f6fbd7fbad1f98e26ad4deaf1a4f294b2a431ab9142f3a06d54740a4bc5e3abd378af7c9676a08e774c48785f895b4ec8d1141d5e8744d7f09ab4df6027bf48cabecead649f96ea24d32872c494160cb7f46ce680eeb80157eb23f9902519ac655fa73103170cbc496d7122034b85e7e87a2db762cbb253fbd76b9117c1a11d18aa2040c5f0c289906000000000000005ffe91ff799a11d9b219c00c369a12bf8885b862d0dbdd956cbda1bae489bcef5ae59136aaadc59609f4d42617c0e6066938b521a0f2e2467a6c435ad5b800262a5da053ced5e95394e500000072737638ac44fb61310e2df511c60b3c88113996a81fb64bce5eb95ce91738640ff7ae6ed6b62086e699955926934389cdf9bcffff3ffd86fe9ce05268bf8a3958f2206cdc7095682c14f10be1075832956762b2dcc6251e7b74cb1da627e332765511c58215bf84d263e8778e6e8ffe4ea50b076446f35efffc806b340658342d2d9e1ef68c6ef3e98407d2fcefb34a0000000000000000895ddbb76122b1222e4da37177fe833e4fcaa67997e92a206ebd085bd9f90008d3fdd528efe6c1dca17f45ba5e8bd311a40030f9ffce75ffff996a80153a0077bb43f8a63dd390d18f0239b41da1a52383a4c6768ca1bb66b8fb3c5000f6f246fd20356a60769b461b6cdf133de073b1df08ae09268b0073bb97d88d741a5546e76caf4b6b1387ff37ec13d262dae0260be74cdf7bb6d3107597430ef5bbd476bb9d69b2aef9f3cb644b4bf01ccf16d40720939daf2af469bdfb361b9c015dd026fd0fffe3c66f5c343afb78a7cfd852f3e05c089887d7df2ff4f9982030019421af6b78ff9c444a17091875cfe4eab0e7f50eb69c860b1613a6b4f5af04f9c635d8d646c89f8b85f820ce7464c731deba39f9ff7b815f7b0acba754c01ed8bf1bba0010a8c6a2b966d861f9dd547abf2e9b23e5607f00f80b58fd76e4bc46c84799aa792cdaeb6cfb858e577dacff607ba513250e13ae696cd6ed7d318190a93b9ee07927efca6b8d1f5980994690bbe002db5146439d906a0d4aef065214b15666cdca81091b69acee2c7ce0821fc19e0891f0b53469f935c5ac420100010000000000fb53faf4420638489e6a1c696d8c414a87b60000000000080000b6be1557951854c01dbc2d061827ae6349a045b780893771524a424335b9fc34616ee9f09141057262530b7c2f7c9b969938779736ece7b470078ac0b1b4b528000000009866e9994ca9096672ec9f3800c2fc35ba6516e542624c47bdba76a816c3a3dd6c3fa87a3ec91df199a9af91a7babf2b8d0e7b77e6dfb4bbc9817847b705000000a100000000e795ace0d52bb3e9f2bf29960000ab8353f3800f045b90b0eaab6d731199c9447eabbc8c740183aff5389742e47de5000000826a570d14310700cf2ae3366ebdb7f1000000000000333c00e6addbf4c71ffad6bfb5babb49109f92a5a52042c425190a6e3f1a8a3abfe6059da9c952cf35c98ce7616355493d280f2d0be99e18fd0900c769e7eb4edc1c03a33676590bd2047229e0237c1e34641848531712ff09e89fb062a3e66f4fced0ae679733830039cb61ea0691f0b4e0b33194404e643243c3841e1e7fe301f7f47a7f89512d92e83624e3dfbfd0e5e381398e9d5428a10cc8a6d097d97e6ac8bd09b1a5577920a650114a522c1e2dcdc4f606fcbcee91770a9fada34d38cd7976a9228a0a0dd8661be8162e966aac26bea4c11458cd6ce22ddf7054cdd0a60ef3ec000000000000000000425cb75dc7ec92e9a5d29f9c99697d2a98ae0a9f35e4196c3faeb7a60a0290bf897846f6f0f1c163d6075119169d55d10da9ad0e4b2c636d200000009baaf94e2b2c48e70d8453f832eecfb1de2a3f38a5c986de9e37737dac74db251d5e9ea2b8ed39e91a7a17d01b49f7aaff7c4c73c3484bdcab362838ed940035b239a3646ef55b9f070ae14466b3acef9f8b28fb918a237e2e068ae4a6bce4407b54cc14614c2cdf877f000000000000000000000000bdcf23144e6c16b9235552aed83b6428f34d88c258a9ad16386bba51b60838fb11bc193a206b5a25b7233b222e4e68e0d1e88f26b9a45b6c29469530a37ea92aaf421cdcc1f594ecfaff9a79b56f8b38038002d25ddb1ce347e8d4c0f4c04be8fa72dc8a4e5d51468bce285102a0863e9b7785df924059ca5fa9380c2124adf160b644f2b2edc369046f654dadd5401b35b85b0aea58bb471c818c5ff9d5f7262d96c3977731459d231f00be487b9753d377e268d237cfd768d6883e9cc575dbb452052f5c676a75a51b50f9b5de8ffe3405a7a687ca8dbdedfc10268f3bf52cb9f72c7c11"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x57, 0x10, &(0x7f0000000000), 0xffffffffffffffc9, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x34, &(0x7f0000000040)=r0, 0x4) 2.368653762s ago: executing program 1 (id=2203): unshare(0xa000680) r0 = eventfd(0x0) fchmod(r0, 0x0) 2.3439214s ago: executing program 4 (id=2204): unshare(0x2000400) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x604200, 0x0) vmsplice(r0, 0x0, 0x0, 0x1) 1.99475234s ago: executing program 3 (id=2205): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000001e00), r0) sendmsg$NLBL_CIPSOV4_C_REMOVE(r0, &(0x7f0000001f00)={0x0, 0x0, &(0x7f0000001ec0)={&(0x7f0000001e40)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}]}, 0x1c}}, 0x0) 1.990619631s ago: executing program 4 (id=2206): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newtaction={0x48, 0x1c, 0x0, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x34, 0x1, [@m_ctinfo={0x30, 0x0, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021440000001e0a05010000000000000000070000000900020073797a31000000000900010073797a3000000000180003801400008004000180080003"], 0xc8}}, 0x0) 1.943763616s ago: executing program 1 (id=2207): unshare(0x20040600) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x6, &(0x7f0000000000), 0x4) 1.537511185s ago: executing program 4 (id=2208): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a09040000000000000000020000000900020073797a32000000000900010073797a300000000070000000080a01010000000000000000020000000900010073797a30000000000900020073797a32"], 0xc4}}, 0x8080) 1.444344833s ago: executing program 3 (id=2209): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x1000) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) 1.407562793s ago: executing program 1 (id=2210): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="696d2393", @ANYRES16=0x0, @ANYBLOB="000000000000000000000f"], 0x14}}, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00') 821.135748ms ago: executing program 4 (id=2211): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000014000000080016000000000018000180140002006e657464657673696d3000000000000008001500000000000800130000170000080014"], 0x4c}}, 0x0) 614.331328ms ago: executing program 3 (id=2212): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f00000004c0)='./bus\x00', 0x1000840, &(0x7f0000000100)={[{@fat=@nocase}, {@uni_xlate}, {@fat=@quiet}, {@iocharset={'iocharset', 0x3d, 'cp737'}}, {@shortname_win95}, {@uni_xlateno}, {@shortname_lower}, {@uni_xlateno}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@rodir}, {@shortname_mixed}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}]}, 0x3, 0x353, &(0x7f0000000600)="$eJzs3U9oW3UcAPBv9tKkHcz2IAwF4elN0LJWPOipZXQwzEUl+OcgFteptHXQYLA7NKsX8Sh41JM3D3rwsLMIinjz4NUJMhEPutvA4ZPkvTYvTZp1QjbLPp9D+Pb7+37z+73mtXlNm19fX4r1C1Nx8caN6zE9XYnq0tmluFmJuUhiz5UYVhuRAwCOh5tZFn9luSO2VCa8JABgwnrP/2+eKmXe/3ZcfebZHwCOveLn/5lxNdOHDVyayJIAgAkbev3/sYHh2uCv+qulvwoAAI6rF1959bnlRsQLaTodsflBu9luxrP98eWL8XZsxFqcidm4FZFfKHRvKr3bc+cbK2fSNO3Eb3PR7Ha0mxGbnXYzv1JYTnr99ViI2Zgr+ourjSzLknNfNVYW0p6IuNLpzR+blXZzKk4W8/98MtZiMdJ4cKg/4nxjZTEt7qC5udffidjtv27RXf98zMaPb8Sl2IgL0e3du6xprOwspOnZrDHQ327We3W5Q18BAQAAAAAAAAAAAAAAAAAAAACA/2Q+3Te3v/9N1t+/Z35+xHhvf5y8v9gfaDffHyirZ5Flf773ZPPDJAb2Bzq4P0+7WY0T9/bQAQAAAAAAAAAAAAAAAAAA4H+jtV2L1Y2Nta3W9uX1ctDZam2fiIhu5p3vv/hmJoZrbhNUizlKQ2mRurxeiUoUxVkyUFMESXfyvcznV/dXXK6p7x/FyGXUDxuaiYhTj/76ST/zSLJ3z//0i5MYfYDJgWWUg80H8iXdySdqP1i8Tc21LMsOa995bbgrKhHVO3/gxgdZN/ju+lsPPdU6/XQv83WWe/yJ2ZeuffzZ7+urG92Zo/cI1rZat7L11eLj0Sfb4UFSOn8qkQeV8plQHde+O5hZTX764+WHP/rhaLNn5cy7I2qS/HC+PDhUy4PuMg8MzYyaa2rEyT+B4PSnS6tXd36ZGf8l0w9K3yRs1AEAAAAAAAAAAAAAAAAAAHdF6b3iheLNvlPjup55fvIrAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC7p////0vB7lDmKMHfnRgeqq9ttSJq9/owAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4z/0bAAD//z16Z0Q=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 333.769828ms ago: executing program 1 (id=2213): mkdir(&(0x7f0000002740)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000000)={[{@dyn}]}) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000000)={[{@dyn}]}) 257.892943ms ago: executing program 2 (id=2214): r0 = socket(0x2b, 0x80801, 0x1) connect$inet6(r0, &(0x7f0000000000)={0xa, 0xfffd, 0x0, @empty}, 0x1c) setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, 0x0, 0x0) 0s ago: executing program 4 (id=2215): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x40}, {0x6}]}, 0x10) sendmsg$IPSET_CMD_PROTOCOL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x1, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000004}, 0x8084) kernel console output (not intermixed with test programs): ] koneplus 0003:1E7D:2E22.0023: hidraw0: USB HID v0.00 Device [HID 1e7d:2e22] on usb-dummy_hcd.3-1/input0 [ 455.512595][ T5243] koneplus 0003:1E7D:2E22.0023: couldn't init struct koneplus_device [ 455.521109][ T5243] koneplus 0003:1E7D:2E22.0023: couldn't install mouse [ 455.539447][ T5243] koneplus 0003:1E7D:2E22.0023: probe with driver koneplus failed with error -71 [ 455.558248][ T5243] usb 4-1: USB disconnect, device number 13 [ 456.032716][ T5187] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 456.562098][ T7977] 8021q: adding VLAN 0 to HW filter on device bond0 [ 456.778756][ T7977] 8021q: adding VLAN 0 to HW filter on device team0 [ 456.940399][ T3546] bridge0: port 1(bridge_slave_0) entered blocking state [ 456.948186][ T3546] bridge0: port 1(bridge_slave_0) entered forwarding state [ 457.123513][ T3546] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.131228][ T3546] bridge0: port 2(bridge_slave_1) entered forwarding state [ 457.557925][ T8173] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 457.567262][ T8173] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 457.576498][ T8173] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 457.585636][ T8173] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 457.595046][ T8173] vxlan0: entered promiscuous mode [ 457.600824][ T8173] vxlan0: entered allmulticast mode [ 457.743959][ T8173] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 457.753469][ T8173] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 457.764123][ T8173] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 457.773447][ T8173] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 458.566286][ T8186] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1233'. [ 458.575666][ T8186] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1233'. [ 458.585228][ T8186] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1233'. [ 458.847042][ T8191] loop4: detected capacity change from 0 to 8 [ 459.323741][ T8194] loop1: detected capacity change from 0 to 1024 [ 459.506721][ T8194] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 460.269863][ T8200] loop3: detected capacity change from 0 to 2048 [ 460.359603][ T8200] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 460.427958][ T8207] process 'syz.1.1241' launched './file1' with NULL argv: empty string added [ 460.469043][ T7977] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 460.503445][ T29] audit: type=1326 audit(1726470794.250:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8205 comm="syz.2.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa25c97def9 code=0x7ffc0000 [ 460.527284][ T29] audit: type=1326 audit(1726470794.290:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8205 comm="syz.2.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7fa25c97def9 code=0x7ffc0000 [ 460.550261][ T29] audit: type=1326 audit(1726470794.290:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8205 comm="syz.2.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa25c97def9 code=0x7ffc0000 [ 460.691848][ T8211] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 461.447195][ T7977] veth0_vlan: entered promiscuous mode [ 461.563659][ T7977] veth1_vlan: entered promiscuous mode [ 461.754952][ T5200] Bluetooth: hci5: command 0x0406 tx timeout [ 461.815343][ T7977] veth0_macvtap: entered promiscuous mode [ 461.959669][ T7977] veth1_macvtap: entered promiscuous mode [ 462.189535][ T7977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 462.200965][ T7977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.211339][ T7977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 462.222308][ T7977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.233297][ T7977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 462.250187][ T7977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.262290][ T7977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 462.273168][ T7977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.288322][ T7977] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 462.419716][ T8227] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1245'. [ 462.512357][ T7977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 462.523183][ T7977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.533411][ T7977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 462.546436][ T7977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.561922][ T7977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 462.574020][ T7977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.584212][ T7977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 462.594971][ T7977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.609856][ T7977] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 462.823828][ T7977] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.833127][ T7977] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.842353][ T7977] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.857830][ T7977] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.828838][ T8261] loop2: detected capacity change from 0 to 1024 [ 464.830794][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 464.842278][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 464.876169][ T8254] loop1: detected capacity change from 0 to 2048 [ 464.944547][ T8254] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 465.059874][ T8266] loop4: detected capacity change from 0 to 1024 [ 465.112206][ T8268] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 465.232994][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 465.244073][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 465.324351][ T8254] Remounting filesystem read-only [ 465.380273][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 465.392934][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 465.419490][ T8266] hfsplus: bad catalog entry type [ 465.480080][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 465.492393][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 465.567827][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 465.580051][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 465.691745][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 465.702769][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 465.742372][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 465.753252][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 465.773994][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 465.784921][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 465.834092][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 465.845227][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 465.869330][ T4426] hfsplus: b-tree write err: -5, ino 4 [ 465.893776][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 465.904705][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 465.947882][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 465.958838][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 466.023267][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 466.042278][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 466.063732][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 466.076038][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 466.094175][ T3546] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.219773][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 466.237660][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 466.352903][ T3546] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.375247][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 466.386338][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 466.503529][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 466.514649][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 466.575212][ T3546] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.620697][ T8254] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 466.632265][ T8254] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 466.677839][ T29] audit: type=1800 audit(1726470800.480:43): pid=8254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1256" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 466.739902][ T3546] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.111764][ T3546] bridge_slave_1: left allmulticast mode [ 467.117785][ T3546] bridge_slave_1: left promiscuous mode [ 467.124727][ T3546] bridge0: port 2(bridge_slave_1) entered disabled state [ 467.208508][ T3546] bridge_slave_0: left allmulticast mode [ 467.214721][ T3546] bridge_slave_0: left promiscuous mode [ 467.221351][ T3546] bridge0: port 1(bridge_slave_0) entered disabled state [ 467.923321][ T3546] team0: Port device bond0 removed [ 467.955329][ T3546] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 467.998072][ T3546] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 468.023018][ T3546] bond0 (unregistering): Released all slaves [ 469.020538][ T3546] hsr_slave_0: left promiscuous mode [ 469.032434][ T8303] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1270'. [ 469.107521][ T3546] hsr_slave_1: left promiscuous mode [ 469.141962][ T3546] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 469.149758][ T3546] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 469.193198][ T5200] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 469.195113][ T3546] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 469.214754][ T3546] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 469.236710][ T5200] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 469.254099][ T5200] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 469.285678][ T3546] veth1_macvtap: left promiscuous mode [ 469.292172][ T3546] veth0_macvtap: left promiscuous mode [ 469.298319][ T3546] veth1_vlan: left promiscuous mode [ 469.309980][ T3546] veth0_vlan: left promiscuous mode [ 469.315937][ T5200] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 469.330282][ T5200] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 469.372180][ T5200] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 470.759763][ T8327] mmap: syz.4.1278 (8327) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 470.889572][ T3546] team0 (unregistering): Port device team_slave_1 removed [ 470.994482][ T3546] team0 (unregistering): Port device team_slave_0 removed [ 471.699713][ T5190] Bluetooth: hci3: command tx timeout [ 472.455326][ T29] audit: type=1326 audit(1726470806.220:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.1.1284" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fba2dd7def9 code=0x0 [ 472.858541][ T8357] loop3: detected capacity change from 0 to 24 [ 472.926812][ T8357] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 473.017849][ T8305] chnl_net:caif_netlink_parms(): no params data found [ 473.045447][ T8359] VFS: Lookup of 'file0' in romfs loop3 would have caused loop [ 473.211270][ T8361] loop4: detected capacity change from 0 to 16 [ 473.313624][ T8361] erofs: (device loop4): mounted with root inode @ nid 36. [ 473.440448][ T8361] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 473.523443][ T8361] erofs: (device loop4): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 473.612284][ T8367] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 473.624500][ T8367] erofs: (device loop4): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 473.751875][ T5190] Bluetooth: hci3: command tx timeout [ 474.535730][ T8375] loop3: detected capacity change from 0 to 2048 [ 474.680911][ T8375] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 475.058102][ T8305] bridge0: port 1(bridge_slave_0) entered blocking state [ 475.066034][ T8305] bridge0: port 1(bridge_slave_0) entered disabled state [ 475.073997][ T8305] bridge_slave_0: entered allmulticast mode [ 475.083260][ T8305] bridge_slave_0: entered promiscuous mode [ 475.264353][ T8305] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.272831][ T8305] bridge0: port 2(bridge_slave_1) entered disabled state [ 475.280627][ T8305] bridge_slave_1: entered allmulticast mode [ 475.289942][ T8305] bridge_slave_1: entered promiscuous mode [ 475.317443][ T8386] loop1: detected capacity change from 0 to 1024 [ 475.386211][ T4426] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 475.394399][ T4426] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 475.573716][ T8386] hfsplus: small dir entry [ 475.683964][ T8305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 475.770791][ T8305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 475.834618][ T5190] Bluetooth: hci3: command tx timeout [ 475.868511][ T3546] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 475.876760][ T3546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 476.171198][ T8305] team0: Port device team_slave_0 added [ 476.230880][ T8305] team0: Port device team_slave_1 added [ 476.413771][ T8399] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 476.603060][ T8305] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 476.610270][ T8305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 476.637602][ T8305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 476.814397][ T8305] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 476.821750][ T8305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 476.848380][ T8305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 477.190746][ T8305] hsr_slave_0: entered promiscuous mode [ 477.255762][ T8305] hsr_slave_1: entered promiscuous mode [ 477.647151][ T29] audit: type=1800 audit(1726470811.450:45): pid=8416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1301" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 477.911868][ T5200] Bluetooth: hci3: command tx timeout [ 478.031853][ T8419] smb3: Bad value for 'uid' [ 478.036632][ T8419] smb3: Bad value for 'uid' [ 478.051273][ T8403] loop3: detected capacity change from 0 to 4096 [ 478.142456][ T8403] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 478.403513][ T8403] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 478.785528][ T8429] loop4: detected capacity change from 0 to 256 [ 478.997885][ T8429] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xff6f124c, utbl_chksum : 0xe619d30d) [ 479.158046][ T3978] ntfs3: loop3: ino=5, ntfs3_write_inode failed, -22. [ 479.266386][ T8429] exFAT-fs (loop4): error, invalid size(size(16128) > aligned(0) [ 479.266386][ T8429] [ 479.279523][ T8429] exFAT-fs (loop4): Filesystem has been set read-only [ 479.308381][ T8305] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 479.384697][ T8305] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 479.492913][ T8305] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 479.563185][ T8305] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 479.699562][ T8437] cannot load conntrack support for proto=3 [ 479.729762][ T8439] openvswitch: netlink: IPv4 tunnel dst address is zero [ 479.992296][ T5200] Bluetooth: hci3: command 0x0405 tx timeout [ 481.404183][ T8305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 481.629379][ T8305] 8021q: adding VLAN 0 to HW filter on device team0 [ 481.695977][ T25] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 481.809941][ T4231] bridge0: port 1(bridge_slave_0) entered blocking state [ 481.817776][ T4231] bridge0: port 1(bridge_slave_0) entered forwarding state [ 481.913710][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 481.949487][ T4231] bridge0: port 2(bridge_slave_1) entered blocking state [ 481.957310][ T4231] bridge0: port 2(bridge_slave_1) entered forwarding state [ 481.976563][ T25] usb 4-1: config 0 has too many interfaces: 231, using maximum allowed: 32 [ 481.987028][ T25] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 231 [ 481.996851][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 482.067967][ T25] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice= 0.00 [ 482.077800][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 482.086321][ T25] usb 4-1: SerialNumber: syz [ 482.237976][ T25] usb 4-1: config 0 descriptor?? [ 482.319230][ T8305] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 482.330931][ T8305] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 482.332587][ T25] input: USB Touchscreen 134c:0002 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input22 [ 482.578074][ T44] usb 4-1: USB disconnect, device number 14 [ 483.476199][ T8482] loop4: detected capacity change from 0 to 256 [ 484.082880][ T44] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 484.287709][ T8476] loop0: detected capacity change from 0 to 4096 [ 484.409645][ T44] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89 [ 484.422134][ T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10 [ 484.433848][ T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 255, setting to 64 [ 484.515937][ T44] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 484.525512][ T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.534000][ T44] usb 4-1: Product: syz [ 484.538398][ T44] usb 4-1: Manufacturer: syz [ 484.543413][ T44] usb 4-1: SerialNumber: syz [ 484.636464][ T44] usb 4-1: config 0 descriptor?? [ 484.646016][ T8305] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 484.646736][ T8490] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 485.202110][ T8504] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1329'. [ 485.341705][ T44] rc_core: IR keymap rc-streamzap not found [ 485.347855][ T44] Registered IR keymap rc-empty [ 485.348645][ T8305] veth0_vlan: entered promiscuous mode [ 485.355660][ T44] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 485.375793][ T44] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input23 [ 485.522606][ T8305] veth1_vlan: entered promiscuous mode [ 485.730973][ T44] usb 4-1: USB disconnect, device number 15 [ 486.054077][ T8305] veth0_macvtap: entered promiscuous mode [ 486.144955][ T8305] veth1_macvtap: entered promiscuous mode [ 486.375202][ T8305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.386725][ T8305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.397287][ T8305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.413149][ T8305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.424879][ T8305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.435657][ T8305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.447271][ T8305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.458034][ T8305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.473232][ T8305] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 486.782882][ T8305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.795326][ T8305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.805666][ T8305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.822050][ T8305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.833733][ T8305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.844741][ T8305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.854956][ T8305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.865714][ T8305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.883780][ T8305] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 487.204609][ T8305] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.214047][ T8305] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.228622][ T8305] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.239534][ T8305] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.442097][ T8542] loop1: detected capacity change from 0 to 164 [ 490.923271][ T8570] loop1: detected capacity change from 0 to 1024 [ 493.176940][ T8613] loop1: detected capacity change from 0 to 1024 [ 493.335710][ T8613] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 493.772030][ T6774] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 38: comm syz-executor: path /140/file1/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=327680, rec_len=0, size=1024 fake=0 [ 493.857927][ T6774] EXT4-fs error (device loop1): ext4_empty_dir:3126: inode #11: block 38: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=6144, inode=327680, rec_len=0, size=1024 fake=0 [ 493.923219][ T6774] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 38: comm syz-executor: path /140/file1/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=327680, rec_len=0, size=1024 fake=0 [ 494.018289][ T6774] EXT4-fs error (device loop1): ext4_empty_dir:3126: inode #11: block 38: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=6144, inode=327680, rec_len=0, size=1024 fake=0 [ 494.122591][ T6774] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 38: comm syz-executor: path /140/file1/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=327680, rec_len=0, size=1024 fake=0 [ 494.199368][ T8633] Bluetooth: MGMT ver 1.23 [ 494.210807][ T6774] EXT4-fs error (device loop1): ext4_empty_dir:3126: inode #11: block 38: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=6144, inode=327680, rec_len=0, size=1024 fake=0 [ 494.285993][ T6774] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 38: comm syz-executor: path /140/file1/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=327680, rec_len=0, size=1024 fake=0 [ 494.370904][ T6774] EXT4-fs error (device loop1): ext4_empty_dir:3126: inode #11: block 38: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=6144, inode=327680, rec_len=0, size=1024 fake=0 [ 494.459284][ T6774] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 38: comm syz-executor: path /140/file1/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=327680, rec_len=0, size=1024 fake=0 [ 494.531765][ T6774] EXT4-fs error (device loop1): ext4_empty_dir:3126: inode #11: block 38: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=6144, inode=327680, rec_len=0, size=1024 fake=0 [ 494.808600][ T8641] loop3: detected capacity change from 0 to 164 [ 494.880753][ T4231] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 494.889174][ T4231] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 494.916943][ T5243] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 495.015847][ T3072] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 495.024364][ T3072] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 495.161772][ T5243] usb 5-1: Using ep0 maxpacket: 16 [ 495.190985][ T5243] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 495.202608][ T5243] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 495.218301][ T5243] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 495.234386][ T5243] usb 5-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00 [ 495.243871][ T5243] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.274852][ T5243] usb 5-1: config 0 descriptor?? [ 495.725912][ T44] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 495.762982][ T10] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 495.805085][ T5243] hid-u2fzero 0003:10C4:8ACF.0024: unknown main item tag 0x0 [ 495.813339][ T5243] hid-u2fzero 0003:10C4:8ACF.0024: unknown main item tag 0x0 [ 495.821098][ T5243] hid-u2fzero 0003:10C4:8ACF.0024: unknown main item tag 0x0 [ 495.837192][ T5243] hid-u2fzero 0003:10C4:8ACF.0024: unknown main item tag 0x0 [ 495.847206][ T5243] hid-u2fzero 0003:10C4:8ACF.0024: unknown main item tag 0x0 [ 495.872962][ T5243] hid-u2fzero 0003:10C4:8ACF.0024: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.4-1/input0 [ 495.888305][ T5243] hid-u2fzero 0003:10C4:8ACF.0024: U2F Zero LED initialised [ 495.896272][ T5243] hid-u2fzero 0003:10C4:8ACF.0024: U2F Zero RNG initialised [ 495.941785][ T44] usb 3-1: Using ep0 maxpacket: 32 [ 495.966538][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 495.978584][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 495.988972][ T44] usb 3-1: New USB device found, idVendor=057e, idProduct=201e, bcdDevice= 0.00 [ 495.998478][ T5243] usb 5-1: USB disconnect, device number 7 [ 495.998483][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.015200][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 496.067956][ T10] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 496.076882][ T10] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 496.079040][ T44] usb 3-1: config 0 descriptor?? [ 496.085566][ T10] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 496.099962][ T10] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 496.108565][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 496.117934][ T10] usb 4-1: config 0 has no interface number 0 [ 496.124426][ T10] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 496.140714][ T10] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 496.153349][ T10] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 496.165861][ T10] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 496.180202][ T10] usb 4-1: config 0 interface 125 has no altsetting 0 [ 496.187486][ T10] usb 4-1: config 0 interface 125 has no altsetting 2 [ 496.316538][ T10] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 496.326947][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.342227][ T10] usb 4-1: Product: syz [ 496.346635][ T10] usb 4-1: Manufacturer: syz [ 496.354416][ T10] usb 4-1: SerialNumber: syz [ 496.379450][ T10] usb 4-1: config 0 descriptor?? [ 496.406282][ T10] usb 4-1: selecting invalid altsetting 2 [ 496.510470][ T6774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 496.548594][ T3546] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.703065][ T44] nintendo 0003:057E:201E.0025: unknown main item tag 0x0 [ 496.710550][ T44] nintendo 0003:057E:201E.0025: unknown main item tag 0x0 [ 496.733514][ T3546] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.820679][ C0] usb 4-1: async_complete: urb error -71 [ 496.826972][ C0] usb 4-1: async_complete: urb error -71 [ 496.833214][ C0] usb 4-1: async_complete: urb error -71 [ 496.843393][ T10] get_1284_register: usb error -71 [ 496.856631][ T10] uss720 4-1:0.125: probe with driver uss720 failed with error -71 [ 496.876223][ T44] nintendo 0003:057E:201E.0025: hidraw0: USB HID v80.00 Device [HID 057e:201e] on usb-dummy_hcd.2-1/input0 [ 496.882309][ T10] usb 4-1: USB disconnect, device number 16 [ 496.980566][ T44] nintendo 0003:057E:201E.0025: Failed to get joycon info; ret=-38 [ 496.986561][ T3546] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.989029][ T44] nintendo 0003:057E:201E.0025: Failed to retrieve controller info; ret=-38 [ 497.008404][ T44] nintendo 0003:057E:201E.0025: Failed to initialize controller; ret=-38 [ 497.102051][ T44] nintendo 0003:057E:201E.0025: probe - fail = -38 [ 497.109750][ T44] nintendo 0003:057E:201E.0025: probe with driver nintendo failed with error -38 [ 497.139386][ T3546] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 497.216606][ T44] usb 3-1: USB disconnect, device number 16 [ 497.622195][ T3546] bridge_slave_1: left allmulticast mode [ 497.628096][ T3546] bridge_slave_1: left promiscuous mode [ 497.634938][ T3546] bridge0: port 2(bridge_slave_1) entered disabled state [ 497.697979][ T3546] bridge_slave_0: left allmulticast mode [ 497.705495][ T3546] bridge_slave_0: left promiscuous mode [ 497.712539][ T3546] bridge0: port 1(bridge_slave_0) entered disabled state [ 498.371154][ T3546] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 498.420023][ T3546] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 498.450286][ T3546] bond0 (unregistering): Released all slaves [ 498.700840][ T8653] loop4: detected capacity change from 0 to 64 [ 498.706922][ T8651] sp0: Synchronizing with TNC [ 498.721241][ T3546] 0: left promiscuous mode [ 499.387923][ T5200] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 499.397693][ T5200] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 499.420510][ T5200] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 499.440849][ T5200] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 499.473677][ T5200] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 499.488329][ T5200] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 499.755268][ T3546] hsr_slave_0: left promiscuous mode [ 499.791628][ T3546] hsr_slave_1: left promiscuous mode [ 499.876427][ T3546] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 499.884883][ T3546] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 500.006960][ T3546] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 500.015314][ T3546] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 500.182031][ T3546] veth1_macvtap: left promiscuous mode [ 500.187796][ T3546] veth0_macvtap: left promiscuous mode [ 500.193904][ T3546] veth1_vlan: left promiscuous mode [ 500.199489][ T3546] veth0_vlan: left promiscuous mode [ 501.475767][ T3546] team0 (unregistering): Port device team_slave_1 removed [ 501.515783][ T3546] team0 (unregistering): Port device team_slave_0 removed [ 501.591809][ T5200] Bluetooth: hci4: command tx timeout [ 503.082430][ T5243] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 503.348711][ T5243] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 503.360405][ T5243] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 503.370978][ T5243] usb 3-1: New USB device found, idVendor=056a, idProduct=0003, bcdDevice= 0.00 [ 503.380464][ T5243] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.444751][ T8659] chnl_net:caif_netlink_parms(): no params data found [ 503.485408][ T5243] usb 3-1: config 0 descriptor?? [ 503.673289][ T5200] Bluetooth: hci4: command tx timeout [ 504.079350][ T5243] wacom 0003:056A:0003.0026: Unknown device_type for 'HID 056a:0003'. Assuming pen. [ 504.159263][ T5243] wacom 0003:056A:0003.0026: hidraw0: USB HID v0.00 Device [HID 056a:0003] on usb-dummy_hcd.2-1/input0 [ 504.175325][ T5243] input: Wacom Cintiq Partner Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:0003.0026/input/input24 [ 504.445415][ T5243] usb 3-1: USB disconnect, device number 17 [ 504.928651][ T8737] loop4: detected capacity change from 0 to 64 [ 505.266855][ T8740] tipc: Failed to obtain node identity [ 505.273403][ T8740] tipc: Enabling of bearer rejected, failed to enable media [ 505.534590][ T8659] bridge0: port 1(bridge_slave_0) entered blocking state [ 505.542577][ T8659] bridge0: port 1(bridge_slave_0) entered disabled state [ 505.550327][ T8659] bridge_slave_0: entered allmulticast mode [ 505.564772][ T8659] bridge_slave_0: entered promiscuous mode [ 505.704546][ T8659] bridge0: port 2(bridge_slave_1) entered blocking state [ 505.714571][ T8659] bridge0: port 2(bridge_slave_1) entered disabled state [ 505.722616][ T8659] bridge_slave_1: entered allmulticast mode [ 505.731874][ T8659] bridge_slave_1: entered promiscuous mode [ 505.765806][ T25] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 505.777030][ T5200] Bluetooth: hci4: command tx timeout [ 505.920537][ T8659] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 506.049328][ T25] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 506.059120][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 506.070881][ T25] usb 4-1: Product: syz [ 506.076402][ T25] usb 4-1: Manufacturer: syz [ 506.081309][ T25] usb 4-1: SerialNumber: syz [ 506.158833][ T8659] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 506.298768][ T25] usb 4-1: config 0 descriptor?? [ 506.600326][ T8752] loop2: detected capacity change from 0 to 256 [ 506.714194][ T8752] exfat: Deprecated parameter 'utf8' [ 506.719943][ T8752] exfat: Deprecated parameter 'namecase' [ 506.806713][ T8659] team0: Port device team_slave_0 added [ 506.965823][ T5249] usb 4-1: USB disconnect, device number 17 [ 507.019823][ T8659] team0: Port device team_slave_1 added [ 507.081301][ T8752] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 507.492315][ T8659] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 507.503332][ T8659] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 507.531043][ T8659] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 507.716441][ T8747] loop4: detected capacity change from 0 to 32768 [ 507.733851][ T8747] bcachefs (/dev/loop4): error validating superblock: Invalid superblock: optional field with size 0 (type 9) [ 507.746454][ T8747] bcachefs: bch2_fs_get_tree() error: invalid_sb_field_size [ 507.814765][ T8659] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 507.822094][ T8659] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 507.849189][ T8659] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 507.853468][ T5200] Bluetooth: hci4: command tx timeout [ 508.303115][ T8659] hsr_slave_0: entered promiscuous mode [ 508.351032][ T8659] hsr_slave_1: entered promiscuous mode [ 508.397636][ T8659] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 508.405766][ T8659] Cannot create hsr debugfs directory [ 509.453077][ T8778] loop0: detected capacity change from 0 to 512 [ 509.532657][ T8778] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 510.190241][ T8787] loop0: detected capacity change from 0 to 1024 [ 510.236368][ T8787] EXT4-fs: Ignoring removed orlov option [ 510.242529][ T8787] EXT4-fs: Ignoring removed nomblk_io_submit option [ 510.339515][ T8659] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 510.376144][ T8659] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 510.424111][ T8659] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 510.452672][ T8659] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 510.525034][ T8787] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 511.033760][ T7977] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 511.944346][ T8659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 512.217023][ T8659] 8021q: adding VLAN 0 to HW filter on device team0 [ 512.242137][ T8818] loop0: detected capacity change from 0 to 164 [ 512.331287][ T3546] bridge0: port 1(bridge_slave_0) entered blocking state [ 512.339235][ T3546] bridge0: port 1(bridge_slave_0) entered forwarding state [ 512.455551][ T4107] bridge0: port 2(bridge_slave_1) entered blocking state [ 512.463450][ T4107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 512.612823][ T5243] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 513.033936][ T5243] usb 3-1: New USB device found, idVendor=1039, idProduct=2121, bcdDevice=9e.ff [ 513.043682][ T5243] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.052391][ T5243] usb 3-1: Product: syz [ 513.056798][ T5243] usb 3-1: Manufacturer: syz [ 513.063872][ T5243] usb 3-1: SerialNumber: syz [ 513.152341][ T5243] usb 3-1: config 0 descriptor?? [ 513.180341][ T5243] usb 3-1: [ueagle-atm] ADSL device founded vid (0X1039) pid (0X2121) Rev (0X9EFF): Eagle II [ 513.420002][ T5243] usb 3-1: reset high-speed USB device number 18 using dummy_hcd [ 513.662305][ T10] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 513.892284][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 513.929299][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 513.939650][ T10] usb 4-1: New USB device found, idVendor=1c4f, idProduct=0059, bcdDevice= 0.00 [ 513.952725][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.066656][ T10] usb 4-1: config 0 descriptor?? [ 514.219972][ T5243] usb 3-1: device descriptor read/64, error -71 [ 514.532622][ T5243] usb 3-1: reset high-speed USB device number 18 using dummy_hcd [ 514.622953][ T10] sigmamicro 0003:1C4F:0059.0027: unknown main item tag 0x0 [ 514.724776][ T10] sigmamicro 0003:1C4F:0059.0027: hidraw0: USB HID v0.00 Device [HID 1c4f:0059] on usb-dummy_hcd.3-1/input0 [ 514.865843][ T5243] usb 3-1: [ueagle-atm] pre-firmware device, uploading firmware [ 514.880231][ T5243] usb 3-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw [ 514.905887][ T10] usb 4-1: USB disconnect, device number 18 [ 514.930541][ T1824] usb 3-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2 [ 514.940213][ T1824] usb 3-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw [ 515.017525][ T8659] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 515.217469][ T5399] udevd[5399]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 515.287409][ T25] usb 3-1: USB disconnect, device number 18 [ 515.772579][ T8659] veth0_vlan: entered promiscuous mode [ 515.899606][ T8659] veth1_vlan: entered promiscuous mode [ 516.426722][ T8659] veth0_macvtap: entered promiscuous mode [ 516.540251][ T8863] loop3: detected capacity change from 0 to 512 [ 516.568144][ T8659] veth1_macvtap: entered promiscuous mode [ 516.597868][ T8863] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 516.700666][ T8863] EXT4-fs (loop3): 1 truncate cleaned up [ 516.750642][ T8863] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 516.772813][ T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 516.875254][ T8659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 516.886144][ T8659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.897327][ T8659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 516.908103][ T8659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.922692][ T8659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 516.934664][ T8659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.944815][ T8659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 516.955708][ T8659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.971062][ T8659] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 516.999572][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 517.088763][ T8871] loop0: detected capacity change from 0 to 1024 [ 517.106718][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 517.268269][ T10] usb 5-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=46.8b [ 517.280622][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 517.289436][ T10] usb 5-1: Product: syz [ 517.294036][ T10] usb 5-1: Manufacturer: syz [ 517.298885][ T10] usb 5-1: SerialNumber: syz [ 517.316779][ T8871] hfsplus: bad catalog entry type [ 517.477461][ T10] usb 5-1: config 0 descriptor?? [ 517.495593][ T8659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 517.506648][ T8659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.519001][ T8659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 517.530268][ T8659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.544562][ T8659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 517.544772][ T5186] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 517.556487][ T8659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.575588][ T8659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 517.586405][ T8659] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.602697][ T8659] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 517.846915][ T8659] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.856160][ T8659] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.865432][ T8659] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.874619][ T8659] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 518.134001][ T3546] hfsplus: b-tree write err: -5, ino 4 [ 518.333001][ T5272] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 518.393946][ T10] usb 5-1: USB disconnect, device number 8 [ 518.513077][ T10] f81534a_ctrl 5-1:0.0: failed to set register 0x116: -19 [ 518.520651][ T10] f81534a_ctrl 5-1:0.0: failed to enable ports: -19 [ 518.620408][ T5272] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 518.632304][ T5272] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 518.642578][ T5272] usb 4-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 518.652145][ T5272] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 518.773172][ T5272] usb 4-1: config 0 descriptor?? [ 519.435480][ T5272] cougar 0003:060B:700A.0028: hidraw0: USB HID v0.00 Device [HID 060b:700a] on usb-dummy_hcd.3-1/input0 [ 519.633337][ T8892] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1470'. [ 519.640444][ T5249] usb 4-1: USB disconnect, device number 19 [ 519.757833][ T8893] loop4: detected capacity change from 0 to 512 [ 519.842867][ T8893] EXT4-fs: Ignoring removed oldalloc option [ 519.938629][ T8893] EXT4-fs error (device loop4): ext4_xattr_inode_iget:436: comm syz.4.1471: Parent and EA inode have the same ino 15 [ 519.964568][ T8893] EXT4-fs error (device loop4): ext4_xattr_inode_iget:436: comm syz.4.1471: Parent and EA inode have the same ino 15 [ 519.985895][ T8893] EXT4-fs (loop4): 1 orphan inode deleted [ 519.999627][ T8893] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 520.203939][ T5185] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 520.315935][ T8900] loop2: detected capacity change from 0 to 8 [ 520.358238][ T8902] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 520.367571][ T8902] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 520.376964][ T8902] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 520.386175][ T8902] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 520.454441][ T8900] SQUASHFS error: lzo decompression failed, data probably corrupt [ 520.462896][ T8900] SQUASHFS error: Failed to read block 0x202: -5 [ 520.469511][ T8900] SQUASHFS error: Unable to read metadata cache entry [200] [ 520.776117][ T8906] loop4: detected capacity change from 0 to 256 [ 522.913930][ T8941] netlink: 'syz.3.1485': attribute type 2 has an invalid length. [ 522.922123][ T8941] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1485'. [ 523.468854][ T8927] loop2: detected capacity change from 0 to 4096 [ 523.513067][ T8927] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 523.793757][ T5272] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 524.081079][ T5272] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 524.095863][ T5272] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 524.107786][ T5272] usb 4-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00 [ 524.117315][ T5272] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.184853][ T5272] usb 4-1: config 0 descriptor?? [ 524.717522][ T5272] logitech 0003:046D:C294.0029: unknown main item tag 0x0 [ 524.726658][ T5272] logitech 0003:046D:C294.0029: unbalanced collection at end of report description [ 524.836522][ T5272] logitech 0003:046D:C294.0029: parse failed [ 524.843380][ T5272] logitech 0003:046D:C294.0029: probe with driver logitech failed with error -22 [ 524.875550][ T8959] loop0: detected capacity change from 0 to 2048 [ 524.933429][ T5272] usb 4-1: USB disconnect, device number 20 [ 524.970390][ T8959] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 525.069332][ T8965] loop4: detected capacity change from 0 to 128 [ 525.118351][ T8967] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 525.120085][ T8959] NILFS error (device loop0): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 525.185807][ T8965] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 525.232371][ T8965] ext4 filesystem being mounted at /337/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 525.237361][ T8959] Remounting filesystem read-only [ 525.404302][ T5185] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 526.229788][ T5249] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 526.261659][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 526.268440][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 526.321905][ T8981] loop3: detected capacity change from 0 to 4096 [ 526.407514][ T8981] ntfs3: loop3: Primary boot: invalid record size -80. [ 526.417075][ T8981] ntfs3: loop3: try to read out of volume at offset 0x1ffe00 [ 526.721682][ T5249] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 526.733170][ T5249] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 526.744281][ T5249] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 526.757757][ T5249] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.863224][ T5249] usb 3-1: config 0 descriptor?? [ 527.292312][ T4426] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 527.300382][ T4426] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 527.414008][ T5249] pyra 0003:1E7D:2CF6.002A: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0 [ 527.517989][ T4231] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 527.526499][ T4231] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 527.682661][ T5249] pyra 0003:1E7D:2CF6.002A: couldn't init struct pyra_device [ 527.690638][ T5249] pyra 0003:1E7D:2CF6.002A: couldn't install mouse [ 527.784459][ T5249] pyra 0003:1E7D:2CF6.002A: probe with driver pyra failed with error -71 [ 527.870133][ T5249] usb 3-1: USB disconnect, device number 19 [ 529.033901][ T9014] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1505'. [ 529.138619][ T9011] loop3: detected capacity change from 0 to 1024 [ 529.232177][ T9011] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 529.422421][ T9013] loop4: detected capacity change from 0 to 2048 [ 529.587880][ T9011] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.1506: Invalid block bitmap block 0 in block_group 0 [ 529.622434][ T9023] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 529.635116][ T9024] loop2: detected capacity change from 0 to 128 [ 529.703333][ T9011] Quota error (device loop3): write_blk: dquota write failed [ 529.711069][ T9011] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 529.725882][ T9011] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.1506: Failed to acquire dquot type 0 [ 529.768395][ T9011] EXT4-fs error (device loop3): ext4_free_blocks:6590: comm syz.3.1506: Freeing blocks not in datazone - block = 0, count = 4096 [ 529.805087][ T9024] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 529.846559][ T9011] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.1506: Invalid inode bitmap blk 0 in block_group 0 [ 529.862190][ T3546] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-8 [ 529.872988][ T3546] EXT4-fs error (device loop3): ext4_release_dquot:6871: comm kworker/u8:15: Failed to release dquot type 0 [ 529.894574][ T9024] ext4 filesystem being mounted at /26/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 529.933001][ T9011] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem [ 529.949470][ T9011] EXT4-fs (loop3): 1 orphan inode deleted [ 529.957831][ T9011] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 530.013697][ T9018] loop0: detected capacity change from 0 to 4096 [ 530.176505][ T44] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 530.389699][ T8305] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 530.426228][ T44] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 530.440587][ T44] usb 2-1: config 0 has no interfaces? [ 530.447513][ T44] usb 2-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 530.456945][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.559913][ T44] usb 2-1: config 0 descriptor?? [ 530.575399][ T5186] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 530.620141][ T3546] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-8 [ 530.630240][ T3546] EXT4-fs error (device loop3): ext4_release_dquot:6871: comm kworker/u8:15: Failed to release dquot type 0 [ 530.848276][ T9027] RDS: rds_bind could not find a transport for ::1:902:1200:0, load rds_tcp or rds_rdma? [ 530.932897][ T5249] usb 2-1: USB disconnect, device number 11 [ 532.971765][ T44] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 533.083495][ T9067] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073709551615) [ 533.094180][ T9067] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647 [ 533.181126][ T44] usb 2-1: Using ep0 maxpacket: 16 [ 533.226208][ T44] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 533.238633][ T44] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 533.248811][ T44] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 533.262248][ T44] usb 2-1: config 0 interface 0 has no altsetting 0 [ 533.269165][ T44] usb 2-1: New USB device found, idVendor=045e, idProduct=05da, bcdDevice= 0.00 [ 533.283076][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 533.440838][ T44] usb 2-1: config 0 descriptor?? [ 534.029772][ T44] hid-generic 0003:045E:05DA.002B: unknown main item tag 0x0 [ 534.029970][ T44] hid-generic 0003:045E:05DA.002B: ignoring exceeding usage max [ 534.050712][ T44] hid-generic 0003:045E:05DA.002B: ignoring exceeding usage max [ 534.070244][ T44] hid-generic 0003:045E:05DA.002B: unbalanced delimiter at end of report description [ 534.153533][ T9063] loop4: detected capacity change from 0 to 4096 [ 534.188676][ T44] hid-generic 0003:045E:05DA.002B: probe with driver hid-generic failed with error -22 [ 534.290217][ T9074] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 534.303680][ T44] usb 2-1: USB disconnect, device number 12 [ 534.563897][ T9076] syz.3.1534 (9076): drop_caches: 4 [ 535.336317][ T5249] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 535.551725][ T5249] usb 4-1: Using ep0 maxpacket: 16 [ 535.619440][ T5249] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 535.631657][ T5249] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 535.710550][ T5249] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 535.720404][ T5249] usb 4-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 535.729211][ T5249] usb 4-1: Product: syz [ 535.733725][ T5249] usb 4-1: Manufacturer: syz [ 535.789385][ T5249] usb 4-1: config 0 descriptor?? [ 536.301156][ T5249] kovaplus 0003:1E7D:2D50.002C: unknown main item tag 0xd [ 536.349383][ T9094] loop4: detected capacity change from 0 to 128 [ 536.427484][ T5249] kovaplus 0003:1E7D:2D50.002C: hidraw0: USB HID v0.07 Device [syz syz] on usb-dummy_hcd.3-1/input0 [ 536.463914][ T9094] EXT4-fs: Ignoring removed nobh option [ 536.559129][ T5249] kovaplus 0003:1E7D:2D50.002C: couldn't init struct kovaplus_device [ 536.569180][ T5249] kovaplus 0003:1E7D:2D50.002C: couldn't install mouse [ 536.614208][ T9094] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 536.626774][ T5249] kovaplus 0003:1E7D:2D50.002C: probe with driver kovaplus failed with error -71 [ 536.732817][ T9094] ext4 filesystem being mounted at /350/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 536.771016][ T5249] usb 4-1: USB disconnect, device number 21 [ 537.287372][ T5185] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 537.326600][ T9108] loop2: detected capacity change from 0 to 1024 [ 537.350143][ T9108] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 537.360379][ T9108] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 537.371005][ T9108] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 537.380120][ T9108] EXT4-fs (loop2): filesystem has both journal inode and journal device! [ 537.699150][ T9111] loop0: detected capacity change from 0 to 1024 [ 537.872056][ T9111] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 538.264461][ T9129] loop4: detected capacity change from 0 to 8 [ 538.405031][ T9129] SQUASHFS error: Unable to read directory block [629:46] [ 538.500695][ T7977] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 540.416496][ T5243] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 540.642506][ T5243] usb 2-1: Using ep0 maxpacket: 16 [ 540.704898][ T5243] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 540.716375][ T5243] usb 2-1: New USB device found, idVendor=258a, idProduct=0033, bcdDevice= 0.00 [ 540.725999][ T5243] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.807420][ T5243] usb 2-1: config 0 descriptor?? [ 541.374094][ T5243] glorious 0003:258A:0033.002D: hidraw0: USB HID v0.00 Device [Glorious Model D] on usb-dummy_hcd.1-1/input0 [ 541.651985][ T5272] usb 2-1: USB disconnect, device number 13 [ 544.127450][ T9210] tipc: Started in network mode [ 544.133228][ T9210] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 544.143331][ T9210] tipc: New replicast peer: 0000:0000:0000:0000:0000:ffff:e000:0002 [ 544.154445][ T9210] tipc: Enabled bearer , priority 10 [ 544.266038][ T9215] loop3: detected capacity change from 0 to 8 [ 544.454161][ T9215] SQUASHFS error: lzo decompression failed, data probably corrupt [ 544.462796][ T9215] SQUASHFS error: Failed to read block 0x71: -5 [ 544.476365][ T9215] SQUASHFS error: lzo decompression failed, data probably corrupt [ 544.486466][ T9215] SQUASHFS error: Failed to read block 0x71: -5 [ 544.533128][ T29] audit: type=1800 audit(1726470878.330:46): pid=9215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1592" name="file0" dev="loop3" ino=3 res=0 errno=0 [ 545.302830][ T44] tipc: Node number set to 1 [ 545.751062][ T9241] loop3: detected capacity change from 0 to 8 [ 546.832614][ T44] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 546.950892][ T9258] loop0: detected capacity change from 0 to 256 [ 547.065471][ T44] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 547.076896][ T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 547.088276][ T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 547.098545][ T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 547.109847][ T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 547.120043][ T44] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 254 [ 547.135777][ T44] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.00 [ 547.145827][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.232528][ T44] usb 5-1: config 0 descriptor?? [ 547.342498][ T9258] FAT-fs (loop0): Directory bread(block 64) failed [ 547.349611][ T9258] FAT-fs (loop0): Directory bread(block 65) failed [ 547.364355][ T9258] FAT-fs (loop0): Directory bread(block 66) failed [ 547.371293][ T9258] FAT-fs (loop0): Directory bread(block 67) failed [ 547.378689][ T9258] FAT-fs (loop0): Directory bread(block 68) failed [ 547.385796][ T9258] FAT-fs (loop0): Directory bread(block 69) failed [ 547.393050][ T9258] FAT-fs (loop0): Directory bread(block 70) failed [ 547.399974][ T9258] FAT-fs (loop0): Directory bread(block 71) failed [ 547.407203][ T9258] FAT-fs (loop0): Directory bread(block 72) failed [ 547.414312][ T9258] FAT-fs (loop0): Directory bread(block 73) failed [ 547.564967][ T9261] loop1: detected capacity change from 0 to 2048 [ 547.678643][ T9266] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 547.730156][ T44] keytouch 0003:0926:3333.002E: fixing up Keytouch IEC report descriptor [ 547.806635][ T44] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.002E/input/input27 [ 548.068458][ T44] keytouch 0003:0926:3333.002E: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 548.168128][ T44] usb 5-1: USB disconnect, device number 9 [ 548.538124][ T9277] loop1: detected capacity change from 0 to 64 [ 548.611949][ T5249] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 548.886242][ T5249] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 548.897729][ T5249] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 548.907937][ T5249] usb 4-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 548.917375][ T5249] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 549.048897][ T5249] usb 4-1: config 0 descriptor?? [ 549.349670][ T25] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 549.590910][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 549.602727][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 549.613701][ T25] usb 3-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 549.623159][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 549.655160][ T5249] logitech-djreceiver 0003:046D:C71B.002F: hidraw0: USB HID v0.00 Device [HID 046d:c71b] on usb-dummy_hcd.3-1/input0 [ 549.692070][ T25] usb 3-1: config 0 descriptor?? [ 549.850611][ T5249] usb 4-1: USB disconnect, device number 22 [ 550.310388][ T25] petalynx 0003:18B1:0037.0030: collection stack underflow [ 550.318162][ T25] petalynx 0003:18B1:0037.0030: item 0 1 0 12 parsing failed [ 550.443852][ T25] petalynx 0003:18B1:0037.0030: parse failed [ 550.450356][ T25] petalynx 0003:18B1:0037.0030: probe with driver petalynx failed with error -22 [ 550.500132][ T9296] netlink: 'syz.1.1623': attribute type 16 has an invalid length. [ 550.511604][ T9296] netlink: 'syz.1.1623': attribute type 3 has an invalid length. [ 550.519547][ T9296] netlink: 64066 bytes leftover after parsing attributes in process `syz.1.1623'. [ 550.635317][ T5272] usb 3-1: USB disconnect, device number 20 [ 551.883350][ T9309] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1628'. [ 552.079590][ T9316] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1631'. [ 554.522064][ T9324] loop1: detected capacity change from 0 to 32768 [ 554.530962][ T9324] XFS: noikeep mount option is deprecated. [ 554.537415][ T9324] xfs: Unknown parameter 'audit' [ 555.973731][ T25] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 556.262693][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 556.275082][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 556.285332][ T25] usb 4-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 556.294743][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.365457][ T25] usb 4-1: config 0 descriptor?? [ 556.393422][ T9367] loop0: detected capacity change from 0 to 128 [ 556.518209][ T9367] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 556.612257][ T9367] ext4 filesystem being mounted at /84/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 556.869214][ T25] hid-led 0003:1D34:000A.0031: unknown main item tag 0x0 [ 557.019409][ T25] hid-led 0003:1D34:000A.0031: probe with driver hid-led failed with error -71 [ 557.029784][ T7977] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 557.098656][ T25] usb 4-1: USB disconnect, device number 23 [ 557.137582][ T9374] loop1: detected capacity change from 0 to 1024 [ 557.328006][ T9374] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 557.725565][ T8659] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 557.815477][ T9383] netlink: 'syz.2.1655': attribute type 1 has an invalid length. [ 557.825472][ T9383] netlink: 'syz.2.1655': attribute type 3 has an invalid length. [ 557.833685][ T9383] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1655'. [ 558.026336][ T9385] loop0: detected capacity change from 0 to 512 [ 558.121250][ T9385] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.1657: attempt to clear invalid blocks 2 len 1 [ 558.181254][ T9387] loop3: detected capacity change from 0 to 512 [ 558.197876][ T9387] EXT4-fs (loop3): filesystem is read-only [ 558.221748][ T9385] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 558.234550][ T9387] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 558.236925][ T9385] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.1657: invalid indirect mapped block 1819239214 (level 0) [ 558.281320][ T9390] netlink: 'syz.1.1656': attribute type 1 has an invalid length. [ 558.308772][ T9387] EXT4-fs (loop3): filesystem is read-only [ 558.316963][ T9387] EXT4-fs (loop3): orphan cleanup on readonly fs [ 558.353939][ T9385] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.1657: invalid indirect mapped block 1819239214 (level 1) [ 558.377755][ T9385] EXT4-fs (loop0): 1 truncate cleaned up [ 558.385588][ T9385] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 558.450887][ T9387] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1658: bg 0: block 64: padding at end of block bitmap is not set [ 558.517349][ T9387] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 558.538050][ T9387] EXT4-fs (loop3): 1 orphan inode deleted [ 558.545887][ T9387] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 558.689774][ T9392] loop2: detected capacity change from 0 to 2048 [ 558.792133][ T9396] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 558.864053][ T5186] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 558.975691][ T7977] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 559.430033][ T9403] loop0: detected capacity change from 0 to 64 [ 559.893500][ T5190] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 559.913073][ T5190] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 559.933617][ T5190] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 559.974875][ T5190] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 559.997645][ T5190] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 560.008268][ T5190] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 560.640414][ T9420] loop3: detected capacity change from 0 to 128 [ 560.863196][ T29] audit: type=1800 audit(1726470894.660:47): pid=9420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1671" name="file1" dev="loop3" ino=1048716 res=0 errno=0 [ 560.882166][ T10] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 560.942010][ T9425] loop2: detected capacity change from 0 to 64 [ 561.102137][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 561.141639][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 561.153545][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 561.168753][ T10] usb 2-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00 [ 561.179955][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.216147][ T10] usb 2-1: config 0 descriptor?? [ 561.692820][ T9410] chnl_net:caif_netlink_parms(): no params data found [ 561.949434][ T10] hid-led 0003:1294:1320.0032: hidraw0: USB HID v0.00 Device [HID 1294:1320] on usb-dummy_hcd.1-1/input0 [ 561.972390][ T10] hid-led 0003:1294:1320.0032: Riso Kagaku Webmail Notifier initialized [ 562.085190][ T5190] Bluetooth: hci5: command tx timeout [ 562.133312][ T10] usb 2-1: USB disconnect, device number 14 [ 562.242581][ T5243] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38) [ 562.310903][ T5243] leds riso_kagaku0:green: Setting an LED's brightness failed (-38) [ 562.408684][ T5243] leds riso_kagaku0:red: Setting an LED's brightness failed (-38) [ 562.499872][ T29] audit: type=1326 audit(1726470896.260:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9438 comm="syz.0.1678" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc93717def9 code=0x0 [ 563.369664][ T9410] bridge0: port 1(bridge_slave_0) entered blocking state [ 563.377570][ T9410] bridge0: port 1(bridge_slave_0) entered disabled state [ 563.386359][ T9410] bridge_slave_0: entered allmulticast mode [ 563.395665][ T9410] bridge_slave_0: entered promiscuous mode [ 563.558501][ T9410] bridge0: port 2(bridge_slave_1) entered blocking state [ 563.566751][ T9410] bridge0: port 2(bridge_slave_1) entered disabled state [ 563.575377][ T9410] bridge_slave_1: entered allmulticast mode [ 563.584775][ T9410] bridge_slave_1: entered promiscuous mode [ 563.912479][ T9410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 563.980151][ T9450] loop1: detected capacity change from 0 to 4096 [ 564.056991][ T9410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 564.153251][ T5190] Bluetooth: hci5: command tx timeout [ 564.155229][ T4559] Bluetooth: hci2: command 0x0406 tx timeout [ 564.169155][ T9461] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 564.363658][ T9410] team0: Port device team_slave_0 added [ 564.366053][ T10] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 564.410545][ T9410] team0: Port device team_slave_1 added [ 564.545499][ T9465] loop3: detected capacity change from 0 to 64 [ 564.607983][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 564.620813][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 564.631213][ T10] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 564.645483][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 564.732481][ T9410] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 564.745481][ T9410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 564.773959][ T9410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 564.796031][ T10] usb 3-1: config 0 descriptor?? [ 565.107950][ T9410] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 565.115216][ T9410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 565.141747][ T9410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 565.344556][ T10] keytouch 0003:0926:3333.0033: fixing up Keytouch IEC report descriptor [ 565.419235][ T29] audit: type=1800 audit(1726470899.160:49): pid=9465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1687" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 565.488963][ T10] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0033/input/input28 [ 565.496063][ T5249] kernel write not supported for file /77/uid_map (pid: 5249 comm: kworker/1:4) [ 565.672660][ T5200] Bluetooth: hci0: command 0x0406 tx timeout [ 565.754709][ T9410] hsr_slave_0: entered promiscuous mode [ 565.793992][ T10] keytouch 0003:0926:3333.0033: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 565.854209][ T9410] hsr_slave_1: entered promiscuous mode [ 565.892587][ T10] usb 3-1: USB disconnect, device number 21 [ 565.909073][ T9410] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 565.917203][ T9410] Cannot create hsr debugfs directory [ 566.221818][ T9472] loop0: detected capacity change from 0 to 2048 [ 566.232612][ T5200] Bluetooth: hci5: command tx timeout [ 566.412005][ T9472] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 567.047343][ T9482] syz.1.1695 uses obsolete (PF_INET,SOCK_PACKET) [ 567.257061][ T9478] loop3: detected capacity change from 0 to 2048 [ 567.316574][ T9478] EXT4-fs: Ignoring removed mblk_io_submit option [ 567.465991][ T9410] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 567.489294][ T9486] loop2: detected capacity change from 0 to 512 [ 567.546354][ T9486] EXT4-fs: Ignoring removed oldalloc option [ 567.549243][ T9478] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 567.652082][ T9486] EXT4-fs (loop2): 1 truncate cleaned up [ 567.683085][ T9486] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 567.688306][ T9410] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 567.796619][ T9410] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.000047][ T9410] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.298628][ T5186] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 568.318690][ T5200] Bluetooth: hci5: command tx timeout [ 568.356167][ T8305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 568.458801][ T9500] MPI: mpi too large (181568 bits) [ 568.695397][ T9410] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 568.812702][ T9508] loop2: detected capacity change from 0 to 64 [ 568.869716][ T9410] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 568.953126][ T9410] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 569.007179][ T9510] nftables ruleset with unbound chain [ 569.065229][ T9410] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 570.416194][ T9410] 8021q: adding VLAN 0 to HW filter on device bond0 [ 570.692404][ T9410] 8021q: adding VLAN 0 to HW filter on device team0 [ 570.772685][ T4426] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.780406][ T4426] bridge0: port 1(bridge_slave_0) entered forwarding state [ 570.912299][ T4426] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.919968][ T4426] bridge0: port 2(bridge_slave_1) entered forwarding state [ 571.916220][ T5200] Bluetooth: hci5: command tx timeout [ 572.526550][ T9552] loop1: detected capacity change from 0 to 256 [ 572.570674][ T9552] exfat: Deprecated parameter 'utf8' [ 572.576655][ T9552] exfat: Deprecated parameter 'namecase' [ 572.583296][ T9552] exfat: Deprecated parameter 'namecase' [ 572.589337][ T9552] exfat: Deprecated parameter 'utf8' [ 572.764295][ T9552] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 572.990683][ T9410] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 573.351094][ T9564] loop2: detected capacity change from 0 to 256 [ 573.407957][ T9564] exfat: Deprecated parameter 'utf8' [ 573.548059][ T9564] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xcc9b7de9, utbl_chksum : 0xe619d30d) [ 573.626516][ T9567] loop1: detected capacity change from 0 to 128 [ 573.721709][ T9567] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 574.804030][ T9583] netlink: 'syz.2.1734': attribute type 33 has an invalid length. [ 574.812749][ T9583] netlink: 'syz.2.1734': attribute type 3 has an invalid length. [ 574.820706][ T9583] netlink: 152988 bytes leftover after parsing attributes in process `syz.2.1734'. [ 575.334292][ T9410] veth0_vlan: entered promiscuous mode [ 575.459330][ T9410] veth1_vlan: entered promiscuous mode [ 575.494951][ T9592] loop3: detected capacity change from 0 to 8 [ 575.517260][ T9590] loop2: detected capacity change from 0 to 1024 [ 575.732903][ T9410] veth0_macvtap: entered promiscuous mode [ 575.734065][ T9592] squashfs: Unknown parameter 'iocharset' [ 575.813845][ T9410] veth1_macvtap: entered promiscuous mode [ 575.946707][ T9410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.958536][ T9410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.968815][ T9410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.979727][ T9410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.989914][ T9410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 576.000842][ T9410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.017164][ T9410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 576.029741][ T9410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.042598][ T9410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 576.053544][ T9410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.068849][ T9410] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 576.172065][ T9410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.184840][ T9410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.195028][ T9410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.205759][ T9410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.218579][ T9410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.230044][ T9410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.240328][ T9410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.251231][ T9410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.261471][ T9410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.272243][ T9410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.287742][ T9410] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 576.477226][ T9410] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.486470][ T9410] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.495749][ T9410] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.504983][ T9410] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.642396][ T9596] loop1: detected capacity change from 0 to 512 [ 576.889263][ T9596] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 576.903356][ T9596] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 577.110335][ T9596] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz.1.1741: path /51/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 577.226410][ T9596] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 12: comm syz.1.1741: path /51/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 577.292230][ T9610] loop0: detected capacity change from 0 to 164 [ 577.308479][ T9596] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz.1.1741: path /51/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 577.350726][ T9610] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet. [ 577.445328][ T9596] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 14: comm syz.1.1741: path /51/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 577.460661][ T1824] usb 3-1: [UEAGLE-ATM] firmware is not available [ 577.814853][ T8659] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 577.918374][ T9611] loop2: detected capacity change from 0 to 2048 [ 578.062386][ T9619] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 578.912423][ T9632] netlink: 'syz.1.1753': attribute type 29 has an invalid length. [ 578.983109][ T9634] netlink: 'syz.1.1753': attribute type 29 has an invalid length. [ 579.199379][ T9631] loop2: detected capacity change from 0 to 1024 [ 583.366495][ T1057] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 583.380958][ T1057] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 583.464251][ T9694] 9pnet_fd: Insufficient options for proto=fd [ 583.650182][ T1057] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 583.658584][ T1057] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 584.052947][ T9704] loop0: detected capacity change from 0 to 128 [ 584.133845][ T9704] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 584.187922][ T9704] ext4 filesystem being mounted at /118/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 584.343669][ T9714] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1783'. [ 584.452492][ T9715] loop3: detected capacity change from 0 to 512 [ 584.591912][ T9715] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.1782: corrupted in-inode xattr: invalid ea_ino [ 584.681790][ T9715] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1782: couldn't read orphan inode 15 (err -117) [ 584.716335][ T9715] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 584.736520][ T7977] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 585.162813][ T5186] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 585.429209][ T9729] loop2: detected capacity change from 0 to 128 [ 585.518697][ T9729] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 585.575784][ T9729] ext4 filesystem being mounted at /91/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 585.893621][ T9729] EXT4-fs (loop2): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w. Quota mode: writeback. [ 586.324490][ T8305] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 587.688391][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 587.695457][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 589.336095][ T29] audit: type=1326 audit(1726470923.040:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9777 comm="syz.2.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1377def9 code=0x7ffc0000 [ 589.359239][ T29] audit: type=1326 audit(1726470923.040:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9777 comm="syz.2.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1377def9 code=0x7ffc0000 [ 589.361998][ T9762] loop4: detected capacity change from 0 to 32768 [ 589.381956][ T29] audit: type=1326 audit(1726470923.090:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9777 comm="syz.2.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f6b1377def9 code=0x7ffc0000 [ 589.413038][ T29] audit: type=1326 audit(1726470923.090:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9777 comm="syz.2.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1377def9 code=0x7ffc0000 [ 589.434960][ T9762] BTRFS error: device /dev/loop4 has incomplete metadata_uuid change, please use btrfstune to complete [ 589.438934][ T29] audit: type=1326 audit(1726470923.110:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9777 comm="syz.2.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f6b1377def9 code=0x7ffc0000 [ 589.470092][ T29] audit: type=1326 audit(1726470923.110:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9777 comm="syz.2.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1377def9 code=0x7ffc0000 [ 589.492780][ T29] audit: type=1326 audit(1726470923.110:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9777 comm="syz.2.1813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1377def9 code=0x7ffc0000 [ 590.182915][ T9786] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1817'. [ 590.192527][ T9786] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1817'. [ 590.466718][ T9795] loop4: detected capacity change from 0 to 512 [ 590.606030][ T9795] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 590.619349][ T9795] ext4 filesystem being mounted at /5/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 591.030005][ T9807] loop2: detected capacity change from 0 to 512 [ 591.112057][ T9807] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 591.230272][ T9807] EXT4-fs (loop2): 1 truncate cleaned up [ 591.238341][ T9807] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 591.328868][ T9410] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 591.441224][ T9807] overlayfs: workdir and upperdir must be separate subtrees [ 591.712811][ T8305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 591.861858][ T25] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 592.000473][ T9819] loop1: detected capacity change from 0 to 1024 [ 592.101085][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 592.112696][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 592.122953][ T25] usb 5-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 592.132535][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 592.235417][ T9819] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 592.267190][ T25] usb 5-1: config 0 descriptor?? [ 592.292868][ T9827] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1833'. [ 592.723616][ T8659] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 592.857355][ T25] elo 0003:04E7:0030.0034: unknown main item tag 0x0 [ 592.865115][ T25] elo 0003:04E7:0030.0034: unknown main item tag 0x0 [ 592.874917][ T25] elo 0003:04E7:0030.0034: unknown main item tag 0x0 [ 592.884810][ T25] elo 0003:04E7:0030.0034: unknown main item tag 0x0 [ 592.892271][ T25] elo 0003:04E7:0030.0034: unknown main item tag 0x0 [ 592.902972][ T25] elo 0003:04E7:0030.0034: unknown main item tag 0x0 [ 592.909980][ T25] elo 0003:04E7:0030.0034: unknown main item tag 0x0 [ 593.121849][ T25] elo 0003:04E7:0030.0034: hidraw0: USB HID v0.00 Device [HID 04e7:0030] on usb-dummy_hcd.4-1/input0 [ 593.178239][ T25] usb 5-1: USB disconnect, device number 10 [ 593.913616][ T9839] loop3: detected capacity change from 0 to 1024 [ 594.702595][ T9844] loop4: detected capacity change from 0 to 512 [ 594.703662][ T9849] netlink: 'syz.1.1844': attribute type 1 has an invalid length. [ 594.813391][ T9844] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 594.823642][ T9844] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 594.881143][ T5200] Bluetooth: hci3: command 0x0405 tx timeout [ 595.031040][ T9844] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 595.040094][ T9844] System zones: 0-2, 18-18, 34-34 [ 595.122961][ T9844] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 595.199422][ T9844] EXT4-fs (loop4): 1 truncate cleaned up [ 595.207563][ T9844] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 595.541875][ T25] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 595.724328][ T9410] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 595.792304][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 595.843934][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 595.856014][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 595.866252][ T25] usb 4-1: New USB device found, idVendor=0810, idProduct=0001, bcdDevice= 0.00 [ 595.877865][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.955200][ T25] usb 4-1: config 0 descriptor?? [ 596.458978][ T25] pantherlord 0003:0810:0001.0035: unbalanced collection at end of report description [ 596.499759][ T25] pantherlord 0003:0810:0001.0035: parse failed [ 596.507137][ T25] pantherlord 0003:0810:0001.0035: probe with driver pantherlord failed with error -22 [ 596.549539][ T9861] loop1: detected capacity change from 0 to 2048 [ 596.623614][ T9867] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 596.753427][ T10] usb 4-1: USB disconnect, device number 24 [ 596.968910][ T9867] NILFS (loop1): vblocknr = 15 has abnormal lifetime: start cno (= 4128770) > current cno (= 3) [ 596.979901][ T9867] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=16) [ 597.019003][ T9867] Remounting filesystem read-only [ 597.024845][ T4107] NILFS (loop1): discard dirty page: offset=61440, ino=16 [ 597.032638][ T4107] NILFS (loop1): discard dirty block: blocknr=0, size=1024 [ 597.040179][ T4107] NILFS (loop1): discard dirty block: blocknr=0, size=1024 [ 597.047837][ T4107] NILFS (loop1): discard dirty block: blocknr=0, size=1024 [ 597.055462][ T4107] NILFS (loop1): discard dirty block: blocknr=0, size=1024 [ 597.070293][ T4107] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 597.077469][ T4107] NILFS (loop1): discard dirty block: blocknr=42, size=1024 [ 597.085236][ T4107] NILFS (loop1): discard dirty block: blocknr=43, size=1024 [ 597.092883][ T4107] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 597.107470][ T4107] NILFS (loop1): discard dirty block: blocknr=0, size=1024 [ 597.117371][ T4107] NILFS (loop1): discard dirty page: offset=4096, ino=3 [ 597.124774][ T4107] NILFS (loop1): discard dirty block: blocknr=0, size=1024 [ 597.132535][ T4107] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 597.141811][ T4107] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 597.150925][ T4107] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 597.170669][ T8659] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 597.191137][ T8659] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 597.210911][ T8659] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 597.220968][ T8659] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 597.230381][ T8659] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 597.239663][ T8659] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 597.255899][ T8659] NILFS (loop1): discard dirty page: offset=0, ino=5 [ 597.263268][ T8659] NILFS (loop1): discard dirty block: blocknr=41, size=1024 [ 597.270805][ T8659] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 597.281644][ T8659] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 597.291872][ T8659] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 598.422914][ T9882] loop1: detected capacity change from 0 to 8 [ 598.558856][ T9882] SQUASHFS error: zlib decompression failed, data probably corrupt [ 598.567459][ T9882] SQUASHFS error: Failed to read block 0x1b9: -5 [ 598.574250][ T9882] SQUASHFS error: Unable to read metadata cache entry [1b7] [ 600.229037][ T25] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 600.492486][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 600.528777][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 600.540429][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 600.550778][ T25] usb 3-1: New USB device found, idVendor=056a, idProduct=00f0, bcdDevice= 0.00 [ 600.559853][ T9912] nftables ruleset with unbound set [ 600.560152][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.649781][ T25] usb 3-1: config 0 descriptor?? [ 601.100388][ T9898] loop3: detected capacity change from 0 to 4096 [ 601.169160][ T9898] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 601.310674][ T25] wacom 0003:056A:00F0.0036: hidraw0: USB HID v0.00 Device [HID 056a:00f0] on usb-dummy_hcd.2-1/input0 [ 601.510441][ T25] usb 3-1: USB disconnect, device number 22 [ 601.759337][ T9922] loop1: detected capacity change from 0 to 1024 [ 601.842077][ T9922] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 602.033601][ T9922] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 602.369083][ T9931] loop3: detected capacity change from 0 to 128 [ 602.504635][ T9931] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 602.570764][ T9931] ext4 filesystem being mounted at /391/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 602.661116][ T8659] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 603.072373][ T5186] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 604.752457][ T25] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 604.815350][ T9964] loop4: detected capacity change from 0 to 2048 [ 604.910631][ T9969] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 604.986599][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 605.009536][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 605.021328][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 605.033702][ T25] usb 3-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 605.043538][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.103380][ T25] usb 3-1: config 0 descriptor?? [ 605.323997][ T9961] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 605.330265][ T9961] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 605.403072][ T9967] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 605.409945][ T9967] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 605.545335][ T9967] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 605.552155][ T9967] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 605.587623][ T25] kye 0003:0458:4018.0037: unknown main item tag 0x0 [ 605.647505][ T25] kye 0003:0458:4018.0037: hidraw0: USB HID v0.00 Device [HID 0458:4018] on usb-dummy_hcd.2-1/input0 [ 605.651815][ T9967] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 605.665417][ T9967] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 605.739470][ T9961] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 605.746539][ T9961] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 605.758042][ T9967] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 605.764588][ T9967] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 605.794032][ T9967] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 605.822531][ T9977] loop3: detected capacity change from 0 to 256 [ 605.832550][ T9977] vfat: Unknown parameter 'rodirŠ8ni_xlate' [ 605.834695][ T9961] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 605.845198][ T9961] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 605.854438][ T9977] cifs: Bad value for 'uid' [ 605.855974][ T9961] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 605.859082][ T9977] cifs: Bad value for 'uid' [ 605.865399][ T9961] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 605.985489][ T9967] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 605.992111][ T9967] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 606.012772][ T5243] usb 3-1: USB disconnect, device number 23 [ 606.092425][ T9961] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 606.098682][ T9961] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 606.164354][ T9967] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 606.255444][ T9961] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 606.262099][ T9961] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 607.265747][T10000] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1910'. [ 607.591980][T10007] IPVS: stopping backup sync thread 10008 ... [ 608.410310][T10021] loop1: detected capacity change from 0 to 64 [ 609.093526][T10035] loop0: detected capacity change from 0 to 128 [ 609.132160][T10035] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 609.226136][T10039] loop4: detected capacity change from 0 to 512 [ 609.296345][T10039] EXT4-fs: Ignoring removed bh option [ 609.367414][T10039] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842c118, mo2=0002] [ 609.383275][T10039] System zones: 1-12 [ 609.431686][T10039] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.1929: corrupted in-inode xattr: e_value size too large [ 609.510515][T10039] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1929: couldn't read orphan inode 15 (err -117) [ 609.543885][T10035] FAT-fs (loop0): FAT read failed (blocknr 128) [ 609.597885][T10039] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 609.767359][T10039] EXT4-fs warning (device loop4): ext4_resize_begin:82: There are errors in the filesystem, so online resizing is not allowed [ 610.144100][ T9410] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 610.918795][T10066] loop0: detected capacity change from 0 to 8 [ 611.310839][T10066] SQUASHFS error: xz decompression failed, data probably corrupt [ 611.319276][T10066] SQUASHFS error: Failed to read block 0xa8: -5 [ 611.370037][T10066] SQUASHFS error: xz decompression failed, data probably corrupt [ 611.378236][T10066] SQUASHFS error: Failed to read block 0xa8: -5 [ 611.484844][ T29] audit: type=1800 audit(1726470945.230:57): pid=10066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1941" name="file0" dev="loop0" ino=3 res=0 errno=0 [ 611.623061][T10076] loop2: detected capacity change from 0 to 256 [ 613.069280][T10102] loop4: detected capacity change from 0 to 512 [ 613.489840][T10109] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1961'. [ 613.808252][T10102] EXT4-fs: Ignoring removed nomblk_io_submit option [ 613.863085][T10102] EXT4-fs (loop4): Test dummy encryption mode enabled [ 613.971887][T10102] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.1958: iget: bogus i_mode (0) [ 614.016345][T10118] loop0: detected capacity change from 0 to 1024 [ 614.062380][T10102] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1958: couldn't read orphan inode 17 (err -117) [ 614.111832][T10118] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 614.124599][T10118] ext4 filesystem being mounted at /157/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 614.225117][T10102] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 614.400642][T10118] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 614.599894][ T9410] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 614.638385][ T7977] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 614.659976][T10132] tipc: Started in network mode [ 614.665701][T10132] tipc: Node identity ac141428, cluster identity 4711 [ 614.675406][T10132] tipc: Enabled bearer , priority 10 [ 614.686881][ T5243] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 614.841832][ T25] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 614.923997][ T5243] usb 3-1: Using ep0 maxpacket: 8 [ 614.948815][ T5243] usb 3-1: config 0 has an invalid interface number: 112 but max is 1 [ 614.959018][ T5243] usb 3-1: config 0 has an invalid interface number: 17 but max is 1 [ 614.967699][ T5243] usb 3-1: config 0 has no interface number 0 [ 614.974167][ T5243] usb 3-1: config 0 has no interface number 1 [ 615.031296][ T5243] usb 3-1: New USB device found, idVendor=04c1, idProduct=009d, bcdDevice=1f.14 [ 615.043165][ T5243] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.051615][ T5243] usb 3-1: Product: syz [ 615.056012][ T5243] usb 3-1: Manufacturer: syz [ 615.060882][ T5243] usb 3-1: SerialNumber: syz [ 615.072122][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 615.085628][ T5243] usb 3-1: config 0 descriptor?? [ 615.132079][ T25] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 615.142724][ T25] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 615.153855][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 615.165138][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 17488, setting to 1024 [ 615.217792][ T25] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 615.229475][ T25] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 615.238470][ T25] usb 2-1: Manufacturer: syz [ 615.253446][ T25] usb 2-1: config 0 descriptor?? [ 615.264413][T10130] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 615.390624][ T5243] usb 3-1: USB disconnect, device number 24 [ 615.607490][ T25] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 615.699975][ T25] usb 2-1: USB disconnect, device number 15 [ 615.807919][ T5243] tipc: Node number set to 2886997032 [ 616.604991][T10152] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1980'. [ 618.581011][T10181] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 619.103131][ T5243] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 619.173040][T10187] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1997'. [ 619.182926][T10187] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1997'. [ 619.409349][T10185] loop2: detected capacity change from 0 to 1024 [ 619.477383][T10189] loop3: detected capacity change from 0 to 64 [ 619.604203][ T5243] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 619.614861][ T5243] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 619.750398][ T5243] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 619.760363][ T5243] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 619.768859][ T5243] usb 5-1: SerialNumber: syz [ 619.814097][T10185] hfsplus: bad catalog entry type [ 620.194689][ T5186] hfs: node 4:3 still has 1 user(s)! [ 620.229553][ T5243] usb 5-1: 0:2 : does not exist [ 620.330916][ T5243] usb 5-1: USB disconnect, device number 11 [ 620.363888][ T1057] hfsplus: b-tree write err: -5, ino 4 [ 620.744971][T10195] loop3: detected capacity change from 0 to 512 [ 620.755622][T10197] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2002'. [ 620.830724][T10195] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 621.003155][T10195] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz.3.2001: invalid indirect mapped block 83886080 (level 1) [ 621.116778][ T5399] udevd[5399]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 621.146307][T10195] EXT4-fs (loop3): Remounting filesystem read-only [ 621.207102][T10195] EXT4-fs (loop3): 1 orphan inode deleted [ 621.213887][T10195] EXT4-fs (loop3): 1 truncate cleaned up [ 621.221306][T10195] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 621.976901][ T5186] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 622.754538][T10219] netlink: 'syz.1.2011': attribute type 2 has an invalid length. [ 623.123048][T10203] loop0: detected capacity change from 0 to 4096 [ 623.219577][T10203] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 624.179619][T10234] usb usb8: usbfs: process 10234 (syz.3.2018) did not claim interface 0 before use [ 624.686870][T10237] loop2: detected capacity change from 0 to 2048 [ 624.729912][T10244] loop1: detected capacity change from 0 to 256 [ 624.744269][T10237] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 624.762276][T10243] loop3: detected capacity change from 0 to 512 [ 624.799274][T10242] loop0: detected capacity change from 0 to 512 [ 624.843428][T10247] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 624.856402][T10243] EXT4-fs: Ignoring removed i_version option [ 624.866771][T10243] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 624.873176][T10237] NILFS error (device loop2): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 624.957761][T10237] Remounting filesystem read-only [ 625.012490][T10242] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 625.020846][T10243] EXT4-fs (loop3): 1 truncate cleaned up [ 625.025582][T10242] ext4 filesystem being mounted at /164/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 625.034298][T10243] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 625.144070][T10246] loop4: detected capacity change from 0 to 2048 [ 625.280203][T10251] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 625.713314][ T7977] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 625.713855][ T5186] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 626.762842][T10257] loop2: detected capacity change from 0 to 2048 [ 626.812787][T10257] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 626.921966][T10269] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 626.953985][T10257] syz.2.2025: attempt to access beyond end of device [ 626.953985][T10257] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 627.082023][T10272] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2032'. [ 628.074978][ T44] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 628.289711][T10291] netlink: 180 bytes leftover after parsing attributes in process `syz.2.2040'. [ 628.311609][ T44] usb 4-1: Using ep0 maxpacket: 16 [ 628.338040][ T44] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7 [ 628.350170][ T44] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 628.434222][ T44] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 628.444373][ T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 628.452947][ T44] usb 4-1: Product: syz [ 628.457349][ T44] usb 4-1: SerialNumber: syz [ 628.574016][T10287] ALSA: seq fatal error: cannot create timer (-19) [ 628.813850][T10284] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 628.870096][T10284] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 628.887988][T10292] loop0: detected capacity change from 0 to 2048 [ 628.955869][ T44] usb 4-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 628.965405][ T44] usb 4-1: found format II with max.bitrate = 0, frame size=0 [ 628.973578][ T44] usb 4-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 628.982362][ T44] usb 4-1: found format II with max.bitrate = 0, frame size=0 [ 629.026329][ T44] usb 4-1: failed to enable PITCH for EP 0x82 [ 629.116091][T10295] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 629.262863][ T44] usb 4-1: USB disconnect, device number 25 [ 629.378856][T10294] loop2: detected capacity change from 0 to 2048 [ 629.444870][ T29] audit: type=1800 audit(1726470963.170:58): pid=10292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2041" name="bus" dev="loop0" ino=2097152 res=0 errno=0 [ 629.526182][ T5581] udevd[5581]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 629.630821][T10294] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 630.178830][ T8305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 631.382288][T10324] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2054'. [ 631.391780][T10324] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode [ 631.497819][T10323] loop3: detected capacity change from 0 to 1024 [ 631.594576][T10323] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 632.123349][T10332] loop4: detected capacity change from 0 to 512 [ 632.206657][T10332] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 632.391829][T10332] EXT4-fs (loop4): 1 truncate cleaned up [ 632.399347][T10332] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 632.933195][ T9410] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 633.395740][ T10] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 633.635233][ T10] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 633.645304][ T10] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 633.662500][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 633.749148][ T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 633.774335][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 633.787965][ T10] usb 4-1: Product: syz [ 633.792570][ T10] usb 4-1: Manufacturer: syz [ 633.797482][ T10] usb 4-1: SerialNumber: syz [ 634.331877][ T10] usb 4-1: 0:2 : does not exist [ 634.573323][ T10] usb 4-1: USB disconnect, device number 26 [ 635.566103][ T5798] udevd[5798]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 635.920213][T10386] xt_hashlimit: size too large, truncated to 1048576 [ 636.156960][T10387] loop2: detected capacity change from 0 to 1024 [ 636.579650][T10393] loop4: detected capacity change from 0 to 512 [ 636.701993][T10393] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 636.890367][T10393] EXT4-fs (loop4): 1 orphan inode deleted [ 636.896829][T10393] EXT4-fs (loop4): 1 truncate cleaned up [ 636.905246][T10393] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 637.317916][ T9410] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 637.877465][T10410] netlink: 6084 bytes leftover after parsing attributes in process `syz.2.2092'. [ 637.887424][T10410] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2092'. [ 637.896984][T10410] netlink: 6084 bytes leftover after parsing attributes in process `syz.2.2092'. [ 639.296215][T10432] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2103'. [ 639.306234][T10432] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2103'. [ 639.315690][T10432] netlink: 'syz.1.2103': attribute type 2 has an invalid length. [ 640.010499][T10440] loop4: detected capacity change from 0 to 512 [ 640.082666][T10440] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 640.148203][T10440] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #16: comm syz.4.2107: invalid indirect mapped block 4294967295 (level 0) [ 640.262760][T10440] EXT4-fs (loop4): Remounting filesystem read-only [ 640.270455][T10440] EXT4-fs (loop4): 1 orphan inode deleted [ 640.276856][T10440] EXT4-fs (loop4): 1 truncate cleaned up [ 640.284629][T10440] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 640.675153][ T9410] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 640.806403][T10450] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2111'. [ 641.548120][T10461] sch_tbf: burst 1 is lower than device lo mtu (65550) ! [ 641.674038][ T44] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 641.901837][ T44] usb 4-1: Using ep0 maxpacket: 32 [ 641.922558][ T44] usb 4-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=e1.d5 [ 641.932228][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.980637][ T44] usb 4-1: config 0 descriptor?? [ 642.094441][ T44] vmk80xx 4-1:0.0: driver 'vmk80xx' failed to auto-configure device. [ 642.277344][ T5243] usb 4-1: USB disconnect, device number 27 [ 642.866844][ T5243] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 643.142347][ T5243] usb 2-1: Using ep0 maxpacket: 8 [ 643.224503][ T5243] usb 2-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 643.234099][ T5243] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 643.242564][ T5243] usb 2-1: Product: syz [ 643.246958][ T5243] usb 2-1: Manufacturer: syz [ 643.251989][ T5243] usb 2-1: SerialNumber: syz [ 643.312304][ T5243] usb 2-1: config 0 descriptor?? [ 643.329291][ T5243] gspca_main: sq905-2.14.0 probing 2770:9120 [ 644.023969][ T5243] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 644.032189][ T5243] sq905 2-1:0.0: probe with driver sq905 failed with error -71 [ 644.105194][ T5243] usb 2-1: USB disconnect, device number 16 [ 644.392822][T10499] netlink: 'syz.0.2134': attribute type 12 has an invalid length. [ 644.400974][T10499] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2134'. [ 644.806219][T10503] loop2: detected capacity change from 0 to 512 [ 644.890117][T10503] EXT4-fs (loop2): orphan cleanup on readonly fs [ 644.998447][T10503] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2137: bg 0: block 248: padding at end of block bitmap is not set [ 645.052314][T10503] Quota error (device loop2): write_blk: dquota write failed [ 645.060289][T10503] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 645.070797][T10503] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.2137: Failed to acquire dquot type 1 [ 645.173830][T10503] EXT4-fs (loop2): 1 truncate cleaned up [ 645.189288][T10510] loop1: detected capacity change from 0 to 1024 [ 645.231679][T10503] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 645.307611][T10512] loop3: detected capacity change from 0 to 128 [ 645.633582][ T8305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 645.678806][ T3978] hfsplus: b-tree write err: -5, ino 4 [ 647.157215][T10545] loop3: detected capacity change from 0 to 64 [ 647.407631][T10549] hfs: keylen 94 too large [ 647.412800][T10549] hfs: request for non-existent node 1818584064 in B*Tree [ 647.422684][T10549] hfs: request for non-existent node 1818584064 in B*Tree [ 648.566236][T10563] netlink: 176 bytes leftover after parsing attributes in process `syz.3.2163'. [ 648.586952][T10561] loop2: detected capacity change from 0 to 1024 [ 648.624535][T10561] EXT4-fs: Ignoring removed nomblk_io_submit option [ 648.758832][T10565] loop4: detected capacity change from 0 to 256 [ 648.788742][T10561] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 649.084334][T10565] FAT-fs (loop4): Directory bread(block 64) failed [ 649.091165][T10565] FAT-fs (loop4): Directory bread(block 65) failed [ 649.098548][T10565] FAT-fs (loop4): Directory bread(block 66) failed [ 649.105493][T10565] FAT-fs (loop4): Directory bread(block 67) failed [ 649.130532][T10565] FAT-fs (loop4): Directory bread(block 68) failed [ 649.137469][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 649.137711][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 649.161745][T10565] FAT-fs (loop4): Directory bread(block 69) failed [ 649.168661][T10565] FAT-fs (loop4): Directory bread(block 70) failed [ 649.175721][T10565] FAT-fs (loop4): Directory bread(block 71) failed [ 649.182817][T10565] FAT-fs (loop4): Directory bread(block 72) failed [ 649.189590][T10565] FAT-fs (loop4): Directory bread(block 73) failed [ 649.504571][ T8305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 649.770006][T10584] loop0: detected capacity change from 0 to 1024 [ 649.793136][T10584] EXT4-fs: Ignoring removed orlov option [ 649.799256][T10584] EXT4-fs: Ignoring removed nomblk_io_submit option [ 649.904482][T10584] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84ec018, mo2=0002] [ 649.961846][T10584] System zones: 0-1, 3-36 [ 649.994271][T10584] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 650.258895][T10584] EXT4-fs: Cannot change journaled quota options when quota turned on [ 650.530036][T10594] loop1: detected capacity change from 0 to 512 [ 650.533418][ T7977] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 650.684487][T10594] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 650.697765][T10594] ext4 filesystem being mounted at /153/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 651.175017][ T5243] IPVS: starting estimator thread 0... [ 651.186013][ T8659] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 651.261954][T10611] IPVS: using max 240 ests per chain, 12000 per kthread [ 652.614214][ T44] IPVS: starting estimator thread 0... [ 652.713614][T10636] IPVS: using max 240 ests per chain, 12000 per kthread [ 653.585987][ T44] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 653.831616][ T44] usb 3-1: Using ep0 maxpacket: 16 [ 653.873647][ T44] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 653.883409][ T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 653.892055][ T44] usb 3-1: Product: syz [ 653.896459][ T44] usb 3-1: Manufacturer: syz [ 653.901289][ T44] usb 3-1: SerialNumber: syz [ 653.953921][T10658] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2206'. [ 653.963417][T10658] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2206'. [ 653.989943][ T44] r8152-cfgselector 3-1: Unknown version 0x0000 [ 653.996761][ T44] r8152-cfgselector 3-1: config 0 descriptor?? [ 654.506709][T10664] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2208'. [ 654.507644][ T5243] r8152-cfgselector 3-1: USB disconnect, device number 25 [ 654.607003][T10667] bridge0: port 3(bond0) entered blocking state [ 654.614310][T10667] bridge0: port 3(bond0) entered disabled state [ 654.621563][T10667] bond0: entered allmulticast mode [ 654.626915][T10667] bond_slave_0: entered allmulticast mode [ 654.633040][T10667] bond_slave_1: entered allmulticast mode [ 654.728315][T10667] bond0: entered promiscuous mode [ 654.733920][T10667] bond_slave_0: entered promiscuous mode [ 654.740710][T10667] bond_slave_1: entered promiscuous mode [ 654.753920][T10667] bridge0: port 3(bond0) entered blocking state [ 654.760953][T10667] bridge0: port 3(bond0) entered forwarding state [ 655.563404][T10673] loop3: detected capacity change from 0 to 256 [ 655.885360][ C1] ===================================================== [ 655.892753][ C1] BUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 [ 655.900977][ C1] nf_reject_ip6_tcphdr_put+0x688/0x6c0 [ 655.906893][ C1] nf_send_reset6+0xd84/0x15b0 [ 655.911940][ C1] nft_reject_inet_eval+0x3c1/0x880 [ 655.917302][ C1] nft_do_chain+0x426/0x2290 [ 655.922177][ C1] nft_do_chain_inet+0x41a/0x4f0 [ 655.927312][ C1] nf_hook_slow+0xf4/0x400 [ 655.931993][ C1] ip6_input+0x2fe/0x430 [ 655.934707][T10673] FAT-fs (loop3): Directory bread(block 64) failed [ 655.936370][ C1] ip6_rcv_finish+0x617/0x970 [ 655.936507][ C1] ipv6_rcv+0xde/0x390 [ 655.943330][T10673] FAT-fs (loop3): Directory bread(block 65) failed [ 655.947894][ C1] __netif_receive_skb+0x1da/0xa00 [ 655.952296][T10673] FAT-fs (loop3): Directory bread(block 66) failed [ 655.958585][ C1] process_backlog+0x4ad/0xa50 [ 655.964020][T10673] FAT-fs (loop3): Directory bread(block 67) failed [ 655.970321][ C1] __napi_poll+0xe7/0x980 [ 655.975451][T10673] FAT-fs (loop3): Directory bread(block 68) failed [ 655.981773][ C1] net_rx_action+0xa5a/0x19b0 [ 655.981875][ C1] handle_softirqs+0x1ce/0x800 [ 655.982008][ C1] __do_softirq+0x14/0x1a [ 655.982134][ C1] do_softirq+0x9a/0x100 [ 655.982252][ C1] __local_bh_enable_ip+0x9f/0xb0 [ 655.982383][ C1] __dev_queue_xmit+0x26f8/0x55e0 [ 655.982525][ C1] neigh_resolve_output+0x9ca/0xae0 [ 655.982673][ C1] ip6_finish_output2+0x2347/0x2ba0 [ 655.982804][ C1] ip6_finish_output+0xbb8/0x14b0 [ 655.982919][ C1] ip6_output+0x356/0x620 [ 655.983025][ C1] ip6_xmit+0x1ba6/0x25d0 [ 655.983130][ C1] inet6_csk_xmit+0x442/0x530 [ 655.983228][ C1] __tcp_transmit_skb+0x3b07/0x4880 [ 655.983369][ C1] tcp_connect+0x35d6/0x7200 [ 655.983497][ C1] tcp_v6_connect+0x1bcc/0x1e40 [ 655.983616][ C1] __inet_stream_connect+0x2ef/0x1730 [ 655.983737][ C1] inet_stream_connect+0x6a/0xd0 [ 655.983853][ C1] kernel_connect+0x9f/0xe0 [ 655.983957][ C1] smc_connect+0xda0/0x1350 [ 655.984061][ C1] __sys_connect+0x606/0x690 [ 655.984192][ C1] __x64_sys_connect+0x91/0xe0 [ 655.984323][ C1] x64_sys_call+0x27a5/0x3ba0 [ 655.984457][ C1] do_syscall_64+0xcd/0x1e0 [ 655.984549][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 655.984711][ C1] [ 655.984733][ C1] Uninit was stored to memory at: [ 655.984911][ C1] nf_reject_ip6_tcphdr_put+0x60c/0x6c0 [ 655.985065][ C1] nf_send_reset6+0xd84/0x15b0 [ 655.985206][ C1] nft_reject_inet_eval+0x3c1/0x880 [ 655.985304][ C1] nft_do_chain+0x426/0x2290 [ 655.985445][ C1] nft_do_chain_inet+0x41a/0x4f0 [ 655.985578][ C1] nf_hook_slow+0xf4/0x400 [ 655.985704][ C1] ip6_input+0x2fe/0x430 [ 655.985823][ C1] ip6_rcv_finish+0x617/0x970 [ 655.985950][ C1] ipv6_rcv+0xde/0x390 [ 655.986066][ C1] __netif_receive_skb+0x1da/0xa00 [ 655.986162][ C1] process_backlog+0x4ad/0xa50 [ 655.986264][ C1] __napi_poll+0xe7/0x980 [ 655.986351][ C1] net_rx_action+0xa5a/0x19b0 [ 655.986454][ C1] handle_softirqs+0x1ce/0x800 [ 655.986584][ C1] __do_softirq+0x14/0x1a [ 655.986709][ C1] [ 655.986730][ C1] Uninit was stored to memory at: [ 655.986902][ C1] nf_reject_ip6_tcphdr_put+0x2ca/0x6c0 [ 655.987053][ C1] nf_send_reset6+0xd84/0x15b0 [ 655.987194][ C1] nft_reject_inet_eval+0x3c1/0x880 [ 655.987290][ C1] nft_do_chain+0x426/0x2290 [ 655.987428][ C1] nft_do_chain_inet+0x41a/0x4f0 [ 655.987560][ C1] nf_hook_slow+0xf4/0x400 [ 655.987681][ C1] ip6_input+0x2fe/0x430 [ 655.987803][ C1] ip6_rcv_finish+0x617/0x970 [ 655.987931][ C1] ipv6_rcv+0xde/0x390 [ 655.988045][ C1] __netif_receive_skb+0x1da/0xa00 [ 655.988142][ C1] process_backlog+0x4ad/0xa50 [ 655.988240][ C1] __napi_poll+0xe7/0x980 [ 655.988326][ C1] net_rx_action+0xa5a/0x19b0 [ 655.988432][ C1] handle_softirqs+0x1ce/0x800 [ 655.988558][ C1] __do_softirq+0x14/0x1a [ 655.988687][ C1] [ 655.988706][ C1] Uninit was created at: [ 655.988867][ C1] kmem_cache_alloc_node_noprof+0x6bf/0xb80 [ 655.988994][ C1] kmalloc_reserve+0x13d/0x4a0 [ 655.989127][ C1] __alloc_skb+0x363/0x7b0 [ 655.989249][ C1] nf_send_reset6+0x98d/0x15b0 [ 655.995810][T10673] FAT-fs (loop3): Directory bread(block 69) failed [ 656.000144][ C1] nft_reject_inet_eval+0x3c1/0x880 [ 656.005375][T10673] FAT-fs (loop3): Directory bread(block 70) failed [ 656.009916][ C1] nft_do_chain+0x426/0x2290 [ 656.014437][T10673] FAT-fs (loop3): Directory bread(block 71) failed [ 656.018612][ C1] nft_do_chain_inet+0x41a/0x4f0 [ 656.024079][T10673] FAT-fs (loop3): Directory bread(block 72) failed [ 656.028766][ C1] nf_hook_slow+0xf4/0x400 [ 656.034162][T10673] FAT-fs (loop3): Directory bread(block 73) failed [ 656.039277][ C1] ip6_input+0x2fe/0x430 [ 656.360850][ C1] ip6_rcv_finish+0x617/0x970 [ 656.365796][ C1] ipv6_rcv+0xde/0x390 [ 656.370045][ C1] __netif_receive_skb+0x1da/0xa00 [ 656.375421][ C1] process_backlog+0x4ad/0xa50 [ 656.380361][ C1] __napi_poll+0xe7/0x980 [ 656.384915][ C1] net_rx_action+0xa5a/0x19b0 [ 656.389761][ C1] handle_softirqs+0x1ce/0x800 [ 656.394797][ C1] __do_softirq+0x14/0x1a [ 656.399318][ C1] [ 656.401824][ C1] CPU: 1 UID: 0 PID: 10677 Comm: syz.2.2214 Not tainted 6.11.0-syzkaller-01726-g114143a59589 #0 [ 656.413198][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 656.423468][ C1] ===================================================== [ 656.430501][ C1] Disabling lock debugging due to kernel taint [ 656.436818][ C1] Kernel panic - not syncing: kmsan.panic set ... [ 656.443367][ C1] CPU: 1 UID: 0 PID: 10677 Comm: syz.2.2214 Tainted: G B 6.11.0-syzkaller-01726-g114143a59589 #0 [ 656.455473][ C1] Tainted: [B]=BAD_PAGE [ 656.459725][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 656.469902][ C1] Call Trace: [ 656.473288][ C1] [ 656.476226][ C1] dump_stack_lvl+0x216/0x2d0 [ 656.481059][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 656.487080][ C1] dump_stack+0x1e/0x30 [ 656.491386][ C1] panic+0x4e2/0xcd0 [ 656.495488][ C1] ? kmsan_get_metadata+0xd1/0x1c0 [ 656.500826][ C1] kmsan_report+0x2c7/0x2d0 [ 656.505517][ C1] ? kmsan_internal_chain_origin+0x20/0xd0 [ 656.511513][ C1] ? x64_sys_call+0x27a5/0x3ba0 [ 656.516547][ C1] ? __msan_warning+0x95/0x120 [ 656.521484][ C1] ? nf_reject_ip6_tcphdr_put+0x688/0x6c0 [ 656.527414][ C1] ? nf_send_reset6+0xd84/0x15b0 [ 656.532539][ C1] ? nft_reject_inet_eval+0x3c1/0x880 [ 656.538062][ C1] ? nft_do_chain+0x426/0x2290 [ 656.543013][ C1] ? nft_do_chain_inet+0x41a/0x4f0 [ 656.548310][ C1] ? nf_hook_slow+0xf4/0x400 [ 656.553069][ C1] ? ip6_input+0x2fe/0x430 [ 656.557739][ C1] ? ip6_rcv_finish+0x617/0x970 [ 656.562857][ C1] ? ipv6_rcv+0xde/0x390 [ 656.567263][ C1] ? __netif_receive_skb+0x1da/0xa00 [ 656.572696][ C1] ? process_backlog+0x4ad/0xa50 [ 656.577787][ C1] ? __napi_poll+0xe7/0x980 [ 656.582425][ C1] ? net_rx_action+0xa5a/0x19b0 [ 656.587427][ C1] ? handle_softirqs+0x1ce/0x800 [ 656.592559][ C1] ? __do_softirq+0x14/0x1a [ 656.597265][ C1] ? do_softirq+0x9a/0x100 [ 656.601866][ C1] ? __local_bh_enable_ip+0x9f/0xb0 [ 656.607249][ C1] ? __dev_queue_xmit+0x26f8/0x55e0 [ 656.612639][ C1] ? neigh_resolve_output+0x9ca/0xae0 [ 656.618209][ C1] ? ip6_finish_output2+0x2347/0x2ba0 [ 656.623771][ C1] ? ip6_finish_output+0xbb8/0x14b0 [ 656.629133][ C1] ? ip6_output+0x356/0x620 [ 656.633791][ C1] ? ip6_xmit+0x1ba6/0x25d0 [ 656.638446][ C1] ? inet6_csk_xmit+0x442/0x530 [ 656.643447][ C1] ? __tcp_transmit_skb+0x3b07/0x4880 [ 656.649015][ C1] ? tcp_connect+0x35d6/0x7200 [ 656.653952][ C1] ? tcp_v6_connect+0x1bcc/0x1e40 [ 656.659144][ C1] ? __inet_stream_connect+0x2ef/0x1730 [ 656.664860][ C1] ? inet_stream_connect+0x6a/0xd0 [ 656.670137][ C1] ? kernel_connect+0x9f/0xe0 [ 656.675053][ C1] ? smc_connect+0xda0/0x1350 [ 656.679890][ C1] ? __sys_connect+0x606/0x690 [ 656.684921][ C1] ? __x64_sys_connect+0x91/0xe0 [ 656.690033][ C1] ? x64_sys_call+0x27a5/0x3ba0 [ 656.695062][ C1] ? do_syscall_64+0xcd/0x1e0 [ 656.699899][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.706190][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.712481][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 656.717871][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 656.723255][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 656.729266][ C1] ? csum_partial+0x45e/0x4b0 [ 656.734135][ C1] __msan_warning+0x95/0x120 [ 656.738893][ C1] nf_reject_ip6_tcphdr_put+0x688/0x6c0 [ 656.744654][ C1] nf_send_reset6+0xd84/0x15b0 [ 656.749651][ C1] nft_reject_inet_eval+0x3c1/0x880 [ 656.754996][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 656.760390][ C1] ? __pfx_nft_reject_inet_eval+0x10/0x10 [ 656.766259][ C1] nft_do_chain+0x426/0x2290 [ 656.771038][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 656.776424][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 656.781822][ C1] ? ipv6_find_hdr+0xe8d/0x12f0 [ 656.786863][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 656.792244][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 656.798267][ C1] nft_do_chain_inet+0x41a/0x4f0 [ 656.803414][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 656.809073][ C1] nf_hook_slow+0xf4/0x400 [ 656.813678][ C1] ip6_input+0x2fe/0x430 [ 656.818113][ C1] ? __pfx_ip6_input_finish+0x10/0x10 [ 656.823700][ C1] ? __pfx_ip6_input+0x10/0x10 [ 656.828635][ C1] ip6_rcv_finish+0x617/0x970 [ 656.833500][ C1] ipv6_rcv+0xde/0x390 [ 656.837754][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 656.843140][ C1] __netif_receive_skb+0x1da/0xa00 [ 656.848405][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 656.853801][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 656.859814][ C1] process_backlog+0x4ad/0xa50 [ 656.864747][ C1] ? __pfx_process_backlog+0x10/0x10 [ 656.870275][ C1] __napi_poll+0xe7/0x980 [ 656.874752][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 656.880233][ C1] net_rx_action+0xa5a/0x19b0 [ 656.885068][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 656.890453][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 656.896494][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 656.901786][ C1] handle_softirqs+0x1ce/0x800 [ 656.906789][ C1] __do_softirq+0x14/0x1a [ 656.911313][ C1] do_softirq+0x9a/0x100 [ 656.915741][ C1] [ 656.918761][ C1] [ 656.921790][ C1] __local_bh_enable_ip+0x9f/0xb0 [ 656.927004][ C1] __dev_queue_xmit+0x26f8/0x55e0 [ 656.932231][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 656.938254][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 656.943639][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 656.949659][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 656.955039][ C1] ? __dev_queue_xmit+0x352/0x55e0 [ 656.960340][ C1] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 656.966817][ C1] neigh_resolve_output+0x9ca/0xae0 [ 656.972242][ C1] ? __pfx_eth_header+0x10/0x10 [ 656.977279][ C1] ? __pfx_neigh_resolve_output+0x10/0x10 [ 656.983299][ C1] ip6_finish_output2+0x2347/0x2ba0 [ 656.988730][ C1] ip6_finish_output+0xbb8/0x14b0 [ 656.993946][ C1] ip6_output+0x356/0x620 [ 656.998441][ C1] ? __pfx_ip6_finish_output+0x10/0x10 [ 657.004086][ C1] ? __pfx_ip6_output+0x10/0x10 [ 657.009297][ C1] ? __pfx_ip6_output+0x10/0x10 [ 657.014322][ C1] ip6_xmit+0x1ba6/0x25d0 [ 657.018815][ C1] ? __pfx_dst_output+0x10/0x10 [ 657.023867][ C1] inet6_csk_xmit+0x442/0x530 [ 657.028806][ C1] ? __pfx_inet6_csk_xmit+0x10/0x10 [ 657.034151][ C1] __tcp_transmit_skb+0x3b07/0x4880 [ 657.039564][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 657.044954][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 657.050968][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 657.056991][ C1] tcp_connect+0x35d6/0x7200 [ 657.061851][ C1] ? tcp_fastopen_defer_connect+0x65/0x430 [ 657.067871][ C1] tcp_v6_connect+0x1bcc/0x1e40 [ 657.072932][ C1] ? __pfx_tcp_v6_connect+0x10/0x10 [ 657.078305][ C1] __inet_stream_connect+0x2ef/0x1730 [ 657.083850][ C1] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 657.090368][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 657.095751][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 657.101757][ C1] ? __local_bh_enable_ip+0x74/0xb0 [ 657.107143][ C1] ? _raw_spin_unlock_bh+0x2d/0x40 [ 657.112461][ C1] ? lock_sock_nested+0x1de/0x200 [ 657.117679][ C1] inet_stream_connect+0x6a/0xd0 [ 657.122789][ C1] ? __pfx_inet_stream_connect+0x10/0x10 [ 657.128600][ C1] kernel_connect+0x9f/0xe0 [ 657.133267][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 657.138657][ C1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 657.144663][ C1] smc_connect+0xda0/0x1350 [ 657.149337][ C1] __sys_connect+0x606/0x690 [ 657.154130][ C1] ? kmsan_get_metadata+0x13e/0x1c0 [ 657.159549][ C1] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 657.166082][ C1] ? __pfx_smc_connect+0x10/0x10 [ 657.171212][ C1] __x64_sys_connect+0x91/0xe0 [ 657.176187][ C1] x64_sys_call+0x27a5/0x3ba0 [ 657.181141][ C1] do_syscall_64+0xcd/0x1e0 [ 657.185795][ C1] ? clear_bhb_loop+0x25/0x80 [ 657.190630][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.196752][ C1] RIP: 0033:0x7f6b1377def9 [ 657.201290][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 657.221093][ C1] RSP: 002b:00007f6b145df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 657.229689][ C1] RAX: ffffffffffffffda RBX: 00007f6b13935f80 RCX: 00007f6b1377def9 [ 657.237803][ C1] RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000003 [ 657.245897][ C1] RBP: 00007f6b137f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 657.253994][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 657.262087][ C1] R13: 0000000000000000 R14: 00007f6b13935f80 R15: 00007fffa39a0878 [ 657.270219][ C1] [ 657.273562][ C1] Kernel Offset: disabled [ 657.277958][ C1] Rebooting in 86400 seconds..