last executing test programs: 9m48.436622342s ago: executing program 2 (id=797): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11}}) ioctl(r0, 0x8b1a, &(0x7f0000000040)) 9m46.342345503s ago: executing program 2 (id=809): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_DELCHAIN={0x30, 0x5, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFTA_CHAIN_HOOK={0x4}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x58}}, 0x20000080) 9m44.949360927s ago: executing program 2 (id=816): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f0000000100)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r1, 0x0}) ioctl$DRM_IOCTL_MODE_DIRTYFB(r0, 0xc01864b1, &(0x7f00000000c0)={r2, 0x2, 0x8, 0x1, &(0x7f0000000080)=[{0x2, 0x1, 0xd5, 0x5}]}) 9m43.523588858s ago: executing program 2 (id=823): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x47, 0xc1e, &(0x7f0000001940)="$eJzs3V1oXOl5B/DnnSNZI22aaLOJN2mz6UBKYpTa+Cu2gkuQs4ragOMNkRW6V9How86w8oyR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi27CmfmHWlky5Z2vbLk3d9vmf2fOfOc8fsxPnMEfnUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIj4/Bcunz6TDrsVAMCjdHXyK6fP+f4HgPeUa37+BwAAAAAAAAAAAACAoy5FEccjxdArG2m6/byjeqXRvH1nanxi98MGU6SoRNGuLx/VM2fPnf/MhYuj3Xzw8e+0j8Zzk9cu155t3by1OL+0ND9Xm2o2Zltz8/t+h4c9/m4j7QGo3Xzh9tz160u1s6fO7Xj5zvBrA08cH7508eSF0W7t1PjExGRPTV//2/7T73G/FR7Hooh6pHhj+PVUj4hKPPxY7PHZOWiD7U6MtDsxNT7R7shCo95cLl9MlVxViaj1HDTWHaNHMBcPZSxipWx+2eCRsnuTt+qL9ZmF+dqX64vLjeVGq5kqndaW/alFJUZTxGpErA/c+3b9UcTHI8VLpzfSTEQU3XH4dHth8N7tqRxAH/ehbGetP2K18hjM2RE2EEVcjRS/ePVEzJZjlh/xyYgvlflKxMtlfi4ilR+M8xE/3+VzxOOpL4r490jRShtprn0+6J5Xrny19sXm9VZPbfe88th/PzxKR/zcVI0iZtpn/I309i92AAAAAAAAAAAAAAAAAHinDUYR340Uf/LM77XXFUd7XfoHLo2+7/nf7l0z/vQe71PWnoqIlcr+1uT256XDqVL+dwAdY1+qUcS38vq/PzrsxgAAAAAAAAAAAAAAAAAAALynFfF8pPjayRNpNXrvKd5o3qhdq88sdO4K2733b/ee6Zubm5u11MmxnNM5V3Ku5lzLuZ4zKvn4nGM5p3Ou5FzNuZZzPWcU+ficYzmnc67kXM25lnM9Z/Tl43OO5ZzOuZJzNedazvWccUTu3QsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8G5SiSLejBTf+cZGihQRYxHT0cm1gcNuHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQqqYiTkWKteer7eerlYhrEfHm5uZm9xERG2U+rMPuKwAAAAAAAAAAAAAAAAAAABxZqYhPRIqn/m8j1SLizvBrA08cH7508eSF0SKKSGVJb/1zk9cu155t3by1OL+0ND9Xm2o2Zltz8/v946pXGs3bd6bGJw6kM3saPOD2D1afbd16cbFx4+vLu74+VL08s7S8WJ/d/eUYjErEdO+ekXaDp8Yn2o1eaNSb7UNT5T4NrESM7bczAAAAAAAAAAAAAAAAAAAAHBlDqYgvRIqf/df51F033tdZ8/8rnWfFVu3Lf7D9uwAW7squ3t8fsJ/ttN+GjrQX3temxicmJnt29/XfW1q2KaUino4Un3rpI+318CmGdl0bX9a9v6y7eT7XDf9aWbeyo6o6MjU+Ubvaap68vLDQmq0v12cW5muTt+qz+/7FAQAAAAAAAAAAAAAAAAAAAPAAQ6mIn0SK//n7/0jd+87n9f99nWc96/9/q72Evq2aduaW9tr+97fX9ne2P3BpdOjjz9xv/0Gs/y/blFIR344U537ykfb99Lvr/6fvqi3r/ixSvP7Mx3Jd5VhZV+92p/OO1xsL86fL2r+OFL/+Rrc22rU3cu1T27VnytrBSPGXGztrv55rP7Rde7asPREpfvDfu9d+eLv2XFn7s0jxT39X69YOlbW/n2uPb9eemm0tzO01rOX8fy9S/O3V30ndPt93/nt+/8PKXbnlnjl/8PY7Nf/DPftW8rz+aZ7/+h7zfyFSfK/6sVzXGfuZ/PqT7f9vz/+nIsV//tvO2uu59oPbtWf26k51v/0+YOX8fzdSfP+vfrrV5zz/eWS3Z6h3/n+1b2dufUoOaf6f7Nk3nNs1+xbH4r1o6cVvvlBfWJhftGHDho2tjcM+M/EolN//fx4p/v94kbrXMfn7/32dZ9vXf//7re3v/0t35ZZD+v7/YM++S/mqpb8vorp881b/0xHVpRe/ebJxs35j/sZ88+yZ05/97IUzp89c6D/Wvbjb3tr32L0blPP/o0jx43/48dbPMTuv/3a//h+6K7cc0vw/1dunHdc1+x6K96Ry/v8mUjz5+Z9u/bz5oOv/7s//Jz6xM7f+/h07nPn/UM++4dyuxlscCwAAAAAAAAAAgMfJUCriLyLF7/7xb6buGqL9/Pu/ubtyyyH9+7/jPfvmHtG6hn0PMgDAEVJe/304Uvzz5g+31nLvvP6L3+jW9l7/3c9RuP8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA87lIU8YeRYuiVjbQ2UD7vqF5pNG/fmRqf2P2wwRQpKlG068tH9czZc+c/c+HiaDcffPw77aPx3OS1y7VnWzdvLc4vLc3P1aaajdnW3Py+3+Fhj7/bSHsAajdfuD13/fpS7eypcztevjP82sATx4cvXTx5YbRbOzU+MTHZU9PX/7b/9Huk++w/FkX8MFK8Mfx6+v5ARCUefiz2+OwctMF2J0banZgan2h3ZKFRby6XL6ZKrqpE1HoOGuuO0SOYi4cyFrFSNr9s8EjZvclb9cX6zMJ87cv1xeXGcqPVTJVOa8v+1KISoyliNSLWB+59u/4o4tuR4qXTG+lfBiKK7jh8+urkV06f27s9lageQC/3VLaz1h+xWnkM5uwIG4gi/jFS/OLVE/GDgYi+6DzikxFfKvOViJfL/FxEKj8Y5yN+vsvniMdTXxRxPlK00kZ6daA8H3TPK1e+Wvti83qrp7Z7XnnL3w/Hdj499O+HR+mIn5uqUcSP2mf8jfSv/l4DAAAAAAAAAAAAAAAAHCFFrEaKr508kdrrg7fWFDeaN2rX6jMLnWV93bV/3TXTm5ubm7XUybGc0zlXcq7mXMu5njMq+ficYzmnc67kXM25lnM9ZxT5+JxjOadzruRczbmWcz1n9OXjc47lnM65knM151rO9ZxxRNbuAQAAAAAAAAAAAAAAAAAA7y6VKNp3cf/ONzbS5kDn/tLT0ck19wN91/tlAAAA//97yXUD") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, 0x0) 9m40.983151201s ago: executing program 2 (id=835): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="800000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001000000000008000740000000011c00108008000140000000000800024000000000080003"], 0x80}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x38, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0) 9m36.337065386s ago: executing program 2 (id=845): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x3, {0x2, 0xf0, 0x3}, 0xfe}, 0x18) sendmsg(r0, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0xc805) 9m33.03209628s ago: executing program 32 (id=845): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x3, {0x2, 0xf0, 0x3}, 0xfe}, 0x18) sendmsg(r0, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0xc805) 7m11.262668299s ago: executing program 5 (id=1334): r0 = io_uring_setup(0x1de0, &(0x7f0000000200)={0x0, 0x446c5}) close(r0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0) 7m8.81228916s ago: executing program 5 (id=1339): r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x10, 0x0, 0x0, 0x0, 0x31713, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000000)={0x6, 0xffffffffffffffff, 0xc, {0x4, 0x1}, 0x6}, 0x1) 7m7.810249957s ago: executing program 5 (id=1342): openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x9a85, 0x0, 0x0, 0x180000}, &(0x7f0000000340)=0x0, &(0x7f0000000380)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 7m7.000161302s ago: executing program 5 (id=1346): syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000500)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00089aafc727346c3e0d8728525a2641b3b31621730c58dcf8e0ca2e6767a45a978776e9d2c689feab83a160d00a77ae5112cd4e7141cad333d7cbb69dc6b314609d3827059c11066ba0b4b95c12d2d9ff9c8896d9e247bd55f9ff578a14e0e9d0ca07693396b00d2ef44adb4858475a07d5e8fa3ef5b306fe8a5d1cd2d8e06e7f88226ece092c6aabf8870e140124d5a48670513e0c419c99b7c5105959e7a535f12694634cf272490e0000"], 0x81, 0x4ac, &(0x7f00000011c0)="$eJzs20tsG1UXwPFzPLbruPk+3Adpi6piCSRCS9skLmmrIKE8iEBqG0gaEBUPhdgJJk4cxSkkVUu7BHYsumTJlgUrxBZVYolYoCDUXemGjVeUHeiO52XXSewm8TT1/1e1dx7H7r33zMy914kFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIDL022NOrYdcCAAC00qWJ8Z4M4z8AAG3lMut/AACAdqJiyR+icnKurBft/YrEhfzC1ZXJkdH6L+tQUYmIZcebv4nevsyZl/vPnnPLjV+/3Y7I2MTlwfRwcX5xKVcq5bLpyYX8dDGba/gdtvr6WsftDkjPz13NzsyU0n2nMlWnV1L39+ztSg30vz8cd2MnR0ZHJwIx0dgj/+8PWW+GHxdLXhSVT374Ti+JSES23hebXDs7rcNuxHG7EZMjo3ZDCvmphWVzUiNOVKS6T+JuH7UgF1sSETH10vj2rNliYsmPojJ0uqxjImK5/XDC/mC4ofqEIWqWriLSLbsgZ4+xPWLJh6Jy53RK3nT61c5/XOR62JXDjos6939Ry/qW/Tww95N5bF54O/3GwkwxEKsR545qZnyocw+GPj600mP+bEqIJWP2HV/W8bArg5brEEvmRSX+9af2vELseelTA2ePPXs+OMM4tMn7mNhTzs3VyJgcc6YOGjF/HqHa2BYJteRPUXnwe8Le73Zyw08E2oRaUhCVf26UVWvWpVZgfe/Z7WvDna1/R2K4uLi6lJ/9eLnu+WRi8KPS8tLUdP3TlbWrFTyy2Tq2VqS5JVlSKyu+Lz4re69z1gD/q+z5tfn2un8tdNeUruD108h2w8+ZJuZRpk6qltwTlZkPDlfGGUk23TftwOR/VFRK5V/UzbST/2hlL5D/V/z+S2h16bFz+//K51ruXOLIlYPrHd+J/Js6mfy/KypDfx92PtOo5N+qiTVxXaLy3u2jTlwkbuKibnMq7ziTL+R6TOy/orL/ZzdW7NikE3vAj+01sSVR+fJOdexeJ/agH9tnYtdE5e5v9WOf9mMzJnbV5Otu2o1NmthjTmyXH3tquljIbtatJv99ovLOzdfVbfO6+Q/c/7dqSs9DOd94e7vynwocu+Xk9YqT/+gm+f9KVFb/Ouq22+5797LaZ//r59/Mlb+/XR3rTkb3+7G9jTYrbCb/+0Tl/qtrXpudtjm7foaC+X8mWl16/RpS/vcFjqWcesWb7It2VFq9NjdVKOSW2GCDDTa8jbCfTGgFM/6Pm1G931J3HuOM/52VPX/G9OBzf/wfqCk9IY3/+wPHBpxZSywqklieX4wdEkmUVq+dzM9PzeZmcwuZM/09fefP9GTOxeLu5M7farjvngQm/ydE5cZPv3rrmOr5X/35f7Km9ISU/wPBNlXNaxruirZk8t8pKv331rz15kbzf3f93/1cdendfyHl/2DgWMqpV2eTfQEAAAAAAAAAAAAAAAAAu0lSLXleVFbGX1L3O0SN/P5ftqb0hPT7X12BY9nt/16D+9WoqlONVh0AAAAAAAAAAKCVImLJN6LygpT1pjnQKXIxWOKJ9l8AAAD//16uQhc=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000200)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000)=ANY=[]) 7m6.049527253s ago: executing program 5 (id=1352): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) setpgid(0xffffffffffffffff, 0x0) 7m4.70784315s ago: executing program 5 (id=1356): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f0000000500)=""/196, 0xff89) 7m2.425058239s ago: executing program 33 (id=1356): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f0000000500)=""/196, 0xff89) 1m35.694264379s ago: executing program 6 (id=2458): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000080), 0x10) sendmsg$can_bcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05000000000000090000f0edffff801c", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00000080"], 0x48}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1m35.072746282s ago: executing program 6 (id=2463): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000240)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) 1m34.336386984s ago: executing program 6 (id=2469): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000080)={0x77359400}, &(0x7f0000001b40)) 1m33.5118068s ago: executing program 6 (id=2473): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000080)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@nodioread_nolock}, {@quota}, {@quota}]}, 0x3, 0x443, &(0x7f0000000dc0)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=") mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000640)='./file0\x00', 0x0, 0x2901090, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000340)='.\x00', &(0x7f0000000180)='./file0/../file0/../file0\x00') 1m32.286607163s ago: executing program 6 (id=2481): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10) sendfile(r1, r0, 0x0, 0x20000023893) 1m30.948645102s ago: executing program 6 (id=2485): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) r1 = syz_io_uring_setup(0xc2, &(0x7f0000000480)={0x0, 0x0, 0x800, 0x3, 0x351}, &(0x7f0000002bc0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, r0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001540)=[{0x18, 0x1, 0x1, "c38a19"}], 0x18}, 0x0, 0x4000800}) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) 1m29.584545173s ago: executing program 34 (id=2485): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) r1 = syz_io_uring_setup(0xc2, &(0x7f0000000480)={0x0, 0x0, 0x800, 0x3, 0x351}, &(0x7f0000002bc0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, r0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001540)=[{0x18, 0x1, 0x1, "c38a19"}], 0x18}, 0x0, 0x4000800}) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) 44.096870194s ago: executing program 1 (id=2649): keyctl$get_keyring_id(0x0, 0x0, 0x80000001) syz_mount_image$minix(&(0x7f00000003c0), &(0x7f0000000040)='./bus\x00', 0x280085e, &(0x7f0000000100)=ANY=[], 0xa, 0x229, &(0x7f00000005c0)="$eJzs2z1PFEEcx/HfPtxxoIARtTCaEI1oI+dDZWHUjoo3QEXgVOIaUbSAmAiNWphQ2dlYmZhYWBqDnbHyBViY2GmIFJdYWbBmz32Am3vO3a4e30/D7Pxm2NkNc/eH5QRgz7qqcVmylA8OjhUOrI9ZWS8JQEr88Ou26yfsKATQ324OZ70CANnYuia9OCX9LD+ck5OPyoKgAvi6KWlj4olWFeb2gKRXnyU3rh+21qSjbphbBQ1W1xcvpdPRfGvIqD+C+UNxvm9HMhjnZ05G59+vYY1oNBckBzUW5vPx/CNN6x23reoIAID+ZGmyWd5wgK3rC17pXN08V8nP183zlfxCk/xifDwQt2aeTz9471/eDvLJuTvefKNlAqjB7mD/fzmetJ0m+9+ts/+rf08AkL6l5ZVbs57nP5IqjdK9sCdsRH8RSHocY0xXGtEzhxYGR08ojSj4Hjt6HHP6+oR57d27CjtZ2Kik3tyof7ihGtG3qb/3JO6xe3HndzVO/Pj9ePHZ23etDH7T5ins+KduZqNUrhojW+rhdY0bu2DWK7Q23Vr1/TZPWvPlIvnngEK3X4kApK14//ZicWl55eyCI+lGKRe94U9936xU9sXG9T2A/1fypl8rXTN6/N2H0x8//Spfev20gzNfkfTBfCAIAAAAAAAAAAAAAADadkiHs14CAAAAgJSYn/65O9Ltjy5lfY0AAAAAAAAAAAAAAAAAAPSbPwEAAP//dhAJcA==") r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x2) pwritev2(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)="df", 0xff00}], 0x1, 0x7ffffe, 0x0, 0x0) write$vga_arbiter(r0, &(0x7f0000000000)=@target={'target ', {'PCI:', '1', ':', '1c', ':', '4', '.', 'f'}}, 0x14) 43.473183278s ago: executing program 1 (id=2643): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000009c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000040)={0x28, r2, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x8, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}, 0x28}}, 0x20000000) 42.791463589s ago: executing program 1 (id=2648): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000640)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="02"], 0x10) socket$kcm(0xa, 0x2, 0x73) 42.13794786s ago: executing program 1 (id=2653): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000b00)={0x48, 0x1, r1, 0x0, 0xffffbffffffffffb, 0x403}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000540)={0x48, 0x1, r1, 0x0, 0x1000000000002, 0x6dd}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000080)={0x28, 0x2, r1, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000}) 41.470387962s ago: executing program 1 (id=2657): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') read$nci(r1, &(0x7f0000000240)=""/68, 0x44) 14.028019108s ago: executing program 0 (id=2731): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x358, 0x800000000000) 13.561631811s ago: executing program 0 (id=2734): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x5fef, 0x4) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 10.084085151s ago: executing program 1 (id=2657): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') read$nci(r1, &(0x7f0000000240)=""/68, 0x44) 6.564638936s ago: executing program 0 (id=2744): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000003c0)={@val={0x800e}, @void, @eth={@broadcast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0xe000, 0x0, 0x4, 0x0, @empty, @loopback}, {0x0, 0x0, 0x8}}}}}}, 0x2e) 5.445445025s ago: executing program 4 (id=2746): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x3804402, &(0x7f0000000240)={[{@user_xattr}, {@abort}, {@resuid}, {@user_xattr}, {@discard}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@nolazytime}, {@noinit_itable}, {@nomblk_io_submit}, {@nodiscard}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40000}}]}, 0x1, 0x55f, &(0x7f0000000c80)="$eJzs3d9rW+UbAPDnpO1+77sOxvgqIoVdOJlL19YfE7yYl6LDgd7PkmRlNFlGk461Dtwu3I03MgQRB+K1eu/l8B/wrxjoYMgoingTOelJl7VJm3XZmpnPB077vuec9D1Pznnevm9OQgIYWhPpj1zECxHxZRJxqG3baGQbJ1b3W3lwrZAuSTQaH/2RRJKta+2fZL/3Z5X/R8Qvn0ecyG1st7a0PD9bLpcWsvpkvXJ5sra0fPJiZXauNFe6ND0zc/qNmem333qzb7G+eu6vbz68897pL46tfP3TvcO3kjgTB7Jt7XE8gevtlYmYyJ6TsTizbsepPjQ2SJKdPgC2ZSTL87FI+4BDMZJlPfDf91lENIAhlch/GFKtcUBrbt+nefBz4/67qxOgjfGPrr42Enuac6N9K8kjM6N0vjveh/bTNn7+/fatdIn+vQ4BsKXrNyLi1Ojoxv4vyfq/7TvVwz7r29D/wbNzJx3/vNZp/JNbG/9Eh/HP/g65ux1b53/uXh+a6Sod/73Tcfy7dtNqfCSrHWyO+caSCxfLpbRv+19EHI+x3Wl9s/s5p1fuNrptax//pUvafmssmB3HvdHdjz6mOFuffZKY292/EfFix/Fvsnb+kw7nP30+zvXYxtHS7Ze7bds6/qer8X3EKx3P/8M7Wsnm9ycnm9fDZOuq2OjPm0d/7db+Tsefnv99q/H/nU0J18c/nrTfr609fhvf7fmn1G3bdq//XcnHzfKubN3V2Xp9YSpiV/LBxvXTDx/bqrf2T+M/fmzz/q/T9b83Ij7pMf6bR358afvxP11p/MXNr/915//xC3ff//Tbbu33dv5fb5aOZ2t66f96PcAnee4AAAAAAABg0OQi4kAkufxaOZfL51ff33Ek9uXK1Vr9xIXq4qViND8rOx5judad7kNt74eYyt4P26pPr6vPRMThiPhqZG+zni9Uy8WdDh4AAAAAAAAAAAAAAAAAAAAGxP4un/9P/Tay00cHPHW+8huG15b5349vegIGkv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX507ezZdGisPrhXSevHK0uJ89crJYqk2n68sFvKF6sLl/Fy1Olcu5QvVylZ/r1ytXp6ajsWrk/VSrT5ZW1o+X6kuXqqfv1j54WBEaeyZRAUAAAAAAAAAAAAAAAAAAADPl9rS8vxsuVxaUGgWdsdAHMZzVBgdjMNQ6HNhp3smAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjo3wAAAP//waw5Ug==") r0 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x0) fallocate(r0, 0x1, 0x0, 0x1001f0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) pwritev2(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0xe7b, 0x0, 0x0) 4.35649354s ago: executing program 7 (id=2749): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, r2, 0x1, 0x70bd2c, 0x25dfdb00, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0xc}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0xc40) 4.033138691s ago: executing program 4 (id=2750): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0xfd, 0x5, 0x6, 0x0, 0xf, 0x4d, 0x0, 0x7, 0x1, 0x10, 0x0, 0xd2, 0x80, 0x4}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000140)={0x52, 0x8007, 0x4, 0x80000000, r1}, &(0x7f0000000180)=0x10) 3.896323218s ago: executing program 3 (id=2751): r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000200)=0x4) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000480)={0x57, 0x0, 0x0, {0x1, 0x1}, {0x80, 0x2}}) write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250) 3.842585804s ago: executing program 0 (id=2752): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f0000000580)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e24, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000180)=[@window={0x3, 0xd, 0x5}, @sack_perm, @window={0x3, 0x7f, 0x1}, @window={0x3, 0xa8, 0x3ff}, @timestamp, @sack_perm, @window={0x3, 0x0, 0xe19}, @sack_perm], 0x8) getsockopt$inet_tcp_buf(r0, 0x6, 0xb, 0x0, &(0x7f0000000040)) 3.765213623s ago: executing program 4 (id=2753): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) pselect6(0x40, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x1, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x3}, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) 3.4710728s ago: executing program 7 (id=2754): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r0, 0x101, 0x0) getdents64(r0, 0x0, 0x0) 3.269155642s ago: executing program 3 (id=2755): syz_open_dev$media(&(0x7f0000000040), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_io_uring_setup(0x239, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f00000002c0)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) 3.161567408s ago: executing program 0 (id=2756): munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil) 2.747393231s ago: executing program 7 (id=2757): syz_clone(0x2a809000, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0) r0 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r0, 0x48e9, 0x225e, 0x2, 0x0, 0x0) rt_sigsuspend(&(0x7f0000000080)={[0x6]}, 0x8) 2.724561041s ago: executing program 3 (id=2758): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) bind$tipc(r0, 0x0, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r1, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10, 0x0}, 0x0) 2.345408521s ago: executing program 4 (id=2759): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) recvmmsg(r0, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0) 2.093282547s ago: executing program 3 (id=2760): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}}, 0x0) r1 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r1, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000600)="3001fb90", 0x4}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}, 0x0) 1.410676341s ago: executing program 3 (id=2761): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r0, &(0x7f0000001980)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa10100000009b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad7c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af801034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8924, &(0x7f0000000240)={'macsec0\x00', 0x1}) 1.246092209s ago: executing program 7 (id=2762): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0xffb) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x2, 0x0, 0x80, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0}) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3000001, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000540)=0x7b1) 840.534799ms ago: executing program 4 (id=2763): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x0, 0x0, 0x43, 0x0, "0aaa8ff5a212a1bd3bbda613efd9c8b4965dca66db42f66a86e5781cf86717055a7c1d13e6507e5a774ef95f2fc1b947e03d5c8379123f2f1d34b0882e83d41b67cb9ff147c6d33a097d2269351b3ed3"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6803e10951cd4b347113e55eb289519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8) close(0x3) 733.777932ms ago: executing program 7 (id=2764): read$FUSE(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r1, &(0x7f0000000400)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x8000, 0x2}, 0xe) 97.486736ms ago: executing program 0 (id=2765): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000380)={'syz0\x00', {0xff, 0x6, 0x7fff, 0x8d5}, 0x24, [0x10000, 0xeba, 0x80000000, 0xe67, 0x8, 0x1, 0x5, 0x7ff, 0x54, 0x7fffdfff, 0x2, 0xc, 0x8, 0x9, 0x9, 0x6, 0x6, 0x40000, 0xa, 0x23, 0x2, 0x0, 0x3ff, 0xfffffff4, 0x1, 0xda6, 0x3, 0xa7, 0xeb36, 0x2, 0x9, 0x76c9, 0x200, 0x1, 0x1, 0x1, 0x7, 0x9, 0xf, 0xb, 0x10, 0x80000000, 0x8, 0xb50, 0x0, 0x800, 0x3, 0xaf6, 0x7b0, 0xfffffffe, 0x5, 0x8, 0x24, 0x7fff, 0x8, 0x1, 0x200, 0x0, 0x0, 0x7f, 0x964e, 0x2d5, 0x149, 0x1], [0x800, 0xfffffff9, 0x4, 0x3, 0x8e, 0x7, 0x13e, 0x9, 0x4, 0x2, 0x0, 0x7, 0x6, 0x26b8, 0x9, 0x8, 0x2, 0x5, 0x40, 0x7ff, 0x7ff, 0x5, 0x9, 0x800, 0x89, 0x7ff, 0x0, 0x1, 0xfffffff7, 0x9, 0x9, 0x4d26, 0x10000, 0x8, 0x1, 0x6, 0x0, 0x4, 0x4c, 0x9, 0x8, 0x5, 0xe66, 0x8, 0x2, 0x81, 0x4b, 0x4, 0x8, 0xb, 0x4, 0x9, 0x101, 0x8d1, 0x8fd, 0xfffffffa, 0xe0, 0x8e, 0x10001, 0x4, 0x401, 0xae0, 0x7f, 0x9], [0x8396, 0x7, 0x6, 0x9, 0x8000, 0x1, 0x9, 0xe88, 0x8, 0x5, 0x0, 0x400, 0x1000, 0x9, 0x6e, 0x8000, 0x7, 0x3, 0x6, 0x5, 0x3, 0xc9, 0x2, 0x3, 0x0, 0x2, 0x2, 0xc, 0x5, 0xb0f, 0x1e, 0x3, 0x800, 0x8, 0x9, 0x3, 0x1, 0xfffffff7, 0x4, 0xe, 0x464b, 0x5, 0x2e7, 0x7ff, 0x1ff, 0x6, 0x87ff, 0x2, 0x7fffffff, 0xffffffff, 0x1, 0xffff, 0xd5d, 0xa0c787d, 0xffffff4e, 0x9, 0x4, 0x40, 0x3, 0x0, 0x1fc1, 0x9, 0x1, 0x3], [0x10, 0x7, 0x9, 0x2, 0xa5e, 0xfe, 0xff, 0x3, 0x80000000, 0x0, 0xf, 0x2, 0x4, 0x7, 0x7, 0x0, 0xfffffffd, 0xfffffff8, 0xc, 0x4, 0x3, 0xff, 0x6, 0xcc, 0x6, 0x4000400, 0xffffffff, 0xfffffffb, 0x40, 0x80000000, 0x4, 0x7, 0xfff, 0x40, 0x9, 0x6a6d06fb, 0x9, 0x1, 0x0, 0x7, 0x8ac1, 0x3, 0x4, 0x80000000, 0x80000002, 0xff, 0x6, 0x3, 0xfffff801, 0xffffffff, 0x37d, 0xfffffff8, 0xd, 0x7, 0xd, 0x9, 0x6eaf, 0x0, 0x401, 0x5e02, 0x402, 0x3, 0x5, 0x400]}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) 96.97996ms ago: executing program 4 (id=2766): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000140)=0x3, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000240)=':', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c) 21.948055ms ago: executing program 7 (id=2767): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, 0x0, 0x20000000) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x28, r0, 0x9, 0x70bd2a, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0) 0s ago: executing program 3 (id=2768): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x15) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000023896) kernel console output (not intermixed with test programs): ct, device number 14 [ 813.220810][T11460] loop6: detected capacity change from 0 to 32768 [ 813.291964][T11460] read_mapping_page failed! [ 813.296767][T11460] ERROR: (device loop6): txAbort: [ 813.296767][T11460] [ 813.310651][T11460] ERROR: (device loop6): remounting filesystem as read-only [ 813.398869][ T112] ERROR: (device loop6): diFree: numfree > numinos [ 813.398869][ T112] [ 813.543075][T11467] smb3: Unknown parameter 'aclš' [ 814.605731][T11480] loop3: detected capacity change from 0 to 256 [ 815.016918][T11480] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 817.890345][T11499] loop6: detected capacity change from 0 to 32768 [ 817.903926][T11499] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1869 (11499) [ 817.924508][T11499] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 817.940044][T11499] BTRFS info (device loop6): using sha256 (sha256-x86_64) checksum algorithm [ 817.951839][T11499] BTRFS info (device loop6): disk space caching is enabled [ 817.960683][T11499] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 818.231682][T11499] BTRFS info (device loop6): rebuilding free space tree [ 818.278157][T11499] BTRFS info (device loop6): disabling free space tree [ 818.285662][T11499] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 818.297842][T11499] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 818.532448][ T9774] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 818.931315][T11529] loop3: detected capacity change from 0 to 512 [ 819.275376][T11529] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.1874: casefold flag without casefold feature [ 819.332335][T11529] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.1874: couldn't read orphan inode 15 (err -117) [ 819.378432][T11529] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 820.040307][ T5799] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 820.460284][T11543] loop0: detected capacity change from 0 to 4096 [ 821.025886][T11545] loop1: detected capacity change from 0 to 32768 [ 821.082403][T11543] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 821.119688][T11545] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 821.572990][T11545] XFS (loop1): Ending clean mount [ 821.580250][T11545] XFS (loop1): Metadata CRC error detected at xfs_inobt_read_verify+0xaf/0x2d0, xfs_finobt block 0x20 [ 821.593457][T11545] XFS (loop1): Unmount and run xfs_repair [ 821.599442][T11545] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 821.607230][T11545] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 821.616595][T11545] 00000010: 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 40 ....... .......@ [ 821.630702][T11545] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a ...B..N....xv... [ 821.640043][T11545] 00000030: 00 00 00 00 8a d2 18 46 00 00 16 80 00 00 40 37 .......F......@7 [ 821.650949][T11545] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 821.660284][T11545] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 ................ [ 821.669585][T11545] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 821.678920][T11545] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 821.685977][T11563] overlayfs: upper fs does not support tmpfile. [ 821.688119][T11545] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x33d/0x5f0" at daddr 0x20 len 8 error 74 [ 821.706773][T11545] XFS (loop1): Failed to initialize disk quotas, err -117. [ 821.793537][T11563] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 821.872666][ T5801] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 821.882637][ T5801] XFS (loop1): Uncorrected metadata errors detected; please run xfs_repair. [ 823.320291][T11576] loop0: detected capacity change from 0 to 4096 [ 823.571627][T11577] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 823.640094][T11576] NILFS error (device loop0): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11 [ 823.664252][T11576] NILFS error (device loop0): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11 [ 824.697097][T11587] loop0: detected capacity change from 0 to 2048 [ 824.785953][T11587] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 825.798238][T11603] loop6: detected capacity change from 0 to 22 [ 825.805447][T11601] loop3: detected capacity change from 0 to 164 [ 825.859965][T11602] loop1: detected capacity change from 0 to 512 [ 825.882826][T11603] romfs: bad initial checksum on dev loop6. [ 825.927680][T11602] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 826.040969][T11602] EXT4-fs (loop1): 1 truncate cleaned up [ 826.049520][T11602] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 826.063721][T11607] loop0: detected capacity change from 0 to 64 [ 826.611088][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 827.088765][T11618] loop1: detected capacity change from 0 to 1024 [ 827.248724][T11624] syz_tun: entered allmulticast mode [ 827.285348][T11623] syz_tun: left allmulticast mode [ 827.598093][T11616] loop3: detected capacity change from 0 to 32768 [ 827.672147][T11616] XFS (loop3): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 827.722506][T11618] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 827.735739][T11618] ext4 filesystem being mounted at /380/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 827.854671][T11618] EXT4-fs error (device loop1): ext4_map_blocks:816: inode #15: block 3: comm syz.1.1907: lblock 3 mapped to illegal pblock 3 (length 1) [ 827.906449][T11618] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117 [ 827.921172][T11618] EXT4-fs (loop1): This should not happen!! Data will be lost [ 827.921172][T11618] [ 827.963080][T11616] XFS (loop3): Ending clean mount [ 827.976250][T11641] macvlan3: entered promiscuous mode [ 827.987089][T11642] EXT4-fs error (device loop1): ext4_free_blocks:6587: comm syz.1.1907: Freeing blocks not in datazone - block = 3, count = 1 [ 828.019801][T11641] macvlan4: entered promiscuous mode [ 828.188353][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 828.207975][ T5799] XFS (loop3): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 829.650697][T11661] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1922'. [ 830.274171][T11671] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 830.359617][T11673] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed. [ 831.319253][T11675] loop1: detected capacity change from 0 to 32768 [ 831.334261][T11675] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1928 (11675) [ 831.370893][T11675] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 831.385432][T11675] BTRFS info (device loop1): using sha256 (sha256-x86_64) checksum algorithm [ 831.396958][T11675] BTRFS info (device loop1): using free-space-tree [ 831.595010][T11692] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1934'. [ 831.686084][T11675] BTRFS info (device loop1): rebuilding free space tree [ 831.752414][T11675] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 832.411021][T11706] loop6: detected capacity change from 0 to 512 [ 832.480652][T11706] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 833.023822][ T9774] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 833.685320][T11718] loop1: detected capacity change from 0 to 32768 [ 833.738013][T11718] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 834.073722][T11718] XFS (loop1): Ending clean mount [ 834.195947][ T5801] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 835.588741][T11745] netlink: 'syz.3.1949': attribute type 26 has an invalid length. [ 835.754783][ T5858] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 836.693169][T11748] loop6: detected capacity change from 0 to 32768 [ 836.730784][ T5858] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 836.740403][ T5858] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 836.759870][ T5858] usb 1-1: config 0 descriptor?? [ 836.785148][T11748] ocfs2: Slot 0 on device (7,6) was already allocated to this node! [ 836.956682][T11748] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 837.637444][ T9774] ocfs2: Unmounting device (7,6) on (node local) [ 838.405397][ T5858] usb 1-1: Cannot set autoneg [ 838.411159][ T5858] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 838.555552][ T5858] usb 1-1: USB disconnect, device number 11 [ 838.610181][T11753] loop1: detected capacity change from 0 to 4096 [ 838.963250][T11753] ntfs3(loop1): ino=1a, mi_enum_attr [ 838.969003][T11753] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 839.102005][ T30] audit: type=1800 audit(1750685344.373:29): pid=11753 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1944" name="file0" dev="loop1" ino=0 res=0 errno=0 [ 840.030215][ T30] audit: type=1326 audit(1750685345.293:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11777 comm="syz.4.1960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa45458e929 code=0x7ffc0000 [ 840.056745][ T30] audit: type=1326 audit(1750685345.303:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11777 comm="syz.4.1960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fa45458e929 code=0x7ffc0000 [ 840.082600][ T30] audit: type=1326 audit(1750685345.303:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11777 comm="syz.4.1960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa45458e929 code=0x7ffc0000 [ 840.335853][ T30] audit: type=1326 audit(1750685345.383:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11777 comm="syz.4.1960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7fa45458e929 code=0x7ffc0000 [ 840.360503][ T30] audit: type=1326 audit(1750685345.383:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11777 comm="syz.4.1960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa45458e929 code=0x7ffc0000 [ 840.742080][ T1582] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 840.791857][T10649] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 840.792273][T11793] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1965'. [ 840.911921][ T1582] usb 4-1: Using ep0 maxpacket: 16 [ 840.943894][ T1582] usb 4-1: config 1 has an invalid interface number: 105 but max is 0 [ 840.953383][ T1582] usb 4-1: config 1 has no interface number 0 [ 840.959758][ T1582] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 840.970247][ T1582] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 840.984669][ T1582] usb 4-1: config 1 interface 105 has no altsetting 0 [ 841.035049][T10649] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 841.046850][T10649] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 841.057517][T10649] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 841.067201][T10649] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 841.126555][T10649] usb 7-1: config 0 descriptor?? [ 841.143411][ T1582] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 841.153366][ T1582] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 841.161800][ T1582] usb 4-1: Product: syz [ 841.166251][ T1582] usb 4-1: Manufacturer: syz [ 841.171091][ T1582] usb 4-1: SerialNumber: syz [ 841.208102][T11785] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 841.221262][T11785] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 841.603057][T10649] keytouch 0003:0926:3333.0013: fixing up Keytouch IEC report descriptor [ 841.664251][T10649] input: HID 0926:3333 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0926:3333.0013/input/input26 [ 841.705304][T11785] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 841.781794][T11785] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 841.833964][T10649] keytouch 0003:0926:3333.0013: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.6-1/input0 [ 841.880547][T10649] usb 7-1: USB disconnect, device number 11 [ 842.792620][T11809] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1972'. [ 843.195498][ T1582] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 843.208032][ T1582] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 843.245658][ T1582] aqc111 4-1:1.105 eth9: register 'aqc111' at usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 20:fc:94:45:3a:41 [ 843.549834][ T1582] usb 4-1: USB disconnect, device number 15 [ 843.561696][ T1582] aqc111 4-1:1.105 eth9: unregister 'aqc111' usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 843.697432][ T1582] aqc111 4-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 843.707730][ T1582] aqc111 4-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 843.717949][ T1582] aqc111 4-1:1.105 eth9 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 843.913116][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 843.920051][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 844.515166][T11820] Bluetooth: hci0: expected 2 bytes, got 7 bytes [ 844.610267][T11816] loop1: detected capacity change from 0 to 32768 [ 844.729878][T11816] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 845.371025][T11816] XFS (loop1): Ending clean mount [ 845.388963][T11816] XFS (loop1): Quotacheck needed: Please wait. [ 845.489164][T11816] XFS (loop1): Quotacheck: Done. [ 845.637384][ T5801] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 845.989739][T11847] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input27 [ 846.352030][ T1582] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 847.296267][T11854] loop6: detected capacity change from 0 to 32768 [ 847.312079][T11854] (syz.6.1989,11854,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 847.331923][ T1582] usb 4-1: Using ep0 maxpacket: 32 [ 847.339842][T11854] (syz.6.1989,11854,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 847.369347][ T1582] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 847.380811][ T1582] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 847.391101][ T1582] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 847.400610][ T1582] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 847.451114][T11854] JBD2: Ignoring recovery information on journal [ 847.514985][ T1582] usb 4-1: config 0 descriptor?? [ 847.558543][ T1582] hub 4-1:0.0: USB hub found [ 847.586843][T11854] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 847.650573][T11854] (syz.6.1989,11854,0):ocfs2_read_blocks_sync:112 ERROR: status = -12 [ 847.662081][T11854] (syz.6.1989,11854,0):ocfs2_group_add:503 ERROR: Can't read the group descriptor # 562952100904952 from the device. [ 847.782453][ T1582] hub 4-1:0.0: 1 port detected [ 847.863787][ T9774] ocfs2: Unmounting device (7,6) on (node local) [ 848.232290][ T1582] usb 4-1: USB disconnect, device number 16 [ 848.424973][T11868] netlink: 'syz.1.1994': attribute type 32 has an invalid length. [ 848.433286][T11868] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1994'. [ 848.442972][T11868] (unnamed net_device) (uninitialized): option coupled_control: invalid value (115) [ 849.417030][T11880] loop0: detected capacity change from 0 to 256 [ 850.012546][T11888] program syz.3.2003 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 851.039030][T11894] loop6: detected capacity change from 0 to 32768 [ 851.053787][T11894] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2006 (11894) [ 851.077923][T11894] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 851.089810][T11894] BTRFS info (device loop6): using crc32c (crc32c-x86_64) checksum algorithm [ 851.099243][T11894] BTRFS info (device loop6): using free-space-tree [ 851.428882][ T9774] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 852.199809][T11917] loop1: detected capacity change from 0 to 4096 [ 852.487269][T11917] ntfs3(loop1): ino=1a, mi_enum_attr [ 852.493142][T11917] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 852.524886][T11929] netlink: 'syz.0.2016': attribute type 5 has an invalid length. [ 853.608863][ T5858] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 853.647612][T11941] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 853.813648][ T5858] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 853.825003][ T5858] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 853.834609][ T5858] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 853.905554][T11945] loop0: detected capacity change from 0 to 256 [ 853.924275][ T5858] usb 7-1: config 0 descriptor?? [ 853.954170][T11945] exfat: Deprecated parameter 'utf8' [ 853.960326][T11945] exfat: Deprecated parameter 'utf8' [ 854.055867][T11947] netlink: 27 bytes leftover after parsing attributes in process `syz.1.2024'. [ 854.058918][T11945] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 854.233534][ T5858] usb 7-1: USB disconnect, device number 12 [ 856.888062][T11979] loop1: detected capacity change from 0 to 1764 [ 856.928534][ T30] audit: type=1326 audit(1750685362.203:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.3.2040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa0a9d2ab19 code=0x7ffc0000 [ 856.955007][ T30] audit: type=1326 audit(1750685362.203:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.3.2040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa0a9d2ab19 code=0x7ffc0000 [ 856.980856][ T30] audit: type=1326 audit(1750685362.203:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.3.2040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa0a9d2ab19 code=0x7ffc0000 [ 857.004289][ T30] audit: type=1326 audit(1750685362.203:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.3.2040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa0a9d2ab19 code=0x7ffc0000 [ 857.027413][ T30] audit: type=1326 audit(1750685362.203:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.3.2040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa0a9d2ab19 code=0x7ffc0000 [ 857.051244][ T30] audit: type=1326 audit(1750685362.203:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.3.2040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa0a9d2ab19 code=0x7ffc0000 [ 857.080101][ T30] audit: type=1326 audit(1750685362.203:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.3.2040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa0a9d2ab19 code=0x7ffc0000 [ 857.103440][ T30] audit: type=1326 audit(1750685362.203:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.3.2040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa0a9d2ab19 code=0x7ffc0000 [ 857.126245][ T30] audit: type=1326 audit(1750685362.203:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.3.2040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa0a9d2ab19 code=0x7ffc0000 [ 857.150033][ T30] audit: type=1326 audit(1750685362.203:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.3.2040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa0a9d2ab19 code=0x7ffc0000 [ 857.228219][T11986] loop0: detected capacity change from 0 to 256 [ 857.322759][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 857.333036][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 858.548716][T12001] loop1: detected capacity change from 0 to 16 [ 859.391078][T12011] loop1: detected capacity change from 0 to 2048 [ 859.504087][T12011] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 859.515529][T12011] UDF-fs: Scanning with blocksize 512 failed [ 859.670905][T12011] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 860.474568][T12021] loop6: detected capacity change from 0 to 4096 [ 860.588589][T12029] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 861.543947][T12039] loop1: detected capacity change from 0 to 64 [ 862.417832][T12051] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2068'. [ 863.332141][T12061] loop6: detected capacity change from 0 to 4096 [ 863.428844][T12061] NILFS (loop6): invalid segment: Checksum error in segment payload [ 863.437634][T12061] NILFS (loop6): trying rollback from an earlier position [ 863.544197][T12060] loop0: detected capacity change from 0 to 4096 [ 863.754523][T12060] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 864.042989][T12061] NILFS (loop6): recovery complete [ 864.092430][T12070] program syz.3.2077 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 864.172809][T12071] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 864.355266][T12066] loop1: detected capacity change from 0 to 32768 [ 864.366106][T12066] XFS: ikeep mount option is deprecated. [ 864.372236][T12066] XFS: ikeep mount option is deprecated. [ 864.415426][T12066] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 864.469729][T12079] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2078'. [ 864.702454][T12066] XFS (loop1): Ending clean mount [ 864.716276][T12060] ntfs3(loop0): ino=1a, mi_enum_attr [ 864.722231][T12060] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 864.741061][T12066] XFS (loop1): Quotacheck needed: Please wait. [ 864.793377][T12066] XFS (loop1): Quotacheck: Done. [ 864.809674][T12060] ntfs3(loop0): Failed to initialize $Extend/$ObjId. [ 864.968935][ T30] kauditd_printk_skb: 82 callbacks suppressed [ 864.969021][ T30] audit: type=1800 audit(1750685370.243:127): pid=12060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2072" name="bus" dev="loop0" ino=24 res=0 errno=0 [ 865.018645][T12086] ntfs3(loop0): ino=1b, mi_enum_attr [ 865.026047][T12086] ntfs3(loop0): ino=1b, mi_enum_attr [ 865.037151][ T5801] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 866.744987][T12106] loop1: detected capacity change from 0 to 256 [ 867.105850][T12106] syz.1.2082: attempt to access beyond end of device [ 867.105850][T12106] loop1: rw=2049, sector=256, nr_sectors = 64 limit=256 [ 867.201742][T12112] syz.1.2082: attempt to access beyond end of device [ 867.201742][T12112] loop1: rw=2049, sector=256, nr_sectors = 4 limit=256 [ 867.217176][T12112] Buffer I/O error on dev loop1, logical block 64, lost async page write [ 867.302240][ T1582] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 867.541682][ T1582] usb 5-1: Using ep0 maxpacket: 16 [ 867.541682][ T5858] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 867.567644][ T1582] usb 5-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 867.578610][ T1582] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 867.609987][ T9680] kworker/u8:10: attempt to access beyond end of device [ 867.609987][ T9680] loop1: rw=1, sector=256, nr_sectors = 4 limit=256 [ 867.645890][ T1582] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 867.656250][ T1582] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 867.665492][ T1582] usb 5-1: Product: syz [ 867.669946][ T1582] usb 5-1: Manufacturer: syz [ 867.675409][ T1582] usb 5-1: SerialNumber: syz [ 867.734777][ T5858] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 867.746381][ T5858] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 867.756628][ T5858] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 867.770069][ T5858] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 867.780062][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 867.970155][ T5858] usb 4-1: config 0 descriptor?? [ 868.055047][ T1582] usb 5-1: 0:2 : does not exist [ 868.121770][ T1582] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 868.274747][ T1582] usb 5-1: USB disconnect, device number 15 [ 868.461878][ T5858] plantronics 0003:047F:FFFF.0014: reserved main item tag 0xe [ 868.470259][ T5858] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 868.589601][ T5858] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving [ 868.732848][ T5858] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 868.889907][ T5858] usb 4-1: USB disconnect, device number 17 [ 869.124894][T12123] loop0: detected capacity change from 0 to 32768 [ 869.151024][T12123] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2096 (12123) [ 869.202968][T12123] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 869.213740][T12123] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm [ 869.223139][T12123] BTRFS info (device loop0): using free-space-tree [ 870.021494][T12128] loop1: detected capacity change from 0 to 32768 [ 870.099709][T12128] bcachefs: bch2_fs_open() bch_fs_open err opening /dev/loop1: erofs_nochanges [ 870.110338][T12128] bcachefs: bch2_fs_get_tree() error: erofs_nochanges [ 870.989736][T12123] BTRFS info (device loop0): rebuilding free space tree [ 871.162644][ T5809] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 871.430685][T12150] loop1: detected capacity change from 0 to 1024 [ 871.480033][T12150] EXT4-fs: Ignoring removed i_version option [ 871.486852][T12150] EXT4-fs: Ignoring removed mblk_io_submit option [ 871.498281][T12150] EXT4-fs: Ignoring removed nobh option [ 871.667077][T12150] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 871.840789][T12150] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.2101: Allocating blocks 385-513 which overlap fs metadata [ 871.864561][T12149] EXT4-fs (loop1): pa ffff8881251fb5b0: logic 16, phys. 129, len 24 [ 871.873110][T12149] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8 [ 872.222667][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 874.841055][T12190] loop6: detected capacity change from 0 to 1024 [ 875.006784][T12190] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 875.481954][ T9774] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 875.656853][ T1582] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0 [ 875.720974][ T1582] hid-generic 0000:0000:0000.0015: hidraw0: HID v0.00 Device [syz1] on syz0 [ 875.824766][T12203] loop0: detected capacity change from 0 to 16 [ 875.879748][T12203] erofs (device loop0): mounted with root inode @ nid 36. [ 875.987080][ T5857] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 876.217651][ T5857] usb 2-1: Using ep0 maxpacket: 32 [ 876.236986][ T5857] usb 2-1: config 0 has no interfaces? [ 876.276019][ T5857] usb 2-1: New USB device found, idVendor=047a, idProduct=0960, bcdDevice=a5.af [ 876.285998][ T5857] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 876.294460][ T5857] usb 2-1: Product: syz [ 876.298898][ T5857] usb 2-1: Manufacturer: syz [ 876.306674][ T5857] usb 2-1: SerialNumber: syz [ 876.370626][ T5857] usb 2-1: config 0 descriptor?? [ 876.615720][ T1582] usb 2-1: USB disconnect, device number 8 [ 877.351736][ T5857] usb 7-1: new full-speed USB device number 13 using dummy_hcd [ 877.522312][ T5858] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 877.528642][T12224] netlink: 'syz.4.2132': attribute type 2 has an invalid length. [ 877.542848][T12224] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2132'. [ 877.570646][ T5857] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 877.582537][ T5857] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 877.603836][ T5857] usb 7-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 877.613849][ T5857] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 877.622311][ T5857] usb 7-1: Manufacturer: syz [ 877.649590][ T5857] usb 7-1: config 0 descriptor?? [ 877.762456][ T5858] usb 4-1: Using ep0 maxpacket: 32 [ 877.803996][ T5858] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 877.813937][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 877.865096][ T5858] usb 4-1: config 0 descriptor?? [ 877.897232][ T5858] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 878.124113][ T5857] cougar 0003:060B:700A.0016: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0 [ 878.188908][T12227] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 878.305443][ T5857] usb 7-1: USB disconnect, device number 13 [ 878.980594][ T5858] gspca_vc032x: reg_w err -71 [ 878.985892][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 878.992980][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 878.998508][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.004844][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.010368][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.016056][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.021686][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.027224][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.038613][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.044758][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.050302][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.055982][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.061663][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.072545][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.078148][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.083939][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.089458][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.096399][ T5858] gspca_vc032x: I2c Bus Busy Wait 00 [ 879.102526][ T5858] gspca_vc032x: Unknown sensor... [ 879.108052][ T5858] vc032x 4-1:0.0: probe with driver vc032x failed with error -22 [ 879.149981][T12237] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2138'. [ 879.159952][T12237] tipc: Started in network mode [ 879.165367][T12237] tipc: Node identity @emory.en, cluster identity 8 [ 879.238032][ T5858] usb 4-1: USB disconnect, device number 18 [ 883.312911][T12281] loop6: detected capacity change from 0 to 40427 [ 883.447948][T12281] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12 [ 883.456238][T12281] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 883.482426][T12281] F2FS-fs (loop6): invalid crc value [ 884.489052][T12281] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 884.500266][T12281] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 884.939373][T12292] loop3: detected capacity change from 0 to 32768 [ 884.951033][T12292] XFS: ikeep mount option is deprecated. [ 884.960546][T12292] XFS: noikeep mount option is deprecated. [ 884.998085][T12292] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 885.420736][T12292] XFS (loop3): Ending clean mount [ 885.455886][T12292] XFS (loop3): Quotacheck needed: Please wait. [ 885.606299][T12292] XFS (loop3): Quotacheck: Done. [ 885.842570][ T5799] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 886.427440][T12309] loop0: detected capacity change from 0 to 40427 [ 886.501907][T12309] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 886.509977][T12309] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 886.929868][T12309] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 886.938864][T12309] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 886.996432][T12317] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 887.732494][T12322] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2171'. [ 889.932256][T12347] 9pnet: p9_errstr2errno: server reported unknown error @cƒF S+ź“ív3­c‚/fę•˙˙ [ 890.514297][T12343] loop3: detected capacity change from 0 to 32768 [ 890.602969][T12343] XFS (loop3): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 891.025512][T12343] XFS (loop3): Ending clean mount [ 891.066787][T12367] syzkaller1: entered promiscuous mode [ 891.074347][T12367] syzkaller1: entered allmulticast mode [ 891.162540][ T1582] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 891.200585][ T5799] XFS (loop3): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 891.314337][T12369] loop1: detected capacity change from 0 to 1024 [ 891.334071][T12369] EXT4-fs: Ignoring removed nobh option [ 891.340064][T12369] EXT4-fs: inline encryption not supported [ 891.352196][ T1582] usb 5-1: Using ep0 maxpacket: 16 [ 891.455165][ T1582] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 891.468834][ T1582] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 891.479143][ T1582] usb 5-1: Product: syz [ 891.485462][ T1582] usb 5-1: Manufacturer: syz [ 891.490353][ T1582] usb 5-1: SerialNumber: syz [ 891.566011][ T1582] usb 5-1: config 0 descriptor?? [ 891.586482][ T1582] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 891.596943][ T1582] usb 5-1: Detected FT232H [ 891.603366][T12369] EXT4-fs error (device loop1): ext4_orphan_get:1419: comm syz.1.2187: bad orphan inode 32767 [ 891.623480][T12369] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 891.802038][ T1582] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 892.067166][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 892.247409][ T1582] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 892.458503][ T1582] usb 5-1: USB disconnect, device number 16 [ 892.512531][ T1582] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 892.524670][ T1582] ftdi_sio 5-1:0.0: device disconnected [ 893.484997][T12381] loop6: detected capacity change from 0 to 32768 [ 893.494127][T12381] XFS: ikeep mount option is deprecated. [ 893.572644][T12381] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 893.907682][T12381] XFS (loop6): Ending clean mount [ 893.951690][T12381] XFS (loop6): Quotacheck needed: Please wait. [ 894.061873][T12381] XFS (loop6): Quotacheck: Done. [ 894.087116][T12399] loop1: detected capacity change from 0 to 512 [ 894.129967][T12399] ext4: Unknown parameter 'smackfsfloor' [ 894.255779][ T9774] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 894.814046][T12401] loop3: detected capacity change from 0 to 4096 [ 894.878007][T12401] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512). [ 895.174526][T12401] ntfs3(loop3): ino=b, mi_enum_attr [ 895.180311][T12401] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 895.227446][T12401] ntfs3(loop3): Failed to load $Extend (-22). [ 895.234304][T12401] ntfs3(loop3): Failed to initialize $Extend. [ 896.460507][T12419] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2200'. [ 896.470306][T12419] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2200'. [ 896.878629][T12423] loop3: detected capacity change from 0 to 256 [ 897.403672][T12423] syz.3.2206: attempt to access beyond end of device [ 897.403672][T12423] loop3: rw=2049, sector=256, nr_sectors = 64 limit=256 [ 897.550519][T12426] syz.3.2206: attempt to access beyond end of device [ 897.550519][T12426] loop3: rw=2049, sector=256, nr_sectors = 4 limit=256 [ 897.564934][T12426] Buffer I/O error on dev loop3, logical block 64, lost async page write [ 898.056440][T12425] loop6: detected capacity change from 0 to 32768 [ 898.084695][T12425] (syz.6.2210,12425,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 898.104217][T12425] (syz.6.2210,12425,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 898.164679][T12425] JBD2: Ignoring recovery information on journal [ 898.284808][T12425] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 898.313282][ T70] kworker/u8:4: attempt to access beyond end of device [ 898.313282][ T70] loop3: rw=1, sector=256, nr_sectors = 4 limit=256 [ 898.602700][ T9774] ocfs2: Unmounting device (7,6) on (node local) [ 899.581787][ T1582] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 899.781908][ T1582] usb 2-1: Using ep0 maxpacket: 8 [ 899.872632][ T1582] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 899.883797][ T1582] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 899.893252][ T1582] usb 2-1: Product: syz [ 899.897718][ T1582] usb 2-1: Manufacturer: syz [ 899.902755][ T1582] usb 2-1: SerialNumber: syz [ 900.908692][ T1582] usb 2-1: config 0 descriptor?? [ 900.935886][ T1582] gspca_main: se401-2.14.0 probing 047d:5003 [ 901.433201][ T1582] gspca_se401: ExtraFeatures: 3 [ 901.452681][T12466] loop0: detected capacity change from 0 to 256 [ 901.642993][ T1582] input: se401 as /devices/platform/dummy_hcd.1/usb2/2-1/input/input28 [ 901.829493][T12469] loop3: detected capacity change from 0 to 256 [ 901.852634][ T5858] usb 2-1: USB disconnect, device number 9 [ 901.881783][T12469] vfat: Deprecated parameter 'posix' [ 901.887581][T12469] FAT-fs: "posix" option is obsolete, not supported now [ 902.167016][T12466] syz.0.2222: attempt to access beyond end of device [ 902.167016][T12466] loop0: rw=2049, sector=256, nr_sectors = 64 limit=256 [ 902.250922][T12476] syz.0.2222: attempt to access beyond end of device [ 902.250922][T12476] loop0: rw=2049, sector=256, nr_sectors = 4 limit=256 [ 902.265497][T12476] Buffer I/O error on dev loop0, logical block 64, lost async page write [ 902.431727][ T1582] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 902.637608][T12482] loop3: detected capacity change from 0 to 256 [ 902.653266][ T1582] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 902.664883][ T1582] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 902.675788][ T1582] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 902.784987][ T1582] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 902.796021][ T1582] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 902.804640][ T1582] usb 7-1: Product: syz [ 902.809086][ T1582] usb 7-1: Manufacturer: syz [ 902.814279][ T1582] usb 7-1: SerialNumber: syz [ 902.891609][ T9687] kworker/u8:12: attempt to access beyond end of device [ 902.891609][ T9687] loop0: rw=1, sector=256, nr_sectors = 4 limit=256 [ 903.795894][T12493] netlink: 87 bytes leftover after parsing attributes in process `syz.3.2234'. [ 904.012171][ T1582] cdc_ncm 7-1:1.0: bind() failure [ 904.057043][ T1582] cdc_ncm 7-1:1.1: probe with driver cdc_ncm failed with error -71 [ 904.091949][ T1582] cdc_mbim 7-1:1.1: probe with driver cdc_mbim failed with error -71 [ 904.151972][ T1582] usbtest 7-1:1.1: probe with driver usbtest failed with error -71 [ 904.228131][ T1582] usb 7-1: USB disconnect, device number 14 [ 905.108570][T12504] dvmrp1: entered allmulticast mode [ 905.227314][T12509] dvmrp1: left allmulticast mode [ 905.367137][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 905.374500][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 905.434069][T12497] loop1: detected capacity change from 0 to 40427 [ 905.450022][T12497] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 905.458332][T12497] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 905.495224][T12497] F2FS-fs (loop1): invalid crc value [ 905.860328][T12497] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 905.867880][T12497] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 906.784846][T12517] loop0: detected capacity change from 0 to 32768 [ 908.546426][T12532] loop6: detected capacity change from 0 to 32768 [ 908.698804][ T1582] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 908.770000][T12532] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 908.930832][ T9774] ocfs2: Unmounting device (7,6) on (node local) [ 909.005253][ T1582] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 909.016680][ T1582] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 909.099218][ T1582] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 909.108990][ T1582] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 909.117688][ T1582] usb 5-1: Product: syz [ 909.122248][ T1582] usb 5-1: Manufacturer: syz [ 909.127122][ T1582] usb 5-1: SerialNumber: syz [ 910.393908][ T1582] cdc_ncm 5-1:1.0: bind() failure [ 910.471941][ T1582] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 910.510736][ T1582] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 910.525359][ T1582] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 910.573217][ T1582] usb 5-1: USB disconnect, device number 17 [ 914.642778][T12606] loop6: detected capacity change from 0 to 2048 [ 914.680461][T12608] trusted_key: syz.1.2281 sent an empty control message without MSG_MORE. [ 914.754256][T12612] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 914.831945][T12606] NILFS error (device loop6): nilfs_lookup: deleted inode referenced: 12 [ 914.860976][T12606] Remounting filesystem read-only [ 915.338440][ T9774] NILFS (loop6): disposed unprocessed dirty file(s) when detaching log writer [ 915.697879][ T5858] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 915.872269][ T5858] usb 5-1: Using ep0 maxpacket: 8 [ 915.919592][ T5858] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 915.928609][ T5858] usb 5-1: config 179 has no interface number 0 [ 915.938245][ T5858] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 915.950670][ T5858] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 915.963556][ T5858] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 915.975578][ T5858] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 915.988314][ T5858] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 916.002528][ T5858] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 916.012074][ T5858] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 916.044083][T12620] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 916.363511][ T5858] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input29 [ 916.743232][ T5858] usb 5-1: USB disconnect, device number 18 [ 916.749505][ C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 916.749746][ C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 916.775959][ T5858] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 917.049415][T12629] loop6: detected capacity change from 0 to 1024 [ 917.293650][T12633] loop0: detected capacity change from 0 to 164 [ 917.826614][T12633] nullb0: [CUMANA/ADFS] p1 [ 917.827035][T12633] nullb0: p1 size 3074847350 extends beyond EOD, truncated [ 917.964719][T12630] loop1: detected capacity change from 0 to 40427 [ 917.990972][T12630] F2FS-fs (loop1): build fault injection rate: 690 [ 917.999599][T12630] F2FS-fs (loop1): Image doesn't support compression [ 918.009383][T12630] F2FS-fs (loop1): Image doesn't support compression [ 918.026804][T12630] F2FS-fs (loop1): invalid crc value [ 918.352396][T12630] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 918.403747][ T9696] hfsplus: b-tree write err: -5, ino 4 [ 918.562796][ T5801] syz-executor: attempt to access beyond end of device [ 918.562796][ T5801] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 918.577412][ T5801] CPU: 1 UID: 0 PID: 5801 Comm: syz-executor Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(undef) [ 918.577554][ T5801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 918.577634][ T5801] Call Trace: [ 918.577681][ T5801] [ 918.577725][ T5801] __dump_stack+0x26/0x30 [ 918.577899][ T5801] dump_stack_lvl+0x1df/0x270 [ 918.578067][ T5801] dump_stack+0x1e/0x25 [ 918.578208][ T5801] f2fs_handle_critical_error+0xa6f/0xc20 [ 918.578419][ T5801] f2fs_stop_checkpoint+0x65/0x80 [ 918.578592][ T5801] f2fs_write_end_io+0xb4b/0x1920 [ 918.578728][ T5801] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 918.578916][ T5801] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 918.579039][ T5801] bio_endio+0xe24/0xf80 [ 918.579205][ T5801] submit_bio_noacct+0x214/0x2710 [ 918.579438][ T5801] submit_bio+0x5a9/0x5d0 [ 918.579618][ T5801] f2fs_submit_write_bio+0x92/0x250 [ 918.579804][ T5801] __submit_merged_bio+0x16f/0x6a0 [ 918.579985][ T5801] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 918.580187][ T5801] __submit_merged_write_cond+0x458/0x9a0 [ 918.580401][ T5801] f2fs_write_data_pages+0x4bb2/0x5480 [ 918.580729][ T5801] ? kmsan_get_metadata+0xfb/0x160 [ 918.580910][ T5801] ? kmsan_get_metadata+0xfb/0x160 [ 918.581085][ T5801] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 918.581281][ T5801] ? lru_cache_disable+0x11/0x40 [ 918.581431][ T5801] ? filter_irq_stacks+0x49/0x190 [ 918.581582][ T5801] ? stack_depot_save_flags+0x35/0x7b0 [ 918.581763][ T5801] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 918.581951][ T5801] ? kmsan_get_metadata+0xfb/0x160 [ 918.582130][ T5801] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 918.582324][ T5801] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 918.582501][ T5801] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 918.582677][ T5801] do_writepages+0x3f2/0x860 [ 918.582832][ T5801] ? _raw_spin_unlock+0x30/0x50 [ 918.582990][ T5801] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 918.583147][ T5801] filemap_fdatawrite+0x207/0x260 [ 918.583395][ T5801] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 918.583555][ T5801] f2fs_write_checkpoint+0xfe2/0x2b00 [ 918.583810][ T5801] kill_f2fs_super+0x2ff/0x970 [ 918.583962][ T5801] ? __pfx_kill_f2fs_super+0x10/0x10 [ 918.584096][ T5801] deactivate_locked_super+0xc8/0x3c0 [ 918.584270][ T5801] deactivate_super+0x12f/0x140 [ 918.584420][ T5801] cleanup_mnt+0x6fb/0x780 [ 918.584543][ T5801] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 918.584735][ T5801] ? __pfx___cleanup_mnt+0x10/0x10 [ 918.584877][ T5801] __cleanup_mnt+0x22/0x30 [ 918.585009][ T5801] task_work_run+0x209/0x2b0 [ 918.585173][ T5801] exit_to_user_mode_loop+0x2a6/0x330 [ 918.585344][ T5801] do_syscall_64+0x1e3/0x210 [ 918.585481][ T5801] ? irqentry_exit+0x16/0x60 [ 918.585594][ T5801] ? clear_bhb_loop+0x40/0x90 [ 918.585740][ T5801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 918.585878][ T5801] RIP: 0033:0x7fbc7e18fc57 [ 918.585985][ T5801] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 918.586095][ T5801] RSP: 002b:00007ffd01e9bfa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 918.586218][ T5801] RAX: 0000000000000000 RBX: 00007fbc7e210925 RCX: 00007fbc7e18fc57 [ 918.586323][ T5801] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd01e9c060 [ 918.586405][ T5801] RBP: 00007ffd01e9c060 R08: 0000000000000000 R09: 0000000000000000 [ 918.586492][ T5801] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd01e9d0f0 [ 918.586580][ T5801] R13: 00007fbc7e210925 R14: 00000000000e03c9 R15: 00007ffd01e9d130 [ 918.586702][ T5801] [ 918.944928][ T5801] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 919.721768][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 920.136670][ T5858] kernel read not supported for file /vcsa1 (pid: 5858 comm: kworker/1:5) [ 922.427966][T12679] binder: 12678:12679 ioctl c018620b 200000000080 returned -14 [ 923.172264][T12683] loop1: detected capacity change from 0 to 8 [ 923.367502][T12676] loop0: detected capacity change from 0 to 40427 [ 923.452245][T12676] F2FS-fs (loop0): invalid crc value [ 923.856107][T12676] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 924.034354][ T5809] syz-executor: attempt to access beyond end of device [ 924.034354][ T5809] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 924.049717][ T5809] CPU: 1 UID: 0 PID: 5809 Comm: syz-executor Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(undef) [ 924.049879][ T5809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 924.049964][ T5809] Call Trace: [ 924.050015][ T5809] [ 924.050062][ T5809] __dump_stack+0x26/0x30 [ 924.050239][ T5809] dump_stack_lvl+0x1df/0x270 [ 924.050424][ T5809] dump_stack+0x1e/0x25 [ 924.050602][ T5809] f2fs_handle_critical_error+0xa6f/0xc20 [ 924.050842][ T5809] f2fs_stop_checkpoint+0x65/0x80 [ 924.051037][ T5809] f2fs_write_end_io+0xb4b/0x1920 [ 924.051178][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 924.051387][ T5809] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 924.051522][ T5809] bio_endio+0xe24/0xf80 [ 924.051698][ T5809] submit_bio_noacct+0x214/0x2710 [ 924.051924][ T5809] submit_bio+0x5a9/0x5d0 [ 924.052096][ T5809] f2fs_submit_write_bio+0x92/0x250 [ 924.052301][ T5809] __submit_merged_bio+0x16f/0x6a0 [ 924.052497][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 924.052689][ T5809] __submit_merged_write_cond+0x458/0x9a0 [ 924.052887][ T5809] f2fs_write_data_pages+0x4bb2/0x5480 [ 924.053209][ T5809] ? kmsan_get_metadata+0xfb/0x160 [ 924.053377][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 924.053566][ T5809] ? __update_load_avg_cfs_rq+0xe9/0x1010 [ 924.053790][ T5809] ? kmsan_get_metadata+0xfb/0x160 [ 924.053985][ T5809] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 924.054183][ T5809] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 924.054361][ T5809] ? kmsan_get_metadata+0xfb/0x160 [ 924.054600][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 924.054801][ T5809] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 924.055012][ T5809] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 924.055214][ T5809] do_writepages+0x3f2/0x860 [ 924.055396][ T5809] ? _raw_spin_unlock+0x30/0x50 [ 924.055581][ T5809] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 924.055784][ T5809] filemap_fdatawrite+0x207/0x260 [ 924.056042][ T5809] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 924.056216][ T5809] f2fs_write_checkpoint+0xfe2/0x2b00 [ 924.056486][ T5809] kill_f2fs_super+0x2ff/0x970 [ 924.056648][ T5809] ? __pfx_kill_f2fs_super+0x10/0x10 [ 924.056811][ T5809] deactivate_locked_super+0xc8/0x3c0 [ 924.057002][ T5809] deactivate_super+0x12f/0x140 [ 924.057181][ T5809] cleanup_mnt+0x6fb/0x780 [ 924.057318][ T5809] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 924.057509][ T5809] ? __pfx___cleanup_mnt+0x10/0x10 [ 924.057666][ T5809] __cleanup_mnt+0x22/0x30 [ 924.057809][ T5809] task_work_run+0x209/0x2b0 [ 924.057973][ T5809] exit_to_user_mode_loop+0x2a6/0x330 [ 924.058143][ T5809] do_syscall_64+0x1e3/0x210 [ 924.058271][ T5809] ? irqentry_exit+0x16/0x60 [ 924.058392][ T5809] ? clear_bhb_loop+0x40/0x90 [ 924.058528][ T5809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 924.058671][ T5809] RIP: 0033:0x7ffbc158fc57 [ 924.058760][ T5809] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 924.058885][ T5809] RSP: 002b:00007ffcf4c091e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 924.058999][ T5809] RAX: 0000000000000000 RBX: 00007ffbc1610925 RCX: 00007ffbc158fc57 [ 924.059091][ T5809] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcf4c092a0 [ 924.059171][ T5809] RBP: 00007ffcf4c092a0 R08: 0000000000000000 R09: 0000000000000000 [ 924.059253][ T5809] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcf4c0a330 [ 924.059364][ T5809] R13: 00007ffbc1610925 R14: 00000000000e1928 R15: 00007ffcf4c0a370 [ 924.059492][ T5809] [ 924.419597][ T5809] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 924.651894][ T5858] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 924.821023][ T5858] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 924.833174][ T5858] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 924.847072][ T5858] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 924.858100][ T5858] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 925.104926][ T5858] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 925.114774][ T5858] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 925.123316][ T5858] usb 7-1: Manufacturer: syz [ 925.195710][ T5858] usb 7-1: config 0 descriptor?? [ 926.524233][ T5858] appleir 0003:05AC:8243.0017: unknown main item tag 0x0 [ 926.539595][ T5858] appleir 0003:05AC:8243.0017: No inputs registered, leaving [ 926.555716][ T5858] appleir 0003:05AC:8243.0017: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0 [ 926.982540][ T5858] usb 7-1: USB disconnect, device number 15 [ 930.498554][T12733] loop6: detected capacity change from 0 to 32768 [ 930.520932][T12733] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2333 (12733) [ 930.545696][T12733] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 930.557574][T12733] BTRFS info (device loop6): using sha256 (sha256-x86_64) checksum algorithm [ 930.569042][T12733] BTRFS info (device loop6): using free-space-tree [ 931.042787][ T30] audit: type=1800 audit(1750685436.293:128): pid=12733 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2333" name="file1" dev="loop6" ino=260 res=0 errno=0 [ 931.561867][T12761] loop1: detected capacity change from 0 to 16 [ 931.679893][T12761] erofs (device loop1): mounted with root inode @ nid 36. [ 931.695015][ T9774] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 931.749688][T12754] loop3: detected capacity change from 0 to 32768 [ 931.836401][T12754] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 932.475784][T12754] XFS (loop3): Ending clean mount [ 932.489353][T12754] XFS (loop3): Quotacheck needed: Please wait. [ 932.600492][T12754] XFS (loop3): Quotacheck: Done. [ 932.777963][ T5799] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 933.774271][T12784] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2345'. [ 933.784102][T12784] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2345'. [ 936.395795][T12804] smb3: Unknown parameter 'aclš' [ 937.171798][ T5858] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 937.341727][ T5858] usb 5-1: Using ep0 maxpacket: 16 [ 937.358737][ T5858] usb 5-1: config index 0 descriptor too short (expected 16456, got 72) [ 937.367755][ T5858] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 937.376686][ T5858] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 937.386099][ T5858] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 937.395210][ T5858] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 937.404548][ T5858] usb 5-1: config 0 has no interface number 0 [ 937.410943][ T5858] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 937.422619][ T5858] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 937.432934][ T5858] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 937.445888][ T5858] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 937.460406][ T5858] usb 5-1: config 0 interface 125 has no altsetting 0 [ 937.468306][ T5858] usb 5-1: config 0 interface 125 has no altsetting 2 [ 937.514164][T12816] loop3: detected capacity change from 0 to 2048 [ 937.628650][T12816] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 937.720975][ T5858] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 937.730785][ T5858] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 937.739420][ T5858] usb 5-1: Product: syz [ 937.746576][ T5858] usb 5-1: Manufacturer: syz [ 937.752532][ T5858] usb 5-1: SerialNumber: syz [ 937.802839][ T5858] usb 5-1: config 0 descriptor?? [ 937.863862][ T5858] usb 5-1: selecting invalid altsetting 2 [ 938.997723][ T1582] usb 5-1: USB disconnect, device number 19 [ 939.826884][T12838] loop6: detected capacity change from 0 to 1024 [ 940.087622][T12843] loop3: detected capacity change from 0 to 64 [ 940.196444][ T9696] hfsplus: b-tree write err: -5, ino 4 [ 940.493725][T12848] netlink: 'syz.1.2373': attribute type 10 has an invalid length. [ 940.502293][T12848] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2373'. [ 940.534856][ T1582] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 940.807519][T12853] fuse: Bad value for 'fd' [ 941.641825][ T1582] usb 1-1: Using ep0 maxpacket: 8 [ 941.717033][ T1582] usb 1-1: unable to get BOS descriptor or descriptor too short [ 941.727926][ T1582] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 941.738752][ T1582] usb 1-1: can't read configurations, error -71 [ 941.787843][T12851] loop6: detected capacity change from 0 to 40427 [ 941.805745][T12851] F2FS-fs (loop6): invalid crc value [ 942.214361][T12851] F2FS-fs (loop6): Start checkpoint disabled! [ 942.295206][T12851] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 942.888854][T12866] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2380'. [ 945.416710][T12883] loop0: detected capacity change from 0 to 32768 [ 945.565368][T12891] loop3: detected capacity change from 0 to 64 [ 945.576430][T12883] XFS (loop0): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 945.592746][ T1582] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 945.771621][ T1582] usb 5-1: Using ep0 maxpacket: 32 [ 945.815310][ T1582] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 945.823888][ T1582] usb 5-1: config 0 has no interface number 0 [ 945.915247][ T1582] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 945.925129][ T1582] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 945.936422][ T1582] usb 5-1: Product: syz [ 945.940871][ T1582] usb 5-1: Manufacturer: syz [ 945.947117][ T1582] usb 5-1: SerialNumber: syz [ 946.035082][T12883] XFS (loop0): Ending clean mount [ 946.074029][ T1582] usb 5-1: config 0 descriptor?? [ 946.108632][ T1582] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 946.310202][ T5809] XFS (loop0): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 946.349461][ T1582] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 946.423839][ T1582] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 946.743896][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 946.760049][ T1582] usb 5-1: USB disconnect, device number 20 [ 946.788464][ T1582] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 946.825210][ T1582] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 946.840897][ T1582] quatech2 5-1:0.51: device disconnected [ 947.444061][T12898] loop3: detected capacity change from 0 to 4096 [ 947.483342][T12898] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 948.042139][T12898] overlayfs: upper fs does not support tmpfile. [ 948.082187][T12898] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 949.005087][ T1582] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 949.238544][ T1582] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 949.249968][ T1582] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 949.260441][ T1582] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 949.360836][ T1582] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 949.370578][ T1582] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 949.379071][ T1582] usb 5-1: Product: syz [ 949.383643][ T1582] usb 5-1: Manufacturer: syz [ 949.388513][ T1582] usb 5-1: SerialNumber: syz [ 949.931853][ T5857] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 950.022083][ T5858] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 950.124862][ T5857] usb 7-1: Using ep0 maxpacket: 32 [ 950.183631][ T5857] usb 7-1: config 0 has an invalid interface number: 85 but max is 0 [ 950.192505][ T5857] usb 7-1: config 0 has no interface number 0 [ 950.198943][ T5857] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 950.210610][ T5857] usb 7-1: config 0 interface 85 has no altsetting 0 [ 950.255395][ T5858] usb 2-1: Using ep0 maxpacket: 8 [ 950.290568][ T5858] usb 2-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00 [ 950.300529][ T5858] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 950.319642][ T5858] usb 2-1: config 0 descriptor?? [ 950.354372][ T5857] usb 7-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 950.365297][ T5857] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 950.373944][ T5857] usb 7-1: Product: syz [ 950.378377][ T5857] usb 7-1: Manufacturer: syz [ 950.383432][ T5857] usb 7-1: SerialNumber: syz [ 950.412296][T10397] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 950.481271][ T5857] usb 7-1: config 0 descriptor?? [ 950.636483][ T1582] cdc_ncm 5-1:1.0: bind() failure [ 950.690986][ T1582] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 950.708290][T10397] usb 4-1: config 0 has an invalid interface number: 239 but max is 0 [ 950.718022][T10397] usb 4-1: config 0 has no interface number 0 [ 950.754288][ T1582] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 950.791045][ T5858] uclogic 0003:145F:0212.0018: interface is invalid, ignoring [ 950.792551][ T1582] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 950.857426][T10397] usb 4-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73 [ 950.867233][T10397] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 950.876519][T10397] usb 4-1: Product: syz [ 950.876805][ T1582] usb 5-1: USB disconnect, device number 21 [ 950.880869][T10397] usb 4-1: Manufacturer: syz [ 950.892602][T10397] usb 4-1: SerialNumber: syz [ 950.909704][T10397] usb 4-1: config 0 descriptor?? [ 951.003335][ T5858] usb 2-1: USB disconnect, device number 10 [ 951.545329][ T5857] appletouch 7-1:0.85: Geyser mode initialized. [ 951.556612][ T5857] input: appletouch as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.85/input/input30 [ 951.795768][ T5857] usb 7-1: USB disconnect, device number 16 [ 951.871838][ T5857] appletouch 7-1:0.85: input: appletouch disconnected [ 952.008286][T10397] asix 4-1:0.239 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 952.019813][T10397] asix 4-1:0.239: probe with driver asix failed with error -71 [ 952.063436][T10397] usb 4-1: USB disconnect, device number 19 [ 952.229011][T12939] loop1: detected capacity change from 0 to 164 [ 952.349660][T12939] nullb0: [CUMANA/ADFS] p1 [ 952.350127][T12939] nullb0: p1 size 3074847350 extends beyond EOD, truncated [ 953.056850][T12947] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2411'. [ 953.341897][T12945] loop1: detected capacity change from 0 to 4096 [ 953.369160][T12945] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 953.750024][ T30] audit: type=1326 audit(1750685459.013:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.3.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0a9d8e929 code=0x7ffc0000 [ 953.760405][T12955] overlayfs: upper fs does not support tmpfile. [ 953.875386][ T30] audit: type=1326 audit(1750685459.063:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.3.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0a9d8e929 code=0x7ffc0000 [ 953.875718][T12955] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 953.898549][ T30] audit: type=1326 audit(1750685459.063:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.3.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fa0a9d8e929 code=0x7ffc0000 [ 953.898803][ T30] audit: type=1326 audit(1750685459.063:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.3.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0a9d8e929 code=0x7ffc0000 [ 953.958033][ T30] audit: type=1326 audit(1750685459.063:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.3.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0a9d8e929 code=0x7ffc0000 [ 953.984428][ T30] audit: type=1326 audit(1750685459.073:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.3.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7fa0a9d8e929 code=0x7ffc0000 [ 954.008343][ T30] audit: type=1326 audit(1750685459.073:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.3.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0a9d8e929 code=0x7ffc0000 [ 955.503638][T12973] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2423'. [ 956.133959][ T1582] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 956.312808][ T1582] usb 1-1: Using ep0 maxpacket: 32 [ 956.344449][ T1582] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 956.353288][ T1582] usb 1-1: config 0 has no interface number 0 [ 956.404869][T12975] loop1: detected capacity change from 0 to 32768 [ 956.419689][ T1582] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 956.429791][ T1582] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 956.435059][T12975] (syz.1.2420,12975,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 956.438185][ T1582] usb 1-1: Product: syz [ 956.452544][T12975] (syz.1.2420,12975,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 956.455996][ T1582] usb 1-1: Manufacturer: syz [ 956.474896][ T1582] usb 1-1: SerialNumber: syz [ 956.549071][T12975] JBD2: Ignoring recovery information on journal [ 956.550207][ T1582] usb 1-1: config 0 descriptor?? [ 956.658214][T12975] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 956.736522][T12975] (syz.1.2420,12975,1):ocfs2_read_blocks_sync:112 ERROR: status = -12 [ 956.745608][T12975] (syz.1.2420,12975,1):ocfs2_group_add:503 ERROR: Can't read the group descriptor # 562952100904952 from the device. [ 956.769770][ T1582] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 956.920186][ T5801] ocfs2: Unmounting device (7,1) on (node local) [ 956.972607][T12983] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2425'. [ 957.014921][ T1582] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 957.049129][ T1582] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 957.243789][ C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 957.256924][ T1582] usb 1-1: USB disconnect, device number 14 [ 957.304724][ T1582] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 957.376117][ T1582] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 957.389798][ T1582] quatech2 1-1:0.51: device disconnected [ 959.007255][T13008] netlink: 'syz.4.2437': attribute type 32 has an invalid length. [ 959.015754][T13008] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2437'. [ 959.025587][T13008] (unnamed net_device) (uninitialized): option coupled_control: invalid value (115) [ 959.054472][T13010] syzkaller1: entered promiscuous mode [ 959.060473][T13010] syzkaller1: entered allmulticast mode [ 959.257446][T13012] loop6: detected capacity change from 0 to 512 [ 959.301095][T13012] EXT4-fs error (device loop6): ext4_orphan_get:1393: inode #15: comm syz.6.2439: casefold flag without casefold feature [ 959.326719][T13012] EXT4-fs error (device loop6): ext4_orphan_get:1398: comm syz.6.2439: couldn't read orphan inode 15 (err -117) [ 959.386631][T13012] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 959.466064][T13016] Bluetooth: hci0: expected 2 bytes, got 7 bytes [ 959.571065][T13012] EXT4-fs error (device loop6): ext4_check_dx_root:2203: inode #2: comm syz.6.2439: Corrupt dir, invalid name_len for '.', running e2fsck is recommended [ 959.900687][T13020] program syz.4.2442 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 959.918701][ T9774] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 960.201065][T13024] loop3: detected capacity change from 0 to 256 [ 960.564314][T13029] netlink: 'syz.4.2447': attribute type 5 has an invalid length. [ 961.161662][T13039] loop6: detected capacity change from 0 to 256 [ 961.256258][T10397] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 961.475058][T10397] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 961.484782][T10397] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 961.573616][T10397] usb 2-1: config 0 descriptor?? [ 961.616640][T10397] cp210x 2-1:0.0: cp210x converter detected [ 962.252466][T10397] usb 2-1: cp210x converter now attached to ttyUSB0 [ 962.380967][T13054] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input31 [ 962.467279][T13032] loop1: detected capacity change from 0 to 164 [ 962.601774][T13032] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 962.647983][ T1582] usb 2-1: USB disconnect, device number 11 [ 962.683486][ T1582] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 962.708434][ T1582] cp210x 2-1:0.0: device disconnected [ 963.771176][T13074] loop1: detected capacity change from 0 to 22 [ 963.818718][T13074] romfs: bad initial checksum on dev loop1. [ 964.851191][T13088] loop6: detected capacity change from 0 to 512 [ 964.890633][T13088] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 965.020643][T13088] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 965.145825][T13088] EXT4-fs (loop6): 1 truncate cleaned up [ 965.154820][T13088] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 965.396334][ T30] audit: type=1326 audit(1750685470.653:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbc158e929 code=0x7ffc0000 [ 965.420258][ T30] audit: type=1326 audit(1750685470.663:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffbc152ab19 code=0x7ffc0000 [ 965.444896][ T30] audit: type=1326 audit(1750685470.663:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffbc152ab19 code=0x7ffc0000 [ 965.468349][ T30] audit: type=1326 audit(1750685470.663:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffbc152ab19 code=0x7ffc0000 [ 965.492070][ T30] audit: type=1326 audit(1750685470.663:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffbc152ab19 code=0x7ffc0000 [ 965.517886][ T30] audit: type=1326 audit(1750685470.663:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffbc152ab19 code=0x7ffc0000 [ 965.543060][ T30] audit: type=1326 audit(1750685470.663:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffbc152ab19 code=0x7ffc0000 [ 965.566657][ T30] audit: type=1326 audit(1750685470.673:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffbc152ab19 code=0x7ffc0000 [ 965.589568][ T30] audit: type=1326 audit(1750685470.673:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffbc152ab19 code=0x7ffc0000 [ 965.615042][ T30] audit: type=1326 audit(1750685470.673:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13095 comm="syz.0.2476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffbc152ab19 code=0x7ffc0000 [ 965.885860][ T9774] EXT4-fs error (device loop6): ext4_inlinedir_to_tree:1340: inode #12: block 7: comm syz-executor: path /198/bus/file0/file0: bad entry in directory: rec_len is smaller than minimal - offset=20, inode=2147483648, rec_len=0, size=60 fake=0 [ 965.913537][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!! [ 965.963941][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 966.104981][T10649] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 966.158053][T13109] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 966.380665][T10649] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 966.392184][T10649] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 966.402624][T10649] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 966.412160][T10649] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 966.463744][T10649] usb 4-1: config 0 descriptor?? [ 966.605677][T13111] loop0: detected capacity change from 0 to 512 [ 966.623042][T10345] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 966.656089][T13111] EXT4-fs: Ignoring removed nomblk_io_submit option [ 966.808258][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 966.815354][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 966.956131][T13111] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 966.969926][T13111] ext4 filesystem being mounted at /504/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 966.986722][T10649] keytouch 0003:0926:3333.0019: fixing up Keytouch IEC report descriptor [ 967.015144][T10649] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0019/input/input32 [ 967.186298][T10649] keytouch 0003:0926:3333.0019: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 967.284124][T10649] usb 4-1: USB disconnect, device number 20 [ 967.600690][ T5809] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 968.796214][T13131] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 969.491720][T10397] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 969.582716][ T5808] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 969.596848][ T5808] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 969.608032][ T5808] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 969.630303][ T5808] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 969.654706][ T5808] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 969.722630][T10397] usb 2-1: Using ep0 maxpacket: 16 [ 969.839695][T10397] usb 2-1: config 1 has an invalid interface number: 105 but max is 0 [ 969.850043][T10397] usb 2-1: config 1 has no interface number 0 [ 969.857194][T10397] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 969.867848][T10397] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 969.880631][T10397] usb 2-1: config 1 interface 105 has no altsetting 0 [ 970.615436][T10397] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 970.626019][T10397] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 970.634633][T10397] usb 2-1: Product: syz [ 970.639645][T10397] usb 2-1: Manufacturer: syz [ 970.644677][T10397] usb 2-1: SerialNumber: syz [ 970.696188][T13148] loop0: detected capacity change from 0 to 256 [ 970.821091][T13148] exfat: Deprecated parameter 'namecase' [ 970.827620][T13148] exfat: Deprecated parameter 'namecase' [ 970.853798][T13135] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 970.878453][T13135] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 971.085028][T13148] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 971.420115][T13135] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 971.437145][T13135] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 971.657056][T13157] netlink: 27 bytes leftover after parsing attributes in process `syz.4.2499'. [ 971.733370][ T5808] Bluetooth: hci3: command tx timeout [ 971.875187][T13142] chnl_net:caif_netlink_parms(): no params data found [ 972.122070][T10397] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 972.157780][T10397] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 972.206400][T10397] aqc111 2-1:1.105 eth9: register 'aqc111' at usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 20:fc:94:45:3a:41 [ 972.260377][T10397] usb 2-1: USB disconnect, device number 12 [ 972.269883][T10397] aqc111 2-1:1.105 eth9: unregister 'aqc111' usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 972.413504][T10397] aqc111 2-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 972.423957][T10397] aqc111 2-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 972.434439][T10397] aqc111 2-1:1.105 eth9 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 972.682215][T10649] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 972.882552][T10649] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 972.895073][T10649] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 972.905673][T10649] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 972.915288][T10649] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 973.053775][T10649] usb 5-1: config 0 descriptor?? [ 973.180973][T13142] bridge0: port 1(bridge_slave_0) entered blocking state [ 973.189506][T13142] bridge0: port 1(bridge_slave_0) entered disabled state [ 973.199248][T13142] bridge_slave_0: entered allmulticast mode [ 973.211760][T13142] bridge_slave_0: entered promiscuous mode [ 973.341691][T13171] loop1: detected capacity change from 0 to 512 [ 973.354008][T13142] bridge0: port 2(bridge_slave_1) entered blocking state [ 973.362268][T13142] bridge0: port 2(bridge_slave_1) entered disabled state [ 973.370793][T13142] bridge_slave_1: entered allmulticast mode [ 973.388740][T13142] bridge_slave_1: entered promiscuous mode [ 973.395505][T13171] EXT4-fs: Ignoring removed nomblk_io_submit option [ 973.570302][T13171] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 973.587107][T13171] ext4 filesystem being mounted at /498/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 973.668848][T10649] keytouch 0003:0926:3333.001A: fixing up Keytouch IEC report descriptor [ 973.705714][T10649] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.001A/input/input33 [ 973.741573][T13176] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 973.794084][T13142] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 973.812917][ T5808] Bluetooth: hci3: command tx timeout [ 973.865029][ T30] kauditd_printk_skb: 35 callbacks suppressed [ 973.865116][ T30] audit: type=1800 audit(1750685479.143:181): pid=13171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2503" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 973.929379][T13142] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 973.940816][T10649] keytouch 0003:0926:3333.001A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 974.011946][T10649] usb 5-1: USB disconnect, device number 22 [ 974.278204][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 974.288934][T13142] team0: Port device team_slave_0 added [ 974.355086][T13142] team0: Port device team_slave_1 added [ 974.613972][T13142] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 974.621632][T13142] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 974.649202][T13142] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 974.774350][T13142] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 974.781879][T13142] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 974.808773][T13142] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 975.268981][T13142] hsr_slave_0: entered promiscuous mode [ 975.279947][T13142] hsr_slave_1: entered promiscuous mode [ 975.289280][T13142] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 975.297346][T13142] Cannot create hsr debugfs directory [ 975.892967][ T5808] Bluetooth: hci3: command tx timeout [ 976.324588][T13201] loop0: detected capacity change from 0 to 4096 [ 976.435794][T13201] NILFS (loop0): invalid segment: Checksum error in segment payload [ 976.446381][T13201] NILFS (loop0): trying rollback from an earlier position [ 976.568795][T13201] NILFS (loop0): recovery complete [ 976.603585][T13209] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 976.777402][T13212] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2516'. [ 976.816700][T13142] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 976.913363][T13142] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 977.003347][T13142] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 977.111759][T13142] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 977.971793][ T1582] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 977.971941][ T5808] Bluetooth: hci3: command tx timeout [ 978.150372][ T1582] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 978.162156][ T1582] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 978.172872][ T1582] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 978.182327][ T1582] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 978.322304][T13142] 8021q: adding VLAN 0 to HW filter on device bond0 [ 978.365020][ T1582] usb 1-1: config 0 descriptor?? [ 978.577027][T13142] 8021q: adding VLAN 0 to HW filter on device team0 [ 978.690104][ T3794] bridge0: port 1(bridge_slave_0) entered blocking state [ 978.697821][ T3794] bridge0: port 1(bridge_slave_0) entered forwarding state [ 978.849675][ T3794] bridge0: port 2(bridge_slave_1) entered blocking state [ 978.857866][ T3794] bridge0: port 2(bridge_slave_1) entered forwarding state [ 978.995680][ T1582] keytouch 0003:0926:3333.001B: fixing up Keytouch IEC report descriptor [ 979.087703][ T1582] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.001B/input/input34 [ 979.308418][ T1582] keytouch 0003:0926:3333.001B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 979.312737][T10397] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 979.404101][ T1582] usb 1-1: USB disconnect, device number 15 [ 979.552910][T10397] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 979.564840][T10397] usb 2-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0xB7, changing to 0x87 [ 979.578551][T10397] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 979.590360][T10397] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x87 has invalid maxpacket 42124, setting to 1024 [ 979.602140][T10397] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 180 [ 979.764830][T10397] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 979.775390][T10397] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 979.784353][T10397] usb 2-1: Product: syz [ 979.788801][T10397] usb 2-1: Manufacturer: syz [ 979.793874][T10397] usb 2-1: SerialNumber: syz [ 980.145460][T13230] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 980.877324][T13230] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 981.269859][T10397] cdc_ncm 2-1:1.0: bind() failure [ 981.338581][T13239] loop0: detected capacity change from 0 to 32768 [ 981.358164][T13239] bcachefs: bch2_fs_open() bch_fs_open err opening /dev/loop0: erofs_nochanges [ 981.372238][T13239] bcachefs: bch2_fs_get_tree() error: erofs_nochanges [ 981.374010][T10397] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 981.513020][T10397] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 981.593975][T10397] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 981.648841][T10397] usb 2-1: USB disconnect, device number 13 [ 981.925513][T13142] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 985.609481][T13275] loop3: detected capacity change from 0 to 32768 [ 985.705225][T13275] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 985.705368][T13275] allowing incompatible features above 0.0: (unknown version) [ 985.705469][T13275] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 985.744550][T13275] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 985.753412][T13275] bcachefs (loop3): initializing new filesystem [ 985.778230][T13275] bcachefs (loop3): going read-write [ 985.933866][T13142] veth0_vlan: entered promiscuous mode [ 985.950160][T13275] bcachefs (loop3): marking superblocks [ 986.014302][T13275] bcachefs (loop3): initializing freespace [ 986.045778][T13275] bcachefs (loop3): done initializing freespace [ 986.066876][T13275] bcachefs (loop3): reading snapshots table [ 986.078741][T13275] bcachefs (loop3): reading snapshots done [ 986.170485][T13142] veth1_vlan: entered promiscuous mode [ 986.300341][T13275] bcachefs (loop3): done starting filesystem [ 986.463456][T13142] veth0_macvtap: entered promiscuous mode [ 986.512678][ T5799] bcachefs (loop3): shutting down [ 986.518022][ T5799] bcachefs (loop3): going read-only [ 986.525288][ T5799] bcachefs (loop3): finished waiting for writes to stop [ 986.635750][ T5799] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3 [ 986.647085][T13142] veth1_macvtap: entered promiscuous mode [ 986.840165][T13142] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 986.920607][ T5799] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3 [ 986.957971][T13142] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 987.010891][ T5799] bcachefs (loop3): clean shutdown complete, journal seq 4 [ 987.023716][ T5799] bcachefs (loop3): marking filesystem clean [ 987.024999][T13142] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 987.039012][T13142] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 987.048397][T13142] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 987.057715][T13142] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 987.125130][ T5799] bcachefs (loop3): shutdown complete [ 987.302844][T13301] loop0: detected capacity change from 0 to 512 [ 987.463283][T13301] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 987.996623][T13299] sctp: failed to load transform for md5: -2 [ 988.198626][ T5809] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 989.774513][T13326] raw_sendmsg: syz.1.2558 forgot to set AF_INET. Fix it! [ 990.488714][T13337] loop0: detected capacity change from 0 to 128 [ 990.555084][T13337] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 990.617252][T13337] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 992.756977][T10649] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 993.015363][T10649] usb 1-1: Using ep0 maxpacket: 8 [ 993.029975][T10649] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 993.044588][T10649] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 993.056206][T10649] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 993.067079][T10649] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 993.077730][T10649] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 993.088019][T10649] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 993.097542][T10649] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 993.307963][T10649] usb 1-1: config 0 descriptor?? [ 993.413164][ T5808] Bluetooth: hci5: urb ffff88808cf266c0 submission failed (90) [ 993.536129][T10649] usb 1-1: USB disconnect, device number 16 [ 993.870756][T13374] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed. [ 994.229087][ T4320] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 994.237437][ T4320] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 994.458734][ T3794] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 994.467027][ T3794] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 995.168570][T13383] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 995.560029][T13386] loop7: detected capacity change from 0 to 2048 [ 995.669305][T13386] UDF-fs: warning (device loop7): udf_load_vrs: No anchor found [ 995.677635][T13386] UDF-fs: Scanning with blocksize 512 failed [ 995.800055][T13386] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 995.872967][T13394] tun0: tun_chr_ioctl cmd 1074025675 [ 995.878615][T13394] tun0: persist enabled [ 995.943439][T13394] tun0: tun_chr_ioctl cmd 1074025675 [ 995.949293][T13394] tun0: persist enabled [ 996.023280][T13388] ptrace attach of ""[13391] was attempted by "./syz-executor exec"[13388] [ 996.677833][T13400] loop3: detected capacity change from 0 to 64 [ 996.774785][T13400] MINIX-fs: mounting file system with errors, running fsck is recommended [ 997.076432][T13398] loop0: detected capacity change from 0 to 32768 [ 997.138899][T13398] find_entry called with index = 0 [ 997.147736][T13398] read_mapping_page failed! [ 997.152726][T13398] ERROR: (device loop0): txAbort: [ 997.152726][T13398] [ 997.462374][ T5809] ERROR: (device loop0): diFree: numfree > numinos [ 997.462374][ T5809] [ 997.577225][T13408] syzkaller1: entered promiscuous mode [ 997.583291][T13408] syzkaller1: entered allmulticast mode [ 998.115375][T10649] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 998.311919][T10649] usb 2-1: Using ep0 maxpacket: 32 [ 998.346857][T10649] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 998.359202][T10649] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 998.373737][T10649] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 998.386868][T10649] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 998.397232][T10649] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 998.545318][T10649] usb 2-1: config 0 descriptor?? [ 998.553386][T13412] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 998.604614][T10649] hub 2-1:0.0: USB hub found [ 998.839470][T10649] hub 2-1:0.0: 2 ports detected [ 999.094377][T10649] hub 2-1:0.0: hub_hub_status failed (err = -71) [ 999.101070][T10649] hub 2-1:0.0: config failed, can't get hub status (err -71) [ 999.172357][T10649] usbhid 2-1:0.0: can't add hid device: -71 [ 999.179194][T10649] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 999.273700][T10649] usb 2-1: USB disconnect, device number 14 [ 999.715580][T13428] loop3: detected capacity change from 0 to 1024 [ 999.824000][T13430] loop0: detected capacity change from 0 to 512 [ 999.875156][T13428] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1000.016014][T13430] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1000.030073][T13430] ext4 filesystem being mounted at /533/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1000.374814][T13440] loop7: detected capacity change from 0 to 1024 [ 1000.455941][ T5809] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1000.788447][ T5799] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1000.852041][ T9696] hfsplus: b-tree write err: -5, ino 4 [ 1001.275407][T13451] loop3: detected capacity change from 0 to 1024 [ 1001.465098][T13455] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2601'. [ 1001.475151][T13455] tipc: Started in network mode [ 1001.480232][T13455] tipc: Node identity @emory.en, cluster identity 8 [ 1002.091071][ T9704] hfsplus: b-tree write err: -5, ino 4 [ 1003.572963][T13475] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2611'. [ 1005.854090][T13493] loop1: detected capacity change from 0 to 32768 [ 1006.410747][T13487] loop0: detected capacity change from 0 to 65536 [ 1006.422688][T13487] XFS: ikeep mount option is deprecated. [ 1006.431675][T13493] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2618 (13493) [ 1006.541737][T13487] XFS (loop0): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 1006.756665][T13487] XFS (loop0): Ending clean mount [ 1006.819017][T13492] loop3: detected capacity change from 0 to 32768 [ 1006.859865][T13493] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1006.874175][T13493] BTRFS info (device loop1): using crc32c (crc32c-x86_64) checksum algorithm [ 1006.885018][T13493] BTRFS info (device loop1): using free-space-tree [ 1006.979425][T13492] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 1006.979587][T13492] allowing incompatible features above 0.0: (unknown version) [ 1006.979688][T13492] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 1007.019410][T13492] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 1007.028295][T13492] bcachefs (loop3): initializing new filesystem [ 1007.051982][T13492] bcachefs (loop3): going read-write [ 1007.237429][T13492] bcachefs (loop3): marking superblocks [ 1007.298690][T13492] bcachefs (loop3): initializing freespace [ 1007.331244][T13492] bcachefs (loop3): done initializing freespace [ 1007.352133][T13492] bcachefs (loop3): reading snapshots table [ 1007.358551][T13492] bcachefs (loop3): reading snapshots done [ 1007.404844][T13493] BTRFS info (device loop1): rebuilding free space tree [ 1007.459967][T13492] bcachefs (loop3): done starting filesystem [ 1007.845951][ T5799] bcachefs (loop3): shutting down [ 1007.851521][ T5799] bcachefs (loop3): going read-only [ 1007.857007][ T5799] bcachefs (loop3): finished waiting for writes to stop [ 1007.900649][ T5799] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3 [ 1008.086156][ T5801] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1008.113172][ T5809] XFS (loop0): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 1008.338619][ T5799] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3 [ 1008.432018][ T5799] bcachefs (loop3): clean shutdown complete, journal seq 4 [ 1008.482641][ T5799] bcachefs (loop3): marking filesystem clean [ 1008.744133][ T5799] bcachefs (loop3): shutdown complete [ 1009.286564][T13531] loop7: detected capacity change from 0 to 32768 [ 1009.296156][T13531] XFS: ikeep mount option is deprecated. [ 1009.302369][T13531] XFS: noikeep mount option is deprecated. [ 1009.392885][T13531] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1010.098721][T13531] XFS (loop7): Ending clean mount [ 1010.109567][T13531] XFS (loop7): Quotacheck needed: Please wait. [ 1010.182172][T13531] XFS (loop7): Quotacheck: Done. [ 1010.361244][T13142] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1011.431692][T10649] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 1011.639053][T10649] usb 5-1: Using ep0 maxpacket: 32 [ 1011.682965][T10649] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 1011.691653][T10649] usb 5-1: config 0 has no interface number 0 [ 1011.753573][T10649] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1011.763255][T10649] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1011.771772][T10649] usb 5-1: Product: syz [ 1011.776251][T10649] usb 5-1: Manufacturer: syz [ 1011.784042][T10649] usb 5-1: SerialNumber: syz [ 1011.809409][T10649] usb 5-1: config 0 descriptor?? [ 1011.845479][T10649] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1012.044035][T10649] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1012.134740][T10649] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1012.628489][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1012.632642][T10397] usb 5-1: USB disconnect, device number 23 [ 1012.704613][T10397] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1012.748636][T10397] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1012.764753][T10397] quatech2 5-1:0.51: device disconnected [ 1013.878123][T13574] loop7: detected capacity change from 0 to 512 [ 1013.958078][T13574] ext4: Unknown parameter 'smackfsfloor' [ 1014.156552][T13578] loop1: detected capacity change from 0 to 64 [ 1014.552318][T13585] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2641'. [ 1014.743800][T13587] netlink: 'syz.7.2642': attribute type 2 has an invalid length. [ 1014.755443][T13587] netlink: 209852 bytes leftover after parsing attributes in process `syz.7.2642'. [ 1015.477856][T13596] loop7: detected capacity change from 0 to 512 [ 1015.507838][T13598] @: renamed from vlan0 (while UP) [ 1015.520609][T13596] EXT4-fs: Ignoring removed i_version option [ 1015.615791][T13596] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1016.046555][T13142] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1016.077186][T13608] netlink: 87 bytes leftover after parsing attributes in process `syz.0.2652'. [ 1016.311829][T13610] loop3: detected capacity change from 0 to 256 [ 1016.394189][T13610] exfat: Deprecated parameter 'utf8' [ 1016.426571][T13610] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 1016.567513][ T9687] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1016.806388][ T9687] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1016.896375][T13615] vlan0: entered allmulticast mode [ 1016.906937][T13615] gretap0: entered allmulticast mode [ 1016.942955][T13616] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2656'. [ 1017.076542][T13617] can0: slcan on ttyS3. [ 1017.184875][ T9687] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1017.225480][T13612] can0 (unregistered): slcan off ttyS3. [ 1017.469786][ T9687] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1017.810348][ T9687] bridge_slave_1: left allmulticast mode [ 1017.816668][ T9687] bridge_slave_1: left promiscuous mode [ 1017.828822][ T9687] bridge0: port 2(bridge_slave_1) entered disabled state [ 1017.845822][ T9687] bridge_slave_0: left allmulticast mode [ 1017.857157][ T9687] bridge_slave_0: left promiscuous mode [ 1017.864473][ T9687] bridge0: port 1(bridge_slave_0) entered disabled state [ 1018.427147][ T9687] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1018.478913][ T9687] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1018.504799][ T9687] bond0 (unregistering): Released all slaves [ 1019.314736][ T9687] hsr_slave_0: left promiscuous mode [ 1019.332395][ T9687] hsr_slave_1: left promiscuous mode [ 1019.340907][ T9687] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1019.348992][ T9687] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1019.405303][ T9687] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1019.413765][ T9687] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1019.478937][ T9687] veth1_macvtap: left promiscuous mode [ 1019.486345][ T9687] veth0_macvtap: left promiscuous mode [ 1019.494976][ T9687] veth1_vlan: left promiscuous mode [ 1019.500641][ T9687] veth0_vlan: left promiscuous mode [ 1019.960720][T13631] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2664'. [ 1020.057708][ T9687] pim6reg (unregistering): left allmulticast mode [ 1020.116991][ T5808] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1020.209594][ T5808] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1020.378003][ T5808] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1020.416209][ T5808] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1020.429260][ T5808] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1020.519994][ T9687] team0 (unregistering): Port device team_slave_1 removed [ 1020.574441][ T9687] team0 (unregistering): Port device team_slave_0 removed [ 1020.838700][T13628] netlink: 'syz.7.2661': attribute type 3 has an invalid length. [ 1021.539440][ T9687] IPVS: stop unused estimator thread 0... [ 1022.031807][T11235] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 1022.251762][T11235] usb 1-1: Using ep0 maxpacket: 8 [ 1022.276115][T11235] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1022.286012][T11235] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1022.294599][T11235] usb 1-1: Product: syz [ 1022.299046][T11235] usb 1-1: Manufacturer: syz [ 1022.304354][T11235] usb 1-1: SerialNumber: syz [ 1022.349146][T11235] usb 1-1: config 0 descriptor?? [ 1022.370972][T11235] gspca_main: se401-2.14.0 probing 047d:5003 [ 1022.621591][T13529] Bluetooth: hci2: command tx timeout [ 1022.807417][T13633] chnl_net:caif_netlink_parms(): no params data found [ 1022.850313][T11235] gspca_se401: ExtraFeatures: 3 [ 1023.059568][T11235] input: se401 as /devices/platform/dummy_hcd.0/usb1/1-1/input/input35 [ 1023.264508][T11235] usb 1-1: USB disconnect, device number 17 [ 1024.025707][T13661] loop3: detected capacity change from 0 to 32768 [ 1024.126721][T13659] loop7: detected capacity change from 0 to 32768 [ 1024.266919][T13661] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1024.333261][T13659] bcachefs (loop7): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 1024.333447][T13659] allowing incompatible features above 0.0: (unknown version) [ 1024.333552][T13659] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 1024.382211][T13659] bcachefs (loop7): Using encoding defined by superblock: utf8-12.1.0 [ 1024.390736][T13659] bcachefs (loop7): initializing new filesystem [ 1024.413106][T13659] bcachefs (loop7): going read-write [ 1024.529734][T13659] bcachefs (loop7): marking superblocks [ 1024.530954][ T5799] ocfs2: Unmounting device (7,3) on (node local) [ 1024.592044][T13659] bcachefs (loop7): initializing freespace [ 1024.624052][T13659] bcachefs (loop7): done initializing freespace [ 1024.647579][T13659] bcachefs (loop7): reading snapshots table [ 1024.654346][T13659] bcachefs (loop7): reading snapshots done [ 1024.692737][T13529] Bluetooth: hci2: command tx timeout [ 1024.781039][T13659] bcachefs (loop7): done starting filesystem [ 1024.985834][T13142] bcachefs (loop7): shutting down [ 1024.994300][T13142] bcachefs (loop7): going read-only [ 1024.999813][T13142] bcachefs (loop7): finished waiting for writes to stop [ 1025.076984][T13142] bcachefs (loop7): flushing journal and stopping allocators, journal seq 3 [ 1025.353011][T13142] bcachefs (loop7): flushing journal and stopping allocators complete, journal seq 3 [ 1025.412350][T13142] bcachefs (loop7): clean shutdown complete, journal seq 4 [ 1025.437595][T13142] bcachefs (loop7): marking filesystem clean [ 1025.887485][T13142] bcachefs (loop7): shutdown complete [ 1026.293621][T13633] bridge0: port 1(bridge_slave_0) entered blocking state [ 1026.301613][T13633] bridge0: port 1(bridge_slave_0) entered disabled state [ 1026.309498][T13633] bridge_slave_0: entered allmulticast mode [ 1026.323168][T13633] bridge_slave_0: entered promiscuous mode [ 1026.610742][T13633] bridge0: port 2(bridge_slave_1) entered blocking state [ 1026.618635][T13633] bridge0: port 2(bridge_slave_1) entered disabled state [ 1026.629984][T13633] bridge_slave_1: entered allmulticast mode [ 1026.640128][T13633] bridge_slave_1: entered promiscuous mode [ 1026.773710][T13529] Bluetooth: hci2: command tx timeout [ 1027.020213][T13633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1027.049450][T13633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1027.232719][T13633] team0: Port device team_slave_0 added [ 1027.282858][T13633] team0: Port device team_slave_1 added [ 1027.583342][T13633] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1027.590582][T13633] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1027.618720][T13633] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1027.763586][T13633] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1027.770872][T13633] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1027.800257][T13633] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1028.241862][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 1028.248664][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 1028.405400][T13633] hsr_slave_0: entered promiscuous mode [ 1028.418027][T13633] hsr_slave_1: entered promiscuous mode [ 1028.427353][T13633] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1028.435404][T13633] Cannot create hsr debugfs directory [ 1028.851782][T13529] Bluetooth: hci2: command tx timeout [ 1029.468992][T13698] loop3: detected capacity change from 0 to 32768 [ 1029.616208][T13698] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1029.821165][T13705] sctp: failed to load transform for md5: -2 [ 1030.432190][T13698] XFS (loop3): Ending clean mount [ 1030.447967][T13698] XFS (loop3): Quotacheck needed: Please wait. [ 1030.528104][T13698] XFS (loop3): Quotacheck: Done. [ 1030.728627][ T5799] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1031.327018][T13633] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1031.543175][T13633] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1031.623225][T13633] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1031.713106][T13633] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1033.617654][T13743] loop7: detected capacity change from 0 to 2048 [ 1033.777470][T13743] udf: Unknown parameter 'uid˙˙˙˙get' [ 1033.812797][T13744] loop0: detected capacity change from 0 to 32768 [ 1033.849680][T13633] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1033.955977][T13744] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 1033.956156][T13744] allowing incompatible features above 0.0: (unknown version) [ 1033.956255][T13744] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 1034.005518][T13744] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 1034.014177][T13744] bcachefs (loop0): initializing new filesystem [ 1034.035330][T13744] bcachefs (loop0): going read-write [ 1034.125588][T13633] 8021q: adding VLAN 0 to HW filter on device team0 [ 1034.217936][ T9704] bridge0: port 1(bridge_slave_0) entered blocking state [ 1034.225753][ T9704] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1034.243906][ T9704] bridge0: port 2(bridge_slave_1) entered blocking state [ 1034.251707][ T9704] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1034.277344][T13744] bcachefs (loop0): marking superblocks [ 1034.336859][T13744] bcachefs (loop0): initializing freespace [ 1034.369150][T13744] bcachefs (loop0): done initializing freespace [ 1034.398916][T13744] bcachefs (loop0): reading snapshots table [ 1034.405573][T13744] bcachefs (loop0): reading snapshots done [ 1034.632630][T13744] bcachefs (loop0): done starting filesystem [ 1034.835886][ T30] audit: type=1800 audit(1750685540.023:182): pid=13744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2694" name="file1" dev="loop0" ino=4098 res=0 errno=0 [ 1034.860527][ T5809] bcachefs (loop0): shutting down [ 1034.868259][ T5809] bcachefs (loop0): going read-only [ 1034.874320][ T5809] bcachefs (loop0): finished waiting for writes to stop [ 1034.914031][ T5809] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3 [ 1035.433979][ T5809] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3 [ 1035.523902][ T5809] bcachefs (loop0): clean shutdown complete, journal seq 4 [ 1035.545689][ T5809] bcachefs (loop0): marking filesystem clean [ 1035.806325][ T5809] bcachefs (loop0): shutdown complete [ 1036.510594][T13633] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1036.859673][T13783] loop3: detected capacity change from 0 to 64 [ 1037.060952][T13633] veth0_vlan: entered promiscuous mode [ 1037.087994][T13783] minix_free_block (loop3:2): bit already cleared [ 1037.096213][T13783] minix_free_block (loop3:3): bit already cleared [ 1037.103246][T13783] minix_free_block (loop3:4): bit already cleared [ 1037.226288][T13633] veth1_vlan: entered promiscuous mode [ 1037.542540][T13633] veth0_macvtap: entered promiscuous mode [ 1037.603315][T13633] veth1_macvtap: entered promiscuous mode [ 1037.830890][T13633] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1037.908813][T13633] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1038.011232][T13633] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1038.021584][T13633] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1038.030673][T13633] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1038.041807][T13633] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1040.059070][T13807] loop3: detected capacity change from 0 to 32768 [ 1040.074765][T13807] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2715 (13807) [ 1040.100871][T13807] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1040.113057][T13807] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm [ 1040.122421][T13807] BTRFS info (device loop3): using free-space-tree [ 1040.684351][ T5799] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1040.788534][T13832] nullb0: AHDI p1 [ 1042.615496][T13849] loop7: detected capacity change from 0 to 4096 [ 1042.751860][T13857] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1042.888430][T13856] loop3: detected capacity change from 0 to 1024 [ 1042.956708][T13856] EXT4-fs: Ignoring removed oldalloc option [ 1042.963702][T13856] EXT4-fs: Ignoring removed bh option [ 1043.088985][T13865] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2726'. [ 1043.089404][T13856] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1043.110405][T13865] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2726'. [ 1043.382992][T13868] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.2718: Allocating blocks 481-513 which overlap fs metadata [ 1043.964548][ T5799] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1044.922641][T10397] usb 5-1: new full-speed USB device number 24 using dummy_hcd [ 1045.138129][T10397] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1045.149105][T10397] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 1045.163210][T10397] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 1045.175332][T10397] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 1045.186248][T10397] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1045.375039][T10397] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 1045.384759][T10397] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 1045.394688][T10397] usb 5-1: Product: syz [ 1045.399131][T10397] usb 5-1: Manufacturer: syz [ 1045.404187][T10397] usb 5-1: SerialNumber: syz [ 1045.652708][T10397] usb 5-1: config 0 descriptor?? [ 1045.805161][T13895] netlink: 'syz.3.2736': attribute type 10 has an invalid length. [ 1045.814669][T13895] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2736'. [ 1045.825918][T13895] dummy0: entered promiscuous mode [ 1045.836306][T13895] bridge0: port 4(dummy0) entered blocking state [ 1045.843877][T13895] bridge0: port 4(dummy0) entered disabled state [ 1045.851675][T13895] dummy0: entered allmulticast mode [ 1045.867103][T13895] bridge0: port 4(dummy0) entered blocking state [ 1045.874575][T13895] bridge0: port 4(dummy0) entered forwarding state [ 1046.057249][T10397] radio-si470x 5-1:0.0: DeviceID=0x6465 ChipID=0x7669 [ 1046.197202][T13893] loop7: detected capacity change from 0 to 32768 [ 1046.222745][T10397] radio-si470x 5-1:0.0: software version 100, hardware version 101 [ 1046.422689][T10397] radio-si470x 5-1:0.0: submitting int urb failed (-90) [ 1046.424424][T13893] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1046.622171][ T9691] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1046.630415][ T9691] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1046.830240][T10397] radio-si470x 5-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 1046.840392][T10397] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -22 [ 1046.940602][T10397] usb 5-1: USB disconnect, device number 24 [ 1046.986077][ T9691] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1046.994405][ T9691] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1047.083000][T13893] XFS (loop7): Ending clean mount [ 1047.101092][T13893] XFS (loop7): Quotacheck needed: Please wait. [ 1047.210375][T13893] XFS (loop7): Quotacheck: Done. [ 1047.362707][T13142] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1048.036429][ T9691] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1048.070772][T13910] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2740'. [ 1048.084004][T13910] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2740'. [ 1048.294046][ T9691] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1048.496680][ T9691] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1048.685327][ T9691] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1049.257227][ T9691] bridge_slave_1: left allmulticast mode [ 1049.263413][ T9691] bridge_slave_1: left promiscuous mode [ 1049.270211][ T9691] bridge0: port 2(bridge_slave_1) entered disabled state [ 1049.363790][ T9691] bridge_slave_0: left allmulticast mode [ 1049.369765][ T9691] bridge_slave_0: left promiscuous mode [ 1049.379620][ T9691] bridge0: port 1(bridge_slave_0) entered disabled state [ 1050.253455][ T9691] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1050.313809][ T9691] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1050.348349][ T9691] bond0 (unregistering): Released all slaves [ 1051.073278][ T9691] hsr_slave_0: left promiscuous mode [ 1051.113088][ T9691] hsr_slave_1: left promiscuous mode [ 1051.175989][ T9691] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1051.184629][ T9691] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1051.225836][ T9691] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1051.234656][ T9691] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1051.413048][ T9691] veth1_macvtap: left promiscuous mode [ 1051.419022][ T9691] veth0_macvtap: left promiscuous mode [ 1051.425516][ T9691] veth1_vlan: left promiscuous mode [ 1051.432514][ T9691] veth0_vlan: left promiscuous mode [ 1052.346176][T13529] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1052.367658][T13529] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1052.383453][T13529] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1052.441048][T13529] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1052.456928][T13529] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1052.722935][ T9691] team0 (unregistering): Port device team_slave_1 removed [ 1052.778482][ T9691] team0 (unregistering): Port device team_slave_0 removed [ 1054.535619][T13529] Bluetooth: hci2: command tx timeout [ 1054.805940][T13924] chnl_net:caif_netlink_parms(): no params data found [ 1056.001101][T13966] bridge_slave_0: left allmulticast mode [ 1056.007330][T13966] bridge_slave_0: left promiscuous mode [ 1056.017435][T13966] bridge0: port 1(bridge_slave_0) entered disabled state [ 1056.163450][T13966] bridge_slave_1: left allmulticast mode [ 1056.171109][T13966] bridge_slave_1: left promiscuous mode [ 1056.178377][T13966] bridge0: port 2(bridge_slave_1) entered disabled state [ 1056.250251][T13966] bond0: (slave bond_slave_0): Releasing backup interface [ 1056.290109][T13966] bond0: (slave bond_slave_1): Releasing backup interface [ 1056.410312][T13966] team0: Port device team_slave_0 removed [ 1056.472388][T13966] team0: Port device team_slave_1 removed [ 1056.484672][T13966] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1056.494632][T13966] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1056.515825][T13966] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1056.525015][T13966] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1056.622840][T13529] Bluetooth: hci2: command tx timeout [ 1057.055689][T13924] bridge0: port 1(bridge_slave_0) entered blocking state [ 1057.064666][T13924] bridge0: port 1(bridge_slave_0) entered disabled state [ 1057.072734][T13924] bridge_slave_0: entered allmulticast mode [ 1057.082803][T13924] bridge_slave_0: entered promiscuous mode [ 1057.223126][T13924] bridge0: port 2(bridge_slave_1) entered blocking state [ 1057.230908][T13924] bridge0: port 2(bridge_slave_1) entered disabled state [ 1057.239113][T13924] bridge_slave_1: entered allmulticast mode [ 1057.253247][T13924] bridge_slave_1: entered promiscuous mode [ 1057.708310][T13924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1057.783688][T13924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1058.148956][T13982] input: syz0 as /devices/virtual/input/input36 [ 1058.245975][T13924] team0: Port device team_slave_0 added [ 1058.311976][T13924] team0: Port device team_slave_1 added [ 1058.442547][T13924] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1058.449817][T13924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1058.479545][T13924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1058.480342][ T4320] ===================================================== [ 1058.501949][ T4320] BUG: KMSAN: uninit-value in gsmld_receive_buf+0x578/0x620 [ 1058.510579][ T4320] gsmld_receive_buf+0x578/0x620 [ 1058.516753][ T4320] tty_ldisc_receive_buf+0x1f4/0x2c0 [ 1058.525003][ T4320] tty_port_default_receive_buf+0xd7/0x1a0 [ 1058.532222][ T4320] flush_to_ldisc+0x49d/0xf00 [ 1058.538785][ T4320] process_scheduled_works+0xb91/0x1d80 [ 1058.545774][ T4320] worker_thread+0xedf/0x1590 [ 1058.551664][ T4320] kthread+0xd5c/0xf00 [ 1058.556644][ T4320] ret_from_fork+0x1e3/0x310 [ 1058.562397][ T4320] ret_from_fork_asm+0x1a/0x30 [ 1058.568165][ T4320] [ 1058.571488][ T4320] Uninit was created at: [ 1058.580731][ T4320] __kmalloc_noprof+0x95f/0x1310 [ 1058.587186][ T4320] __tty_buffer_request_room+0x3d4/0x7a0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1058.593879][ T4320] __tty_insert_flip_string_flags+0x157/0x6f0 [ 1058.602569][ T4320] uart_insert_char+0x368/0x930 [ 1058.608699][ T4320] serial8250_read_char+0x1ba/0x670 [ 1058.615278][ T4320] serial8250_handle_irq+0x930/0x1110 [ 1058.623505][ T4320] serial8250_default_handle_irq+0x116/0x2b0 [ 1058.631841][ T4320] serial8250_interrupt+0xc8/0x400 [ 1058.638015][ T4320] __handle_irq_event_percpu+0x11c/0xbf0 [ 1058.644872][ T4320] handle_irq_event+0xe0/0x2a0 [ 1058.650624][ T4320] handle_edge_irq+0x31c/0xc80 [ 1058.656439][ T4320] __common_interrupt+0x9f/0x220 [ 1058.662611][ T4320] common_interrupt+0x94/0xb0 [ 1058.668228][ T4320] asm_common_interrupt+0x2b/0x40 [ 1058.674691][ T4320] [ 1058.682144][ T4320] CPU: 0 UID: 0 PID: 4320 Comm: kworker/u8:26 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(undef) [ 1058.694319][ T4320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1058.707530][ T4320] Workqueue: events_unbound flush_to_ldisc [ 1058.714555][ T4320] ===================================================== [ 1058.722510][ T4320] Disabling lock debugging due to kernel taint [ 1058.731522][ T4320] Kernel panic - not syncing: kmsan.panic set ... [ 1058.738191][ T4320] CPU: 0 UID: 0 PID: 4320 Comm: kworker/u8:26 Tainted: G B 6.16.0-rc3-syzkaller #0 PREEMPT(undef) [ 1058.750638][ T4320] Tainted: [B]=BAD_PAGE [ 1058.755046][ T4320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1058.765413][ T4320] Workqueue: events_unbound flush_to_ldisc [ 1058.771484][ T4320] Call Trace: [ 1058.774963][ T4320] [ 1058.778062][ T4320] __dump_stack+0x26/0x30 [ 1058.782676][ T4320] dump_stack_lvl+0x53/0x270 [ 1058.787540][ T4320] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1058.793671][ T4320] dump_stack+0x1e/0x25 [ 1058.798104][ T4320] panic+0x4bd/0xd50 [ 1058.802353][ T4320] kmsan_report+0x31c/0x320 [ 1058.807185][ T4320] ? __msan_warning+0x1b/0x30 [ 1058.812142][ T4320] ? gsmld_receive_buf+0x578/0x620 [ 1058.817538][ T4320] ? tty_ldisc_receive_buf+0x1f4/0x2c0 [ 1058.823325][ T4320] ? tty_port_default_receive_buf+0xd7/0x1a0 [ 1058.829572][ T4320] ? flush_to_ldisc+0x49d/0xf00 [ 1058.834656][ T4320] ? process_scheduled_works+0xb91/0x1d80 [ 1058.840694][ T4320] ? worker_thread+0xedf/0x1590 [ 1058.845862][ T4320] ? kthread+0xd5c/0xf00 [ 1058.850337][ T4320] ? ret_from_fork+0x1e3/0x310 [ 1058.855347][ T4320] ? ret_from_fork_asm+0x1a/0x30 [ 1058.860613][ T4320] ? psi_group_change+0xf40/0x1620 [ 1058.866023][ T4320] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1058.872163][ T4320] ? kmsan_get_metadata+0xfb/0x160 [ 1058.877572][ T4320] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1058.883724][ T4320] ? gsm1_receive+0x32d/0x1140 [ 1058.888809][ T4320] ? kmsan_get_metadata+0xfb/0x160 [ 1058.894200][ T4320] ? kmsan_get_metadata+0xfb/0x160 [ 1058.899607][ T4320] ? __pfx_gsm1_receive+0x10/0x10 [ 1058.904930][ T4320] __msan_warning+0x1b/0x30 [ 1058.909709][ T4320] gsmld_receive_buf+0x578/0x620 [ 1058.914979][ T4320] tty_ldisc_receive_buf+0x1f4/0x2c0 [ 1058.920591][ T4320] ? __pfx_gsmld_receive_buf+0x10/0x10 [ 1058.926334][ T4320] tty_port_default_receive_buf+0xd7/0x1a0 [ 1058.932469][ T4320] flush_to_ldisc+0x49d/0xf00 [ 1058.937368][ T4320] ? __pfx_tty_port_default_receive_buf+0x10/0x10 [ 1058.944152][ T4320] ? __pfx_flush_to_ldisc+0x10/0x10 [ 1058.949561][ T4320] process_scheduled_works+0xb91/0x1d80 [ 1058.955428][ T4320] worker_thread+0xedf/0x1590 [ 1058.960400][ T4320] kthread+0xd5c/0xf00 [ 1058.964688][ T4320] ? __pfx_worker_thread+0x10/0x10 [ 1058.970163][ T4320] ? __pfx_kthread+0x10/0x10 [ 1058.974956][ T4320] ret_from_fork+0x1e3/0x310 [ 1058.979868][ T4320] ? __pfx_kthread+0x10/0x10 [ 1058.984677][ T4320] ret_from_fork_asm+0x1a/0x30 [ 1058.989752][ T4320] [ 1058.993279][ T4320] Kernel Offset: disabled [ 1058.997709][ T4320] Rebooting in 86400 seconds..