last executing test programs: 6.491395746s ago: executing program 3 (id=9913): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'nicvf0\x00', 0x1}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x19) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000040)={'pim6reg\x00'}) 5.334350537s ago: executing program 3 (id=9923): sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020d0000100000002f3144e8edffffff03000600ff18000002004909000100000000000000000000080012000200010000d200000000000030006c540203009f7eae02000000adb20200000000f52c000000cdff000000ff03000000000000000000002300001300030005000020000002"], 0x80}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f00000000c0), 0x2c8, 0x0) 4.764313901s ago: executing program 3 (id=9926): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$sndpcmp(&(0x7f00000005c0), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$SNDRV_PCM_IOCTL_INFO(r2, 0x81204101, &(0x7f0000000f80)) 3.761853798s ago: executing program 1 (id=9934): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x0, &(0x7f0000001080), 0x1, 0x507, &(0x7f00000010c0)="$eJzs3c9vG1kdAPDvTOLGzWY3WVhpAQFbloWCqtqJuxut9rRcQGi1EmLFiUM2JG4UxY6j2FmaUKnJ/4BEJQ4ITpw5IHGo1BNHBDe49VIOSAUqUIPEwWj8I00buwltEmvtz0cazbx54/m+V2vec7+t/QIYWZciYjciLkTExxEx3TmfdLZ4v71l1z16eHNp/+HNpSSazY/+kbTqs3Nx6DWZlzr3zEfE978T8aPkaNz69s7aYqVS3uyUi43qRrG+vXN1tbq4Ul4pr5dK83Pzs+9ee6d0an19o/qbB99e/eAHd373pft/2v3mT7JmTXXqDvfjNLW7njuIkxmPiA/OItgAjHX6c2HQDeG5pBHxmYh4s/X8T8dY6908mR6PNQDwKdBsTkdz+nAZABh2aSsHlqSFTi5gKtK0UGjn8F6LybRSqzeuXK9trS+3c2UzkUuvr1bKs51c4Uzkkqw8dys7flwuxZPlaxHxakT8dOJiq1xYOnmeAQA4XS89Nf//e6I9/wMAQy5/3AULR0/lzqgtAMD5OHb+BwCGjvkfAEaP+R8ARo/5HwBGj/kfAEbNve78PzbolgAA5+J7H36Ybc39zu9fL3+yvbVW++Tqcrm+VqhuLRWWapsbhZVabaVSLizVqsfdr1Krbcy9HVs3io1yvVGsb+8sVGtb642F1u96L5R9bRAABu/VN+7+JYmI3fcutrY4tJaDuRqGWzroBgADI+cPo+vioBsADIy/4wPHreXZ978I336OYM1bz/Ei4LRd/rz8P4wq+X8YXfL/MLqswgmjq9lM+q35nx5cAgAMFTl+4Fz//R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACGxFRrmzlUTtNCIeLliJiJXHJ9tVKejYhXIuLPE7mJrDw30BYDAC8u/VvSWf/r8vRbU0/XXkj+M9HaR8SPf/7Rz24sNhqbc9n5fx6cb9zunC8Nov0AwHG683R3Hu969PDmUnc7z/Y8+FZ7cdEs7n5na9eMx3i2+2M+chEx+a+kXe7IPq+MnUL83b2I+Fyv/ie3plo5kPbKp0/Hz2K/fLbx48n46RPx01Zde5/9WXz2yJ0n+sY8bq1XGBV3s/Hn/V7PXxqXWvt8z8WP860R6sV1x7/9I+Nf93nPt8aaXuPfpZPGePv33+1btxfxhfFe8ZOD+Emf+G+dMP69L375zX51zV9GXI7e8Q/HKjaqG8X69s7V1eriSnmlvF4qzc/Nz7577Z1SsZWjLnYz1Uf9/b0rr/Tt/68jJvvEzx/T/689s9fNgwH4V//9+Idf6Rd/L+IbX+39/r/2jPjZnPj1Z8Z/bHHyt/nOdNEz/nK7/3v/7/t/5YTx7/91Z/mElwIA56C+vbO2WKmUN0/1IBenfMNDB8kZtdnBkB9kn8df9D6vd1JmPa/5wy/uvJ5VZmeaScTgu9z7IDnRxQMemIAz9/ihH3RLAAAAAAAAAAAAAACAfs78K0fpoHsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAMPtfAAAA///7Bsqp") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) 3.759522992s ago: executing program 3 (id=9935): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x409, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x14, 0x5, 0x0, 0x1, [@IFLA_BRPORT_BCAST_FLOOD={0x5}, @IFLA_BRPORT_MCAST_TO_UCAST={0x5}]}}}]}, 0x4c}}, 0x0) 3.400761621s ago: executing program 4 (id=9936): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x48, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x48}}, 0x0) 3.111686063s ago: executing program 3 (id=9938): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x1, 0x4b4, &(0x7f0000000c80)="$eJzs3E9sFNUfAPDvbHdpgR8/KiIKoi6isdHYQkHh4AWjiQdMjHjQY9MWghRqaE2EECmJwaMh8W48evXgVb0ZTyZe8WhiSIjhAnhaM7sz7e52t//Y7oL7+SRL35t9s+99982bfTNvlwD6Vjn9J4n4X0TcjIidtWxjgXLtz707Vybv37kyGQuVyqm/k2q5u2k+k++3PcuMFCIKXyRNL1gzd+nyuYmZmemLWX5s/vwnY3OXLr969vzEmekz0xfGjx8/euTwsdfHX1t/UC3qS+O6u+/z2f173/noxruTxXz7UPa3Po5OKUe5VVOqXux0ZT22oy6dFHvYENZlICLS7ipVx//OGAidB/2iUqlUBts/vVBpdm3ZFuCRlUSvWwD0Rv5Bn17/5o8uTT0eCrdP1C6A0rjvZY/aM8UoZGVKTde3nTQUER8u/PNN+ohNug8BAFDvpxP5TLB5/leIPXXl/p+toQxHxGMRsSsiHo+I3RHxRES17JMR8VTT65cjorJC/eWm/PL5T+HWAwW4inT+90a2ttU4/8tnfzE8kOV2ROQT5ulD2XsyEqXB02dnpg+vUMfPb/3+VbvnynXzv/SR1p/PBbN23Co23aCbmpif2HDATW5fi9hXbI4/KUYkiysBSUTsjYh963jd4br02Ze/27+YKTWWWz3+qkrLdbQOLFVUvo14qdb/C9HQ/0s1JiuvT44Nxcz0obH0KDjUso5ff7v+Xrv6V43/hz+bd3n72I+nHjTsRWn/b6s7/iNfv12KfziJSBbXa+fWX8f1P75se02ztuP/asM+6fG/Jfmgmt6SbftsYn7+4uGILcnJ5dvHl/bN83n5NP6Rg63H/65sn/SdeDoi0oP4mYh4NiKey9p+ICKej4iDK8T/y5svfLzx+DdXGv9Uy/NfQ/8vrdfPncwTl9aaGDh34Ob9NiePtfX/0WpqJNvS+vyXNJwi1trADryFAAAA8NArRPW7/4XRxXShMDpauwe0O7YVZmbn5l85PfvphanabwSGo1TI73TV7geXkvz+53BdfrwpfyS7b/z1wNZqfnRydmaq18FDn9teHfPJsvGf+mug160DNp2f/ED/Wm3877nRpYYAXefzH/pX3fhfaFNkwTdl4L+p9ed/qevtALqv1fi/uoF9gEdLxViGvmb8Q/8qxvuL6UJPWwJ0m89/6Etr/xX/RhKVwdZPDcXywjG0Oc3Y2qKuniTSmVVPat+6kb3y/02hbZkorPY6xYZjbDCWlxmInvTFmT0dP/gr2XflO93U71cep/l0fRPeqO6ehwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbLvwEAAP//cdfX0w==") r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000780)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), &(0x7f0000000900)=ANY=[], 0xfeeb, 0x0) 2.988637034s ago: executing program 2 (id=9939): r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0xffff, @multicast1}}, 0x1e) r1 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0xffff, @dev={0xac, 0x14, 0x14, 0x2}}}, 0x1e) 2.730413479s ago: executing program 2 (id=9940): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r0, r1, 0x4, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000540)={@map=r0, 0x4, 0x0, 0x3, &(0x7f0000000440)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) 2.685152272s ago: executing program 4 (id=9941): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010100000000000000002b00000008000300", @ANYRES32=r2, @ANYBLOB="050034003c00000008009f000a0000000800a1390500000005001801240000000500190105000000080026006c09"], 0x4c}}, 0x0) 2.422204681s ago: executing program 1 (id=9942): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') open(&(0x7f0000000780)='./file0\x00', 0x80001, 0x0) 2.036721635s ago: executing program 0 (id=9943): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x1, 0x10, &(0x7f0000000040), 0x3b) sendmsg$inet(r0, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x0) sendmsg$unix(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) 1.934356344s ago: executing program 1 (id=9944): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.parent_freezing\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000002c0)='cdg\x00', 0x4) 1.898745832s ago: executing program 4 (id=9945): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000680)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB='b 75:*\tr\nr'], 0xa) 1.859049875s ago: executing program 2 (id=9946): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080), 0xfd32) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x79}, @hci_ev_le_phy_update_complete={{}, {0x0, 0x0, 0x0, 0x7}}}}, 0x9) 1.580966531s ago: executing program 0 (id=9947): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e000000080000000000180003801400038010000180"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x44}}, 0x0) 1.377123173s ago: executing program 4 (id=9948): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r1 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) fcntl$addseals(r1, 0x409, 0x2) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000380)={r1, 0x0, 0xfffffffffffff000, 0x10000}) 1.318430451s ago: executing program 2 (id=9949): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) getsockname(r1, &(0x7f00000014c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001540)=0x80) sendmsg$nl_route_sched(r0, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001d00)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x0, 0x10}}}, 0x24}}, 0x0) 1.20442049s ago: executing program 1 (id=9950): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00') syz_emit_ethernet(0x11, &(0x7f00000002c0)={@broadcast, @dev, @void, {@mpls_uc={0x806, {[], @llc={@llc={0x0, 0x0, "86"}}}}}}, 0x0) 1.123067669s ago: executing program 0 (id=9951): unshare(0x20000400) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000008c0)=@newtaction={0x70, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_bpf={0x58, 0x1, 0x0, 0x0, {{0x8}, {0x30, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18}, @TCA_ACT_BPF_FD={0x8, 0x5, r1}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0) 966.541437ms ago: executing program 4 (id=9952): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newqdisc={0x50, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x50}}, 0x0) 860.211172ms ago: executing program 2 (id=9953): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) syz_clone(0x1000, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNGETDEVNETNS(r0, 0xff05, 0x0) 733.240821ms ago: executing program 1 (id=9954): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2) ppoll(&(0x7f0000000380)=[{r0, 0xc0}], 0x1, 0x0, 0x0, 0x0) 700.375846ms ago: executing program 0 (id=9955): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xf, 0x0, 0xfd}}]}}]}, 0x44}}, 0x0) 609.630427ms ago: executing program 3 (id=9956): r0 = syz_open_dev$sndctrl(&(0x7f0000000280), 0x20000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000100)) 383.453615ms ago: executing program 0 (id=9957): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0b0600000000000000003000000008000200", @ANYRES32=r0, @ANYBLOB="0500350000000000050033"], 0x2c}}, 0x0) 380.803251ms ago: executing program 2 (id=9958): r0 = syz_open_dev$vim2m(&(0x7f0000005f00), 0x7e5, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f00000012c0)=0x2) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc044560f, &(0x7f00000001c0)=@mmap={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "2063569a"}}) 272.204739ms ago: executing program 4 (id=9959): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) close_range(r0, 0xffffffffffffffff, 0x0) 64.784514ms ago: executing program 0 (id=9960): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r0, &(0x7f0000000080), 0x2000011a) listen(r0, 0xa) 0s ago: executing program 1 (id=9961): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f) ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e) kernel console output (not intermixed with test programs): interface descriptor's value: 3 [ 1872.124115][T19636] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1872.133700][T19636] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1872.297120][ T29] audit: type=1326 audit(1727646474.187:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26438 comm="syz.4.8752" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x0 [ 1872.381293][T26437] loop3: detected capacity change from 0 to 1024 [ 1872.433207][T19636] usb 3-1: GET_CAPABILITIES returned 64 [ 1872.439381][T19636] usbtmc 3-1:16.0: can't read capabilities [ 1872.656549][T19636] usb 3-1: USB disconnect, device number 82 [ 1872.804250][ T4269] hfsplus: b-tree write err: -5, ino 4 [ 1873.762402][T22883] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 1873.819069][T26448] loop3: detected capacity change from 0 to 2048 [ 1873.909394][T26448] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 1873.918631][T26448] UDF-fs: Scanning with blocksize 512 failed [ 1873.985079][T22883] usb 2-1: config 0 has an invalid interface number: 204 but max is 1 [ 1873.993793][T22883] usb 2-1: config 0 has no interface number 1 [ 1874.069839][T22883] usb 2-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=b9.bf [ 1874.079647][T22883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1874.088246][T22883] usb 2-1: Product: syz [ 1874.100301][T22883] usb 2-1: Manufacturer: syz [ 1874.105572][T22883] usb 2-1: SerialNumber: syz [ 1874.179689][T26448] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 129: 0x7d != 0x7e [ 1874.206249][T22883] usb 2-1: config 0 descriptor?? [ 1874.206452][T26448] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1874.356501][T22883] snd-usb-audio 2-1:0.204: probe with driver snd-usb-audio failed with error -22 [ 1874.494692][T22883] usb 2-1: USB disconnect, device number 81 [ 1874.570897][T26462] hsr0: entered promiscuous mode [ 1874.576642][T26462] macsec1: entered promiscuous mode [ 1874.583252][T26462] macsec1: entered allmulticast mode [ 1874.588888][T26462] hsr0: entered allmulticast mode [ 1874.594493][T26462] hsr_slave_0: entered allmulticast mode [ 1874.600374][T26462] hsr_slave_1: entered allmulticast mode [ 1874.670213][T26462] hsr0: left allmulticast mode [ 1874.675684][T26462] hsr_slave_0: left allmulticast mode [ 1874.681314][T26462] hsr_slave_1: left allmulticast mode [ 1875.580187][T26476] loop1: detected capacity change from 0 to 64 [ 1875.782854][T26481] loop0: detected capacity change from 0 to 8 [ 1875.964509][T26481] SQUASHFS error: Failed to read block 0x260633: -5 [ 1875.971899][T26481] SQUASHFS error: Unable to read metadata cache entry [260633] [ 1875.979783][T26481] SQUASHFS error: Unable to read directory block [260633:0] [ 1877.131967][T22883] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 1877.382590][T22883] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 1877.392185][T22883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1877.400464][T22883] usb 1-1: Product: syz [ 1877.405141][T22883] usb 1-1: Manufacturer: syz [ 1877.409988][T22883] usb 1-1: SerialNumber: syz [ 1877.425951][T22883] usb 1-1: config 0 descriptor?? [ 1877.439094][T22883] ch341 1-1:0.0: ch341-uart converter detected [ 1877.677662][T22883] usb 1-1: failed to receive control message: -71 [ 1877.684938][T22883] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 1877.708446][T22883] usb 1-1: USB disconnect, device number 78 [ 1877.716401][T22883] ch341 1-1:0.0: device disconnected [ 1877.951076][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 1877.958170][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 1878.757533][T26509] loop1: detected capacity change from 0 to 1024 [ 1878.860128][T26508] bridge0: port 3(syz_tun) entered blocking state [ 1878.867379][T26508] bridge0: port 3(syz_tun) entered disabled state [ 1878.874993][T26508] syz_tun: entered allmulticast mode [ 1878.883483][T26508] syz_tun: entered promiscuous mode [ 1878.891361][T26508] bridge0: port 3(syz_tun) entered blocking state [ 1878.898644][T26508] bridge0: port 3(syz_tun) entered forwarding state [ 1879.132516][T26513] loop3: detected capacity change from 0 to 512 [ 1879.223051][T26509] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1879.456059][T26522] macsec1: entered promiscuous mode [ 1879.464558][T26522] mac80211_hwsim hwsim56 wlan0: entered promiscuous mode [ 1879.473907][T26522] macsec1: entered allmulticast mode [ 1879.479518][T26522] mac80211_hwsim hwsim56 wlan0: entered allmulticast mode [ 1879.507735][T26513] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 1879.516221][T26513] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 1879.533756][T24243] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1879.542967][T26524] loop2: detected capacity change from 0 to 128 [ 1879.572845][T26522] mac80211_hwsim hwsim56 wlan0: left allmulticast mode [ 1879.580111][T26522] mac80211_hwsim hwsim56 wlan0: left promiscuous mode [ 1879.691207][T26513] System zones: 0-1, 15-15, 18-18, 34-34 [ 1879.736002][T26513] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1879.743213][T26513] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 1879.753091][T26513] EXT4-fs warning (device loop3): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1879.769572][T26513] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 1879.791925][T26513] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.8785: bg 0: block 40: padding at end of block bitmap is not set [ 1879.809773][T26513] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 1879.922676][T26513] EXT4-fs (loop3): 1 truncate cleaned up [ 1879.930384][T26513] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1880.318242][T22773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1880.554303][T26537] loop1: detected capacity change from 0 to 2048 [ 1880.623712][T26540] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1880.982794][T26540] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 1880.994030][T26540] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4) [ 1881.076407][T26550] loop2: detected capacity change from 0 to 8 [ 1881.105644][T26540] Remounting filesystem read-only [ 1881.115604][T24243] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 1881.848167][T26564] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8805'. [ 1881.862100][T26560] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8802'. [ 1882.297171][T26571] netlink: 'syz.0.8820': attribute type 4 has an invalid length. [ 1882.572900][T26576] loop4: detected capacity change from 0 to 1024 [ 1882.870630][T26582] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8813'. [ 1882.880052][T26582] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8813'. [ 1883.254135][T26585] netlink: 'syz.0.8816': attribute type 1 has an invalid length. [ 1883.353905][T26592] loop3: detected capacity change from 0 to 22 [ 1883.364756][T26588] bridge0: port 3(syz_tun) entered blocking state [ 1883.372383][T26588] bridge0: port 3(syz_tun) entered disabled state [ 1883.380115][T26588] syz_tun: entered allmulticast mode [ 1883.389046][T26588] syz_tun: entered promiscuous mode [ 1883.396989][T26588] bridge0: port 3(syz_tun) entered blocking state [ 1883.404224][T26588] bridge0: port 3(syz_tun) entered forwarding state [ 1883.460376][T26592] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 1884.875065][T26620] netlink: 'syz.1.8840': attribute type 1 has an invalid length. [ 1885.245442][ T29] audit: type=1326 audit(1727646487.057:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26624 comm="syz.0.8831" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f47579 code=0x0 [ 1886.675171][T26649] loop1: detected capacity change from 0 to 164 [ 1886.769938][T26649] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 1886.893952][T26649] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 1887.608871][T26666] netlink: 'syz.1.8847': attribute type 4 has an invalid length. [ 1888.137431][T26672] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8853'. [ 1889.172887][T13446] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 1889.351884][T13446] usb 4-1: Using ep0 maxpacket: 32 [ 1889.373905][T13446] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 1889.384172][T13446] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1889.405530][T13446] usb 4-1: config 0 descriptor?? [ 1889.446000][T13446] gspca_main: sunplus-2.14.0 probing 041e:400b [ 1890.302282][T13446] gspca_sunplus: reg_w_riv err -71 [ 1890.308156][T13446] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 1890.331185][T13446] usb 4-1: USB disconnect, device number 75 [ 1891.209023][T26694] loop2: detected capacity change from 0 to 256 [ 1891.303099][T26694] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x726052d3, utbl_chksum : 0xe619d30d) [ 1891.374227][ T29] audit: type=1800 audit(1727646493.267:159): pid=26694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.8864" name="bus" dev="loop2" ino=1049505 res=0 errno=0 [ 1891.470710][T26696] loop3: detected capacity change from 0 to 256 [ 1891.502930][T26696] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 1891.539054][T26696] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 1891.549345][T26696] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 1891.557661][T26696] UDF-fs: Scanning with blocksize 512 failed [ 1891.581181][T26696] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 1891.616128][T26696] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1892.118707][T26707] loop1: detected capacity change from 0 to 2048 [ 1892.310168][T26709] netlink: 'syz.3.8865': attribute type 4 has an invalid length. [ 1892.339279][T26707] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1892.401969][T13446] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 1892.437974][T26717] loop0: detected capacity change from 0 to 64 [ 1892.682775][T13446] usb 3-1: Using ep0 maxpacket: 16 [ 1892.771213][T24243] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1892.874152][T13446] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1892.884191][T13446] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1892.892830][T13446] usb 3-1: Product: syz [ 1892.897314][T13446] usb 3-1: Manufacturer: syz [ 1892.902715][T13446] usb 3-1: SerialNumber: syz [ 1892.966778][T13446] usb 3-1: config 0 descriptor?? [ 1893.089574][T13391] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1893.273994][T19636] usb 3-1: USB disconnect, device number 83 [ 1893.331086][T13391] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1893.538449][T13391] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1893.693175][T13391] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1893.948990][T13391] bridge_slave_1: left allmulticast mode [ 1893.955270][T13391] bridge_slave_1: left promiscuous mode [ 1893.962208][T13391] bridge0: port 2(bridge_slave_1) entered disabled state [ 1894.011053][T13391] bridge_slave_0: left allmulticast mode [ 1894.017806][T13391] bridge_slave_0: left promiscuous mode [ 1894.024737][T13391] bridge0: port 1(bridge_slave_0) entered disabled state [ 1894.631464][T13391] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1894.682440][T13391] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1894.716588][T13391] bond0 (unregistering): Released all slaves [ 1895.264342][T13391] hsr_slave_0: left promiscuous mode [ 1895.299308][T13391] hsr_slave_1: left promiscuous mode [ 1895.322192][T13391] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1895.330811][T13391] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1895.350270][T26736] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8882'. [ 1895.367591][T13391] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1895.376817][T13391] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1895.432373][T19636] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1895.465003][T26737] netlink: 173 bytes leftover after parsing attributes in process `syz.3.8882'. [ 1895.496522][T13391] veth1_macvtap: left promiscuous mode [ 1895.503016][T13391] veth0_macvtap: left promiscuous mode [ 1895.508997][T13391] veth1_vlan: left promiscuous mode [ 1895.515277][T13391] veth0_vlan: left promiscuous mode [ 1895.732667][T14540] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1895.828335][T26733] loop1: detected capacity change from 0 to 4096 [ 1895.848046][T26733] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1895.907295][T14540] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1895.917254][T19636] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1895.929588][T19636] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1895.936829][T14540] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1895.949837][T19636] usb 5-1: config 0 descriptor?? [ 1896.032028][T14540] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1896.056563][T14540] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1896.078042][T14540] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1896.223675][ T5196] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1896.234866][ T5196] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1896.250330][ T5196] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1896.263174][T13391] team0 (unregistering): Port device team_slave_1 removed [ 1896.268342][ T5196] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1896.284560][ T5196] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1896.296198][ T5196] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1896.363145][T13391] team0 (unregistering): Port device team_slave_0 removed [ 1896.451328][T26733] overlayfs: failed to create directory ./file0/work (errno: 22); mounting read-only [ 1896.847004][T24243] ntfs3: loop1: failed to convert "076c" to cp932 [ 1896.857933][T19636] [drm] vendor descriptor length:c3 data:c3 00 b7 aa f9 11 f3 d6 00 27 99 [ 1896.868345][T19636] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 1896.973127][T19636] [drm:udl_init] *ERROR* Selecting channel failed [ 1897.026766][T19636] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 1897.033875][T19636] [drm] Initialized udl on minor 2 [ 1897.068656][T19636] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1897.079452][T19636] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 1897.146379][ T5243] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1897.278218][T19636] usb 5-1: USB disconnect, device number 61 [ 1897.467964][T26738] chnl_net:caif_netlink_parms(): no params data found [ 1897.526756][ T5243] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1897.536068][ T5243] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 1897.692264][T26750] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8887'. [ 1897.996624][T13391] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1898.217026][T13391] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1898.391098][T13391] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1898.487000][T14540] Bluetooth: hci5: command tx timeout [ 1898.577761][T13391] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1898.805899][T26762] loop4: detected capacity change from 0 to 512 [ 1898.818433][T26738] bridge0: port 1(bridge_slave_0) entered blocking state [ 1898.828665][T26738] bridge0: port 1(bridge_slave_0) entered disabled state [ 1898.838141][T26738] bridge_slave_0: entered allmulticast mode [ 1898.849762][T26738] bridge_slave_0: entered promiscuous mode [ 1898.945606][T26738] bridge0: port 2(bridge_slave_1) entered blocking state [ 1898.954003][T26738] bridge0: port 2(bridge_slave_1) entered disabled state [ 1898.962220][T26738] bridge_slave_1: entered allmulticast mode [ 1898.971925][T26738] bridge_slave_1: entered promiscuous mode [ 1899.152522][ T5196] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1899.166153][ T5196] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1899.175750][ T5196] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1899.190358][ T5196] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1899.202244][ T5196] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1899.212138][ T5196] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1899.257992][T26762] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1899.272220][T26762] ext4 filesystem being mounted at /61/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1899.351458][T13391] bridge_slave_1: left allmulticast mode [ 1899.358805][T13391] bridge_slave_1: left promiscuous mode [ 1899.365868][T13391] bridge0: port 2(bridge_slave_1) entered disabled state [ 1899.410465][T13391] bridge_slave_0: left allmulticast mode [ 1899.417676][T13391] bridge_slave_0: left promiscuous mode [ 1899.426728][T13391] bridge0: port 1(bridge_slave_0) entered disabled state [ 1899.783287][T25940] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1900.052882][T13391] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1900.079732][T13391] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1900.113882][T13391] bond0 (unregistering): Released all slaves [ 1900.150167][T26738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1900.208140][T26774] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8895'. [ 1900.217810][T26774] netlink: 'syz.3.8895': attribute type 5 has an invalid length. [ 1900.323414][T26738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1900.532311][T26779] loop2: detected capacity change from 0 to 64 [ 1900.571944][ T5196] Bluetooth: hci5: command tx timeout [ 1900.572847][T26782] loop4: detected capacity change from 0 to 128 [ 1900.670853][ T29] audit: type=1800 audit(1727646502.557:160): pid=26779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.8898" name="bus" dev="loop2" ino=1 res=0 errno=0 [ 1900.755938][T26782] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1900.772013][T26782] ext4 filesystem being mounted at /63/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1900.823211][T26738] team0: Port device team_slave_0 added [ 1900.948886][T26738] team0: Port device team_slave_1 added [ 1901.178172][T25940] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1901.238024][T13391] hsr_slave_0: left promiscuous mode [ 1901.256818][T13391] hsr_slave_1: left promiscuous mode [ 1901.283680][T13391] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1901.292136][T13391] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1901.300205][ T5196] Bluetooth: hci1: command tx timeout [ 1901.324844][T13391] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1901.334090][T13391] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1901.368973][T13391] veth1_macvtap: left promiscuous mode [ 1901.375532][T13391] veth0_macvtap: left promiscuous mode [ 1901.382409][T13391] veth1_vlan: left promiscuous mode [ 1901.388433][T13391] veth0_vlan: left promiscuous mode [ 1902.244955][T13391] team0 (unregistering): Port device team_slave_1 removed [ 1902.314710][T13391] team0 (unregistering): Port device team_slave_0 removed [ 1902.654113][T26738] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1902.662768][T26738] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1902.690402][T26738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1902.703391][ T5196] Bluetooth: hci5: command tx timeout [ 1902.989379][T26738] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1902.997225][T26738] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1903.024703][T26738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1903.404670][ T5196] Bluetooth: hci1: command tx timeout [ 1903.563179][T26738] hsr_slave_0: entered promiscuous mode [ 1903.580022][T26738] hsr_slave_1: entered promiscuous mode [ 1903.590448][T26738] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1903.598689][T26738] Cannot create hsr debugfs directory [ 1903.969695][T26765] chnl_net:caif_netlink_parms(): no params data found [ 1904.535917][T26814] loop3: detected capacity change from 0 to 256 [ 1904.580055][T26814] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1904.732669][ T5196] Bluetooth: hci5: command tx timeout [ 1905.456424][ T5196] Bluetooth: hci1: command tx timeout [ 1905.492872][T26738] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1905.535925][T26765] bridge0: port 1(bridge_slave_0) entered blocking state [ 1905.544121][T26765] bridge0: port 1(bridge_slave_0) entered disabled state [ 1905.552450][T26765] bridge_slave_0: entered allmulticast mode [ 1905.561772][T26765] bridge_slave_0: entered promiscuous mode [ 1905.593198][T26738] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1905.653044][T26738] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1905.722815][T26765] bridge0: port 2(bridge_slave_1) entered blocking state [ 1905.730859][T26765] bridge0: port 2(bridge_slave_1) entered disabled state [ 1905.740516][T26765] bridge_slave_1: entered allmulticast mode [ 1905.750219][T26765] bridge_slave_1: entered promiscuous mode [ 1905.786643][T26738] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1906.178238][T26765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1906.265428][T26765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1906.442952][T26765] team0: Port device team_slave_0 added [ 1906.474944][T26765] team0: Port device team_slave_1 added [ 1906.706337][T26765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1906.714936][T26765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1906.742495][T26765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1906.766901][T26836] loop2: detected capacity change from 0 to 64 [ 1906.833652][T26836] minix_free_block (loop2:21): bit already cleared [ 1906.836308][T26738] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1906.877009][T26765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1906.884700][T26765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1906.912645][T26765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1907.043916][T26738] 8021q: adding VLAN 0 to HW filter on device team0 [ 1907.323958][T13391] bridge0: port 1(bridge_slave_0) entered blocking state [ 1907.331869][T13391] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1907.442060][T26765] hsr_slave_0: entered promiscuous mode [ 1907.535531][T26765] hsr_slave_1: entered promiscuous mode [ 1907.657342][ T5196] Bluetooth: hci1: command tx timeout [ 1907.695642][T26765] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1907.704868][T26765] Cannot create hsr debugfs directory [ 1907.740796][T13391] bridge0: port 2(bridge_slave_1) entered blocking state [ 1907.748640][T13391] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1909.724487][T26765] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1909.799161][T26765] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1909.874984][T26765] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1909.944391][T26765] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1910.181774][T26738] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1910.580968][T26738] veth0_vlan: entered promiscuous mode [ 1910.649764][T26738] veth1_vlan: entered promiscuous mode [ 1910.766516][T26738] veth0_macvtap: entered promiscuous mode [ 1910.873170][T26738] veth1_macvtap: entered promiscuous mode [ 1911.128971][T26738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1911.140352][T26738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1911.150956][T26738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1911.161831][T26738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1911.171990][T26738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1911.182947][T26738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1911.193090][T26738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1911.203968][T26738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1911.219483][T26738] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1911.287034][T26877] sctp: [Deprecated]: syz.2.8935 (pid 26877) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1911.287034][T26877] Use struct sctp_sack_info instead [ 1911.368053][T26738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1911.379282][T26738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1911.390353][T26738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1911.401315][T26738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1911.411748][T26738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1911.422835][T26738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1911.433046][T26738] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1911.444160][T26738] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1911.463394][T26738] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1911.543667][T26738] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1911.553038][T26738] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1911.562267][T26738] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1911.571326][T26738] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1911.610589][T26765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1911.817794][T26765] 8021q: adding VLAN 0 to HW filter on device team0 [ 1911.934833][T13391] bridge0: port 1(bridge_slave_0) entered blocking state [ 1911.942723][T13391] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1912.053899][T13391] bridge0: port 2(bridge_slave_1) entered blocking state [ 1912.061749][T13391] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1912.884540][T22883] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 1913.241975][T22883] usb 3-1: Using ep0 maxpacket: 8 [ 1913.363985][T22883] usb 3-1: config index 0 descriptor too short (expected 6427, got 27) [ 1913.372981][T22883] usb 3-1: config 0 has an invalid interface number: 21 but max is 0 [ 1913.381443][T22883] usb 3-1: config 0 has no interface number 0 [ 1913.388034][T22883] usb 3-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1913.400188][T22883] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1913.411744][T22883] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1913.429516][T22883] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 1913.439402][T22883] usb 3-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 1913.448080][T22883] usb 3-1: Product: syz [ 1913.515319][T26898] loop4: detected capacity change from 0 to 1024 [ 1913.524952][T22883] usb 3-1: config 0 descriptor?? [ 1913.664863][T26898] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1913.773793][T26899] veth1_to_team: mtu greater than device maximum [ 1913.983874][T26765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1914.204641][T22883] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.21/input/input136 [ 1914.236909][T22883] input: failed to attach handler kbd to device input136, error: -5 [ 1914.276346][T25940] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1914.428868][T19636] usb 3-1: USB disconnect, device number 84 [ 1914.542344][T26765] veth0_vlan: entered promiscuous mode [ 1914.616099][T26765] veth1_vlan: entered promiscuous mode [ 1914.896571][T26765] veth0_macvtap: entered promiscuous mode [ 1914.966820][T26765] veth1_macvtap: entered promiscuous mode [ 1915.199565][T26765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1915.210586][T26765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1915.221619][T26765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1915.232722][T26765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1915.242909][T26765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1915.253813][T26765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1915.264522][T26765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1915.276056][T26765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1915.287476][T26765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1915.299691][T26765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1915.315668][T26765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1915.341665][T26765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1915.352724][T26765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1915.363415][T26765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1915.378836][T26765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1915.389112][T26765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1915.400088][T26765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1915.411027][T26765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1915.422519][T26765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1915.432827][T26765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1915.443695][T26765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1915.459215][T26765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1915.534325][T26765] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1915.543558][T26765] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1915.552832][T26765] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1915.562004][T26765] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1916.273422][T26927] loop4: detected capacity change from 0 to 128 [ 1916.390437][T26927] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 1916.693978][T26927] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1916.872905][T26935] loop2: detected capacity change from 0 to 1024 [ 1916.996828][T26935] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1917.242623][T26935] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1917.403017][ T4269] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1917.411207][ T4269] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1917.548895][T17958] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 1917.584888][T17958] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 1917.599250][T17958] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 1917.613137][T17958] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 1917.627890][T17958] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 1917.655165][T16665] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1917.663713][T17958] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 1917.666486][T17958] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 1917.675513][T16665] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1917.693704][T17958] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 1917.696440][T17958] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 1917.775669][T17958] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 1919.031471][T26959] loop0: detected capacity change from 0 to 256 [ 1919.059799][T26959] exfat: Deprecated parameter 'utf8' [ 1919.168894][T26959] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xa943978a, utbl_chksum : 0xe619d30d) [ 1919.320217][T21466] bridge0: port 3(syz_tun) entered disabled state [ 1919.381470][T21466] syz_tun (unregistering): left allmulticast mode [ 1919.388675][T21466] syz_tun (unregistering): left promiscuous mode [ 1919.395676][T21466] bridge0: port 3(syz_tun) entered disabled state [ 1919.456713][T26964] loop4: detected capacity change from 0 to 64 [ 1919.702143][ T2993] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1919.725090][ T29] audit: type=1800 audit(1727646521.617:161): pid=26964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.8957" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 1919.760252][T21466] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1919.841198][ T2993] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1920.134270][ T2993] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1920.314200][T26975] loop4: detected capacity change from 0 to 1024 [ 1920.315009][ T2993] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1920.336142][T26975] journal_path: Lookup failure for './file0' [ 1920.342630][T26975] EXT4-fs: error: could not find journal device path [ 1920.896554][ T2993] bridge_slave_1: left allmulticast mode [ 1920.905466][ T2993] bridge_slave_1: left promiscuous mode [ 1920.912520][ T2993] bridge0: port 2(bridge_slave_1) entered disabled state [ 1920.995444][ T2993] bridge_slave_0: left allmulticast mode [ 1921.001408][ T2993] bridge_slave_0: left promiscuous mode [ 1921.009101][ T2993] bridge0: port 1(bridge_slave_0) entered disabled state [ 1921.440944][T14540] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1921.698085][T14540] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1921.815547][T14540] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1921.866368][T14540] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1921.877727][T14540] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1921.892338][T14540] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1922.008911][T26991] overlayfs: workdir and upperdir must be separate subtrees [ 1922.114058][ T2993] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1922.163439][ T2993] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1922.227654][ T2993] bond0 (unregistering): Released all slaves [ 1922.546350][T16665] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1922.557182][T16665] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1922.894959][T13391] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1922.903431][T13391] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1923.029300][ T2993] hsr_slave_0: left promiscuous mode [ 1923.071765][ T2993] hsr_slave_1: left promiscuous mode [ 1923.092914][T27000] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1923.106492][ T2993] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1923.114838][ T2993] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1923.154729][ T2993] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1923.162640][ T2993] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1923.223294][ T2993] veth1_macvtap: left promiscuous mode [ 1923.232561][ T2993] veth0_macvtap: left promiscuous mode [ 1923.238768][ T2993] veth1_vlan: left promiscuous mode [ 1923.247089][ T2993] veth0_vlan: left promiscuous mode [ 1923.464877][T26997] loop3: detected capacity change from 0 to 2048 [ 1923.639860][T26997] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1923.989811][ T5196] Bluetooth: hci2: command tx timeout [ 1924.433243][ T2993] team0 (unregistering): Port device team_slave_1 removed [ 1924.519223][ T2993] team0 (unregistering): Port device team_slave_0 removed [ 1924.900713][T27013] netlink: 92 bytes leftover after parsing attributes in process `syz.4.8977'. [ 1925.240436][ T2993] IPVS: stop unused estimator thread 0... [ 1925.518570][T26980] chnl_net:caif_netlink_parms(): no params data found [ 1925.569184][T27022] loop3: detected capacity change from 0 to 512 [ 1925.693183][T27022] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1925.829803][T27022] EXT4-fs (loop3): 1 truncate cleaned up [ 1925.837841][T27022] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1925.961808][T19636] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1926.014910][ T5196] Bluetooth: hci2: command tx timeout [ 1926.147871][T19636] usb 5-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 1926.157707][T19636] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1926.204718][T19636] usb 5-1: config 0 descriptor?? [ 1926.690949][T19636] gs_usb 5-1:0.0: Configuring for 1 interfaces [ 1926.877297][T26980] bridge0: port 1(bridge_slave_0) entered blocking state [ 1926.888495][T26980] bridge0: port 1(bridge_slave_0) entered disabled state [ 1926.897755][T26980] bridge_slave_0: entered allmulticast mode [ 1926.909939][T26980] bridge_slave_0: entered promiscuous mode [ 1926.962402][T26980] bridge0: port 2(bridge_slave_1) entered blocking state [ 1926.970407][T26980] bridge0: port 2(bridge_slave_1) entered disabled state [ 1926.978872][T26980] bridge_slave_1: entered allmulticast mode [ 1926.989085][T26980] bridge_slave_1: entered promiscuous mode [ 1927.136470][T19636] gs_usb 5-1:0.0: Disabling termination support for channel 0 (-EPROTO) [ 1927.145390][T19636] gs_usb 5-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 1927.157644][T19636] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -22 [ 1927.183615][T22773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1927.302970][T19636] usb 5-1: USB disconnect, device number 62 [ 1927.332667][T26980] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1927.447351][T26980] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1927.544788][T27041] loop3: detected capacity change from 0 to 512 [ 1927.606444][T27041] EXT4-fs: Ignoring removed nobh option [ 1927.615264][T27041] EXT4-fs: Ignoring removed nobh option [ 1927.687640][T26980] team0: Port device team_slave_0 added [ 1927.720737][T26980] team0: Port device team_slave_1 added [ 1927.739904][T27041] EXT4-fs (loop3): failed to initialize system zone (-117) [ 1927.775254][T27041] EXT4-fs (loop3): mount failed [ 1927.918260][T26980] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1927.925718][T26980] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1927.954579][T26980] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1928.007524][T26980] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1928.015319][T26980] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1928.043612][T26980] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1928.092184][ T5196] Bluetooth: hci2: command tx timeout [ 1928.138192][T27049] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8986'. [ 1928.148748][T27049] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1928.629335][T26980] hsr_slave_0: entered promiscuous mode [ 1928.663046][T26980] hsr_slave_1: entered promiscuous mode [ 1928.676261][T26980] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1928.684277][T26980] Cannot create hsr debugfs directory [ 1930.050103][T26980] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1930.168904][T26980] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1930.206667][ T5196] Bluetooth: hci2: command tx timeout [ 1930.268374][T26980] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1930.359278][T26980] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1931.266052][T27087] loop4: detected capacity change from 0 to 2048 [ 1931.353956][T27087] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1931.465029][T26980] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1931.479653][T27093] loop0: detected capacity change from 0 to 256 [ 1931.570015][T27089] loop3: detected capacity change from 0 to 64 [ 1931.580620][T27094] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1931.615605][T26980] 8021q: adding VLAN 0 to HW filter on device team0 [ 1931.655495][ T4269] bridge0: port 1(bridge_slave_0) entered blocking state [ 1931.663432][ T4269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1931.709957][ T29] audit: type=1804 audit(1727646533.577:162): pid=27087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.9003" name="/newroot/105/file0/bus" dev="loop4" ino=18 res=1 errno=0 [ 1931.844102][ T4269] bridge0: port 2(bridge_slave_1) entered blocking state [ 1931.851974][ T4269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1932.988577][T13446] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 1933.240148][ T5246] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 1933.327815][T13446] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1933.339568][T13446] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1933.349945][T13446] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1933.363481][T13446] usb 2-1: New USB device found, idVendor=056a, idProduct=032a, bcdDevice= 0.00 [ 1933.373812][T13446] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1933.384915][T26980] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1933.542454][T13446] usb 2-1: config 0 descriptor?? [ 1933.625083][ T5246] usb 4-1: Using ep0 maxpacket: 16 [ 1933.694696][ T5246] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1933.706307][ T5246] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1933.722396][ T5246] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1933.733711][ T5246] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1933.837194][T26980] veth0_vlan: entered promiscuous mode [ 1933.884496][T26980] veth1_vlan: entered promiscuous mode [ 1933.989427][T26980] veth0_macvtap: entered promiscuous mode [ 1934.016006][T26980] veth1_macvtap: entered promiscuous mode [ 1934.077492][T26980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1934.082861][T13446] wacom 0003:056A:032A.00B1: hidraw0: USB HID v0.00 Device [HID 056a:032a] on usb-dummy_hcd.1-1/input0 [ 1934.092600][T26980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1934.115334][T26980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1934.126101][T26980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1934.136445][T26980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1934.150164][T26980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1934.160614][T26980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1934.171459][T26980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1934.184431][T26980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1934.198140][T26980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1934.217241][T26980] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1934.237866][T26980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1934.252253][T26980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1934.266080][T26980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1934.279466][T26980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1934.292705][T26980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1934.307109][T26980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1934.317446][T26980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1934.328407][T26980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1934.341338][T26980] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1934.352250][T26980] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1934.370012][T26980] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1934.406636][T26980] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1934.416416][T26980] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1934.428184][T26980] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1934.437440][T26980] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1934.480804][ T5246] usb 4-1: config 0 descriptor?? [ 1934.754805][T13446] usb 2-1: USB disconnect, device number 82 [ 1934.939750][ T5246] microsoft 0003:045E:07DA.00B2: ignoring exceeding usage max [ 1935.068784][ T5246] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.00B2/input/input140 [ 1935.117203][T27117] netlink: 'syz.4.9015': attribute type 1 has an invalid length. [ 1935.125448][T27117] netlink: 'syz.4.9015': attribute type 3 has an invalid length. [ 1935.134954][T27117] netlink: 216 bytes leftover after parsing attributes in process `syz.4.9015'. [ 1935.145783][T27117] NCSI netlink: No device for ifindex 813332851 [ 1935.164514][ T5246] microsoft 0003:045E:07DA.00B2: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 1935.576293][ T5246] usb 4-1: USB disconnect, device number 76 [ 1936.903419][T27123] loop4: detected capacity change from 0 to 4096 [ 1937.238869][T27139] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20002 - 0 [ 1937.248237][T27139] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20002 - 0 [ 1937.257812][T27139] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20002 - 0 [ 1937.268360][T27139] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20002 - 0 [ 1937.286379][T27139] bond0: (slave geneve2): Enslaving as an active interface with an up link [ 1937.381044][T27123] ntfs3: loop4: ino=0, "file0" failed to parse mft record [ 1938.588487][T27158] netlink: 'syz.3.9027': attribute type 1 has an invalid length. [ 1938.987301][T27001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1938.995535][T27001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1939.092338][ T2993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1939.100420][ T2993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1939.467020][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 1939.473990][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 1942.540938][T27211] netlink: 292 bytes leftover after parsing attributes in process `syz.3.9049'. [ 1942.596458][T27208] loop4: detected capacity change from 0 to 1024 [ 1942.732913][T27208] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1942.869513][T27219] input: syz1 as /devices/virtual/input/input141 [ 1942.912527][T27208] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2792: inode #12: comm syz.4.9047: corrupted in-inode xattr: bad magic number in in-inode xattr [ 1942.962725][T27208] EXT4-fs (loop4): Remounting filesystem read-only [ 1943.264420][T25940] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1944.063338][T22883] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1944.306946][T27229] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9054'. [ 1944.502395][T22883] usb 5-1: Using ep0 maxpacket: 8 [ 1944.562444][T22883] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1944.572481][T22883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1944.574027][T27241] loop2: detected capacity change from 0 to 8 [ 1944.613394][T22883] usb 5-1: config 0 descriptor?? [ 1945.064488][T27243] loop3: detected capacity change from 0 to 1024 [ 1945.197259][T27243] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1945.565952][T22883] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1945.576757][T22883] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9 [ 1945.622401][T22883] asix 5-1:0.0: probe with driver asix failed with error -71 [ 1945.713025][T22883] usb 5-1: USB disconnect, device number 63 [ 1945.978559][T27254] loop2: detected capacity change from 0 to 1024 [ 1946.296855][T27260] tap0: tun_chr_ioctl cmd 2147767507 [ 1946.323304][ T3338] hfsplus: b-tree write err: -5, ino 4 [ 1947.747941][T27285] loop4: detected capacity change from 0 to 256 [ 1947.790065][T27284] loop1: detected capacity change from 0 to 128 [ 1947.835886][T27287] netlink: 44 bytes leftover after parsing attributes in process `syz.0.9081'. [ 1947.871757][T27285] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 1948.067720][ T29] audit: type=1800 audit(1727646549.937:163): pid=27284 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.9082" name="bus" dev="loop1" ino=1049520 res=0 errno=0 [ 1948.328273][T27292] cgroup: Need name or subsystem set [ 1948.664123][ T29] audit: type=1326 audit(1727646550.537:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27296 comm="syz.1.9088" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 1948.689888][ T29] audit: type=1326 audit(1727646550.537:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27296 comm="syz.1.9088" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 1948.715370][ T29] audit: type=1326 audit(1727646550.537:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27296 comm="syz.1.9088" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 1948.741174][ T29] audit: type=1326 audit(1727646550.547:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27296 comm="syz.1.9088" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 1948.765368][ T29] audit: type=1326 audit(1727646550.547:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27296 comm="syz.1.9088" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 1948.791187][ T29] audit: type=1326 audit(1727646550.547:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27296 comm="syz.1.9088" exe="/root/syz-executor" sig=0 arch=40000003 syscall=83 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 1948.816960][ T29] audit: type=1326 audit(1727646550.547:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27296 comm="syz.1.9088" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 1948.842929][ T29] audit: type=1326 audit(1727646550.547:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27296 comm="syz.1.9088" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 1948.869201][ T29] audit: type=1326 audit(1727646550.547:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27296 comm="syz.1.9088" exe="/root/syz-executor" sig=0 arch=40000003 syscall=85 compat=1 ip=0xf7fc3579 code=0x7ffc0000 [ 1948.923923][T22883] usb 1-1: new full-speed USB device number 79 using dummy_hcd [ 1949.081811][T27303] loop1: detected capacity change from 0 to 64 [ 1949.139997][T27303] BFS-fs: bfs_readdir(): Bad f_pos=00000001 for loop1:00000002 [ 1949.404552][T22883] usb 1-1: not running at top speed; connect to a high speed hub [ 1949.458578][T22883] usb 1-1: New USB device found, idVendor=19d2, idProduct=0113, bcdDevice=7c.57 [ 1949.468504][T22883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1949.477256][T22883] usb 1-1: Manufacturer: 먈ᅫ伴燉껖꣔醶⮱웟⳸ퟖ꼒åŒæ‹—몆挀介à§å“–æµïª‚è—î’굕㣷é¢ê¯£èœ“ç£ç©¿ç®“⟆î¡ì—寬軸䱦畧蕥迊౮砛骤뇱퓟ë´î´Œî‚ ÏçŠå½í•Œîœ¼ç³†ê®á§ë¢ªëš³î„¼ä ªä—ˆáª•â­‚癩縻义侯æ·æ­°ê¬¬å›€ì຀е䄀筓僱⻜娬ᳬ﹨ã“쩢ɿƧ⛷鈿 [ 1949.507081][T22883] usb 1-1: SerialNumber: ï±à°Ÿé›‘ë¾¥èžà­¬ä—Ⱆ사觳᱙碗얅팢éڨḃ䎆⹤稺༻췼꼃ꞡ̲勇铆뭴è°à¨ì¨„樌鑊薑帼㊩튮昜㴒⺭궹쪌 [ 1949.582313][T27300] loop4: detected capacity change from 0 to 4096 [ 1949.790799][T22883] usb 1-1: config 0 descriptor?? [ 1950.043347][ T5243] usb 1-1: USB disconnect, device number 79 [ 1950.428164][T27310] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9092'. [ 1950.437808][T27310] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1950.445830][T27310] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1950.606175][T27310] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1950.617297][T27310] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1952.422196][T27336] netem: unknown loss type 0 [ 1952.427223][T27336] netem: change failed [ 1953.773582][T27348] loop1: detected capacity change from 0 to 256 [ 1954.880793][T27358] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9112'. [ 1954.890395][T27358] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9112'. [ 1955.060669][T27360] loop1: detected capacity change from 0 to 64 [ 1955.840883][T27376] netlink: 52 bytes leftover after parsing attributes in process `syz.1.9121'. [ 1955.927027][T27370] loop4: detected capacity change from 0 to 2048 [ 1956.045180][T27370] EXT4-fs warning (device loop4): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 1956.402036][T22883] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 1956.613776][T22883] usb 5-1: Using ep0 maxpacket: 8 [ 1956.626840][T22883] usb 5-1: config 135 has an invalid interface number: 230 but max is 0 [ 1956.635752][T22883] usb 5-1: config 135 has an invalid descriptor of length 196, skipping remainder of the config [ 1956.646785][T22883] usb 5-1: config 135 has no interface number 0 [ 1956.653448][T22883] usb 5-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1956.779206][T22883] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 1956.789404][T22883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1956.798293][T22883] usb 5-1: Product: syz [ 1956.802831][T22883] usb 5-1: Manufacturer: syz [ 1956.807733][T22883] usb 5-1: SerialNumber: syz [ 1957.078456][T22883] usb 5-1: Found UVC 0.00 device syz (18ec:3288) [ 1957.085513][T22883] usb 5-1: No valid video chain found. [ 1957.132740][T22883] usb 5-1: USB disconnect, device number 64 [ 1957.417032][T27389] loop0: detected capacity change from 0 to 1764 [ 1957.440961][T27389] iso9660: Bad value for 'gid' [ 1957.446469][T27389] iso9660: Bad value for 'gid' [ 1957.787033][T22883] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 1957.803559][T13446] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 1957.988468][T13446] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1958.000088][T13446] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1958.010627][T13446] usb 1-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 1958.020266][T13446] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1958.033160][T22883] usb 2-1: Using ep0 maxpacket: 16 [ 1958.081416][T22883] usb 2-1: config 0 has an invalid interface number: 251 but max is 0 [ 1958.090469][T22883] usb 2-1: config 0 has no interface number 0 [ 1958.120713][T13446] usb 1-1: config 0 descriptor?? [ 1958.154089][T22883] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 1958.164452][T22883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1958.173292][T22883] usb 2-1: Product: syz [ 1958.177906][T22883] usb 2-1: Manufacturer: syz [ 1958.183314][T22883] usb 2-1: SerialNumber: syz [ 1958.222181][T22883] usb 2-1: config 0 descriptor?? [ 1958.236689][T22883] asix 2-1:0.251: probe with driver asix failed with error -22 [ 1958.503290][ T5243] usb 2-1: USB disconnect, device number 83 [ 1958.582298][T13446] itetech 0003:06CB:73F5.00B3: unknown main item tag 0x0 [ 1958.590589][T13446] itetech 0003:06CB:73F5.00B3: unbalanced collection at end of report description [ 1958.637271][T13446] itetech 0003:06CB:73F5.00B3: probe with driver itetech failed with error -22 [ 1958.827706][T13446] usb 1-1: USB disconnect, device number 80 [ 1959.106149][T27410] loop3: detected capacity change from 0 to 256 [ 1959.211491][T27411] loop4: detected capacity change from 0 to 1024 [ 1959.261968][T27411] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1959.345113][T27411] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1959.930296][T25940] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1961.382148][ T5243] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 1961.463246][T27449] program syz.2.9153 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1961.584421][ T5243] usb 1-1: Using ep0 maxpacket: 8 [ 1961.657686][ T5243] usb 1-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=7a.1a [ 1961.667838][ T5243] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1961.678934][ T5243] usb 1-1: Product: syz [ 1961.683533][ T5243] usb 1-1: Manufacturer: syz [ 1961.688385][ T5243] usb 1-1: SerialNumber: syz [ 1961.755253][T27451] loop1: detected capacity change from 0 to 512 [ 1961.790539][ T5243] usb 1-1: config 0 descriptor?? [ 1961.803797][T27451] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1961.862488][ T5243] gspca_main: sn9c2028-2.14.0 probing 0458:7003 [ 1961.898010][T27451] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002] [ 1961.914719][T27451] System zones: 1-12 [ 1961.942939][T27451] EXT4-fs (loop1): 1 truncate cleaned up [ 1961.950499][T27451] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1962.017792][ T5243] gspca_sn9c2028: read1 error -32 [ 1962.026816][ T5243] gspca_sn9c2028: read1 error -32 [ 1962.082492][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 1962.082573][ T29] audit: type=1800 audit(1727646563.957:174): pid=27451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.9155" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 1962.247174][ T5243] usb 1-1: USB disconnect, device number 81 [ 1962.533903][T26765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1962.871759][T27468] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9163'. [ 1964.775956][T27500] loop3: detected capacity change from 0 to 1764 [ 1965.019689][T27505] loop2: detected capacity change from 0 to 2048 [ 1965.059583][T27505] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1965.395392][T27511] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1965.408863][T27510] loop0: detected capacity change from 0 to 256 [ 1965.552755][T27510] MINIX-fs: mounting file system with errors, running fsck is recommended [ 1965.667998][ T5196] Bluetooth: hci2: command tx timeout [ 1966.127717][T27522] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9188'. [ 1966.351998][ T5243] kernel write not supported for file /snd/seq (pid: 5243 comm: kworker/1:3) [ 1966.435982][T27527] loop0: detected capacity change from 0 to 128 [ 1966.500121][T27527] FAT-fs (loop0): error, corrupted directory (invalid entries) [ 1966.508575][T27527] FAT-fs (loop0): Filesystem has been set read-only [ 1970.149583][T27580] loop4: detected capacity change from 0 to 2048 [ 1971.104350][T27598] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9219'. [ 1973.756278][T27635] sp0: Synchronizing with TNC [ 1974.826660][T27648] loop4: detected capacity change from 0 to 512 [ 1974.921362][T27648] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 1974.921465][T27648] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 1974.922514][T27648] System zones: 0-1, 15-15, 18-18, 34-34 [ 1974.923527][T27648] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1974.923713][T27648] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 1974.923885][T27648] EXT4-fs warning (device loop4): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1974.924045][T27648] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 1974.957883][T27648] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.9239: bg 0: block 40: padding at end of block bitmap is not set [ 1974.958898][T27648] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 1974.959814][T27648] EXT4-fs (loop4): 1 truncate cleaned up [ 1974.961488][T27648] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1975.413779][T25940] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1976.749411][T27679] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1976.756182][T27679] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1976.923153][T27679] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1977.123175][T27686] loop4: detected capacity change from 0 to 128 [ 1977.213654][T27679] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1977.220035][T27679] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1977.473363][T27679] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1977.505018][T27679] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1977.511425][T27679] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1977.609855][T27679] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1977.749601][T27688] loop3: detected capacity change from 0 to 1764 [ 1977.825230][T27688] iso9660: Unknown parameter 'ÿÿÿÿ' [ 1978.841420][ T5196] Bluetooth: hci5: command 0x0c1a tx timeout [ 1979.299174][ T5196] Bluetooth: hci1: command 0x0c1a tx timeout [ 1979.313743][T27717] loop0: detected capacity change from 0 to 524288000 [ 1979.534430][ T5196] Bluetooth: hci2: command 0x0c1a tx timeout [ 1979.795237][T27725] loop0: detected capacity change from 0 to 256 [ 1980.442843][T27736] binder: 27734:27736 ioctl 400c620e 200002c0 returned -22 [ 1980.496014][T27737] loop1: detected capacity change from 0 to 256 [ 1980.896220][ T5196] Bluetooth: hci5: command 0x0c1a tx timeout [ 1981.371883][ T5196] Bluetooth: hci1: command 0x0c1a tx timeout [ 1981.430996][T27754] loop4: detected capacity change from 0 to 47 [ 1981.617346][ T5196] Bluetooth: hci2: command 0x0c1a tx timeout [ 1982.044110][T27760] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9288'. [ 1982.786916][T27771] loop2: detected capacity change from 0 to 1024 [ 1982.837317][T27771] journal_path: Lookup failure for './file0' [ 1982.844350][T27771] EXT4-fs: error: could not find journal device path [ 1982.938657][T27774] loop0: detected capacity change from 0 to 1024 [ 1982.975001][ T5196] Bluetooth: hci5: command 0x0c1a tx timeout [ 1983.132017][T27774] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1983.463430][ T5196] Bluetooth: hci1: command 0x0c1a tx timeout [ 1983.695369][ T5196] Bluetooth: hci2: command 0x0c1a tx timeout [ 1983.722631][T26738] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1984.321474][T27799] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9317'. [ 1984.333970][T27799] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 1984.524257][T27801] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9307'. [ 1984.534197][T27801] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1984.753151][T27807] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9310'. [ 1985.741322][T27822] cifs: Unknown parameter 'mode' [ 1985.904202][ T5246] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 1986.062099][ T5246] usb 2-1: Using ep0 maxpacket: 8 [ 1986.105749][ T5246] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 1986.114522][ T5246] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1986.125114][ T5246] usb 2-1: config 0 has no interface number 0 [ 1986.131465][ T5246] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 1986.145172][ T5246] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1986.158599][ T5246] usb 2-1: config 0 interface 52 has no altsetting 0 [ 1986.165735][ T5246] usb 2-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 1986.175638][ T5246] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1986.190176][ T5246] usb 2-1: config 0 descriptor?? [ 1986.692688][T27816] loop2: detected capacity change from 0 to 4096 [ 1986.853613][ T5246] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.52/input/input142 [ 1986.876289][T27816] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 1987.087243][ T5246] usb 2-1: USB disconnect, device number 84 [ 1987.940402][T27839] netlink: 64 bytes leftover after parsing attributes in process `syz.0.9326'. [ 1988.133446][T27845] sch_fq: defrate 0 ignored. [ 1988.187798][ T29] audit: type=1800 audit(1727646590.077:175): pid=27816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.9314" name="file2" dev="loop2" ino=31 res=0 errno=0 [ 1989.038481][T27859] loop2: detected capacity change from 0 to 1024 [ 1989.092050][T27859] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 1989.541224][T27867] loop2: detected capacity change from 0 to 64 [ 1989.853863][T27876] loop1: detected capacity change from 0 to 256 [ 1990.546104][ T8] usb 2-1: new full-speed USB device number 85 using dummy_hcd [ 1990.753489][ T8] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1990.762796][ T8] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 1990.773416][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1990.867113][ T8] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1990.876816][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1990.885329][ T8] usb 2-1: Product: syz [ 1990.889732][ T8] usb 2-1: Manufacturer: syz [ 1990.894817][ T8] usb 2-1: SerialNumber: syz [ 1991.350049][T27903] loop0: detected capacity change from 0 to 1024 [ 1991.375466][T27903] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1991.447408][T27903] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1991.657567][ T8] usb 2-1: 0:2 : does not exist [ 1991.798752][T26738] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1991.865145][ T5246] usb 2-1: USB disconnect, device number 85 [ 1992.335456][T27911] loop4: detected capacity change from 0 to 2048 [ 1992.394975][T27918] loop2: detected capacity change from 0 to 256 [ 1992.410739][T27911] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1992.524556][T27918] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 1994.306163][T27940] loop4: detected capacity change from 0 to 64 [ 1994.513258][ T29] audit: type=1804 audit(1727646596.387:176): pid=27940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.9371" name="/newroot/175/file0/file1" dev="loop4" ino=18 res=1 errno=0 [ 1994.573606][T27942] loop2: detected capacity change from 0 to 1024 [ 1995.974397][T27959] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9379'. [ 1996.003238][T27958] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9380'. [ 1997.072465][T27970] input: syz0 as /devices/virtual/input/input143 [ 1998.280327][T27992] tun0: tun_chr_ioctl cmd 35108 [ 1999.338922][T28009] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9403'. [ 1999.531195][T28014] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9405'. [ 2000.871238][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 2000.878262][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 2001.000035][T28039] loop2: detected capacity change from 0 to 8 [ 2001.893237][T28053] bridge: RTM_DELNEIGH with unconfigured vlan 3 on bridge_slave_0 [ 2002.484774][ T8] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 2002.655831][T28063] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9428'. [ 2002.709304][ T8] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 2002.814600][ T8] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2002.824318][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2002.833020][ T8] usb 5-1: Product: syz [ 2002.837503][ T8] usb 5-1: Manufacturer: syz [ 2002.842579][ T8] usb 5-1: SerialNumber: syz [ 2002.904363][ T8] usb 5-1: bad CDC descriptors [ 2003.142517][ T5246] usb 5-1: USB disconnect, device number 65 [ 2003.220203][T28072] loop3: detected capacity change from 0 to 512 [ 2003.301114][T28072] EXT4-fs error (device loop3): ext4_orphan_get:1388: inode #15: comm syz.3.9429: casefold flag without casefold feature [ 2003.362539][T28072] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.9429: couldn't read orphan inode 15 (err -117) [ 2003.469095][T28072] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2003.673308][T28078] loop1: detected capacity change from 0 to 1024 [ 2003.736989][T28080] loop0: detected capacity change from 0 to 256 [ 2003.785767][T28078] hfsplus: bad catalog entry type [ 2003.844195][T28080] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 2003.897426][T22773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2004.027920][T16668] hfsplus: b-tree write err: -5, ino 4 [ 2004.759211][T28097] loop4: detected capacity change from 0 to 64 [ 2004.889317][T28097] hfs: filesystem was not cleanly unmounted, running fsck.hfs is recommended. leaving read-only. [ 2005.184381][T28105] No control pipe specified [ 2005.505950][T28112] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9449'. [ 2005.516593][T28112] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2005.525358][T28112] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2005.600151][T28112] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2005.608800][T28112] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2005.621218][T28110] loop4: detected capacity change from 0 to 1024 [ 2005.667110][ T3338] hfsplus: b-tree write err: -5, ino 4 [ 2005.828041][ T4269] hfsplus: b-tree write err: -5, ino 4 [ 2006.376466][T28122] netlink: 10 bytes leftover after parsing attributes in process `syz.0.9454'. [ 2006.598390][T28127] loop2: detected capacity change from 0 to 256 [ 2006.807764][T28127] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010530, chksum : 0x90502ed2, utbl_chksum : 0xe619d30d) [ 2006.863922][T28131] input: syz1 as /devices/virtual/input/input144 [ 2006.922918][ T29] audit: type=1800 audit(1727646608.807:177): pid=28127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.9456" name="file1" dev="loop2" ino=1049543 res=0 errno=0 [ 2007.023747][ T29] audit: type=1804 audit(1727646608.847:178): pid=28127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.9456" name="/newroot/104/file1/file1" dev="loop2" ino=1049543 res=1 errno=0 [ 2007.711927][T28143] loop3: detected capacity change from 0 to 256 [ 2007.867335][T28143] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 2007.890993][T28151] loop1: detected capacity change from 0 to 1024 [ 2008.173238][T28156] loop4: detected capacity change from 0 to 1024 [ 2008.352948][T28156] hfsplus: bad catalog entry type [ 2008.604172][ T3338] hfsplus: b-tree write err: -5, ino 4 [ 2008.727813][T28161] bridge0: port 3(syz_tun) entered blocking state [ 2008.742463][T28161] bridge0: port 3(syz_tun) entered disabled state [ 2008.749702][T28161] syz_tun: entered allmulticast mode [ 2008.758408][T28161] syz_tun: entered promiscuous mode [ 2008.766118][T28161] bridge0: port 3(syz_tun) entered blocking state [ 2008.773271][T28161] bridge0: port 3(syz_tun) entered forwarding state [ 2009.313504][T28172] loop1: detected capacity change from 0 to 128 [ 2009.377889][T28172] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 2009.437414][T28172] ext4 filesystem being mounted at /107/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 2009.831191][T28178] loop2: detected capacity change from 0 to 64 [ 2009.922965][T26765] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 2010.376756][T28180] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9479'. [ 2011.445366][ T29] audit: type=1326 audit(1727646613.317:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28199 comm="syz.4.9489" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x0 [ 2011.888444][T28188] loop2: detected capacity change from 0 to 4096 [ 2012.056587][T28205] loop1: detected capacity change from 0 to 128 [ 2012.134777][T28205] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 2012.243534][T28205] ext4 filesystem being mounted at /111/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 2012.376398][ T29] audit: type=1800 audit(1727646614.237:180): pid=28188 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.9483" name="file1" dev="loop2" ino=33 res=0 errno=0 [ 2012.710370][T28211] loop0: detected capacity change from 0 to 256 [ 2012.861045][T28214] loop4: detected capacity change from 0 to 512 [ 2012.870210][T28214] EXT4-fs: Ignoring removed orlov option [ 2012.890652][T28214] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 2012.916545][T26765] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 2012.998890][T28211] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 2013.044723][T28214] EXT4-fs error (device loop4): ext4_orphan_get:1388: inode #15: comm syz.4.9491: casefold flag without casefold feature [ 2013.101884][ T5246] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 2013.119455][T28214] EXT4-fs (loop4): Remounting filesystem read-only [ 2013.128476][T28214] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2013.247224][T28217] loop2: detected capacity change from 0 to 1024 [ 2013.264106][ T5246] usb 4-1: Using ep0 maxpacket: 8 [ 2013.323435][T28217] hfsplus: failed to load root directory [ 2013.419844][T28219] loop1: detected capacity change from 0 to 1024 [ 2013.453063][ T5246] usb 4-1: config 150 has an invalid interface number: 204 but max is 1 [ 2013.461845][ T5246] usb 4-1: config 150 has no interface number 0 [ 2013.468395][ T5246] usb 4-1: config 150 interface 204 has no altsetting 0 [ 2013.476003][ T5246] usb 4-1: config 150 interface 1 has no altsetting 0 [ 2013.594285][ T5246] usb 4-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 2013.604059][ T5246] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2013.612914][ T5246] usb 4-1: Product: syz [ 2013.622608][ T5246] usb 4-1: Manufacturer: syz [ 2013.629077][ T5246] usb 4-1: SerialNumber: syz [ 2013.674307][T25940] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2014.080357][T28222] loop0: detected capacity change from 0 to 2048 [ 2014.096113][ T5246] xr_serial 4-1:150.204: xr_serial converter detected [ 2014.136521][ T4269] hfsplus: b-tree write err: -5, ino 4 [ 2014.152159][T28222] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 2014.339326][T28224] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2014.433118][ T29] audit: type=1800 audit(1727646616.317:181): pid=28222 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.9497" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 2014.532291][ T29] audit: type=1804 audit(1727646616.367:182): pid=28222 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.9497" name="/newroot/121/file0/bus" dev="loop0" ino=18 res=1 errno=0 [ 2014.601043][ T5246] xr_serial ttyUSB0: Failed to set reg 0x0d: -71 [ 2014.608086][ T5246] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 2014.633205][ T5246] usb 4-1: USB disconnect, device number 77 [ 2014.641416][ T5246] xr_serial 4-1:150.204: device disconnected [ 2014.895257][T22883] usb 3-1: new full-speed USB device number 85 using dummy_hcd [ 2015.097949][T22883] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 2015.107267][T22883] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 2015.117945][T22883] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 2015.207902][T22883] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 2015.219149][T22883] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2015.228040][T22883] usb 3-1: Product: syz [ 2015.232764][T22883] usb 3-1: Manufacturer: syz [ 2015.237643][T22883] usb 3-1: SerialNumber: syz [ 2016.284138][T28251] loop3: detected capacity change from 0 to 512 [ 2016.493413][T28251] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2016.506883][T28251] ext4 filesystem being mounted at /328/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 2016.607526][T22883] usb 3-1: 0:2 : does not exist [ 2016.650103][T22883] usb 3-1: USB disconnect, device number 85 [ 2016.775895][T28255] loop1: detected capacity change from 0 to 2048 [ 2016.805674][T28251] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #12: comm syz.3.9506: invalid size [ 2016.847959][T28261] loop0: detected capacity change from 0 to 64 [ 2016.886413][T28255] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2017.073835][T22773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2017.214264][T26765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2018.851194][T28292] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9523'. [ 2018.865848][T28296] loop0: detected capacity change from 0 to 128 [ 2018.906094][T28296] vfat: Unknown parameter '/dev/btrfs-control' [ 2018.962060][T28298] loop1: detected capacity change from 0 to 256 [ 2020.460267][T28319] netlink: 32 bytes leftover after parsing attributes in process `syz.1.9539'. [ 2022.811239][T26889] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 2023.025967][T26889] usb 1-1: Using ep0 maxpacket: 32 [ 2023.098013][T26889] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 2023.107700][T26889] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2023.133945][T26889] usb 1-1: config 0 descriptor?? [ 2023.158148][T26889] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 2023.850928][T26889] gspca_nw80x: reg_w err -71 [ 2023.856403][T26889] nw80x 1-1:0.0: probe with driver nw80x failed with error -71 [ 2023.880884][T26889] usb 1-1: USB disconnect, device number 82 [ 2023.978243][ T29] audit: type=1326 audit(1727646881.864:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28348 comm="syz.1.9552" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x0 [ 2024.160785][T28353] loop4: detected capacity change from 0 to 512 [ 2024.205020][T28353] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 2024.241317][T28353] EXT4-fs (loop4): 1 orphan inode deleted [ 2024.247837][T28353] EXT4-fs (loop4): 1 truncate cleaned up [ 2024.257453][T28353] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2024.357844][T28353] EXT4-fs error (device loop4): empty_inline_dir:1850: inode #12: block 7: comm syz.4.9553: bad entry in directory: directory entry overrun - offset=4, inode=13, rec_len=784, size=60 fake=0 [ 2024.392736][T28353] EXT4-fs (loop4): Remounting filesystem read-only [ 2024.399775][T28353] EXT4-fs warning (device loop4): empty_inline_dir:1857: bad inline directory (dir #12) - inode 13, rec_len 784, name_len 5inline size 60 [ 2024.714684][T25940] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2025.379736][T28372] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9560'. [ 2025.392379][T28372] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 2028.290270][T28416] loop1: detected capacity change from 0 to 2048 [ 2028.368257][T28416] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 2029.428136][T28436] loop4: detected capacity change from 0 to 512 [ 2029.449188][T28436] EXT4-fs: Ignoring removed nobh option [ 2029.459165][T28436] EXT4-fs: Ignoring removed nobh option [ 2029.543314][T28436] EXT4-fs (loop4): failed to initialize system zone (-117) [ 2029.550869][T28436] EXT4-fs (loop4): mount failed [ 2029.884487][T28410] Bluetooth: hci2: command 0x0c1a tx timeout [ 2030.204529][T28452] loop4: detected capacity change from 0 to 1024 [ 2030.288290][T28454] loop2: detected capacity change from 0 to 128 [ 2030.311513][T28454] VFS: Found a Xenix FS (block size = 512) on device loop2 [ 2030.320661][T28452] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2030.326429][T28454] syz.2.9596: attempt to access beyond end of device [ 2030.326429][T28454] loop2: rw=0, sector=8767744, nr_sectors = 1 limit=128 [ 2030.350324][T28454] Buffer I/O error on dev loop2, logical block 8767744, async page read [ 2030.360007][T28454] syz.2.9596: attempt to access beyond end of device [ 2030.360007][T28454] loop2: rw=0, sector=13269809, nr_sectors = 1 limit=128 [ 2030.374305][T28454] Buffer I/O error on dev loop2, logical block 13269809, async page read [ 2030.383310][T28454] syz.2.9596: attempt to access beyond end of device [ 2030.383310][T28454] loop2: rw=0, sector=1157, nr_sectors = 1 limit=128 [ 2030.401370][T28454] Buffer I/O error on dev loop2, logical block 1157, async page read [ 2030.410119][T28454] syz.2.9596: attempt to access beyond end of device [ 2030.410119][T28454] loop2: rw=0, sector=3211264, nr_sectors = 1 limit=128 [ 2030.424242][T28454] Buffer I/O error on dev loop2, logical block 3211264, async page read [ 2030.433051][T28454] syz.2.9596: attempt to access beyond end of device [ 2030.433051][T28454] loop2: rw=0, sector=8768635, nr_sectors = 1 limit=128 [ 2030.449263][T28454] Buffer I/O error on dev loop2, logical block 8768635, async page read [ 2030.458841][T28454] syz.2.9596: attempt to access beyond end of device [ 2030.458841][T28454] loop2: rw=0, sector=13466417, nr_sectors = 1 limit=128 [ 2030.473105][T28454] Buffer I/O error on dev loop2, logical block 13466417, async page read [ 2030.479986][T28452] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #14: comm syz.4.9593: attempt to clear invalid blocks 1886221359 len 1 [ 2030.481979][T28454] syz.2.9596: attempt to access beyond end of device [ 2030.481979][T28454] loop2: rw=0, sector=209285, nr_sectors = 1 limit=128 [ 2030.482125][T28454] Buffer I/O error on dev loop2, logical block 209285, async page read [ 2030.483688][T28454] syz.2.9596: attempt to access beyond end of device [ 2030.483688][T28454] loop2: rw=0, sector=8767744, nr_sectors = 1 limit=128 [ 2030.535940][T28454] Buffer I/O error on dev loop2, logical block 8767744, async page read [ 2030.547246][T28454] syz.2.9596: attempt to access beyond end of device [ 2030.547246][T28454] loop2: rw=0, sector=13269809, nr_sectors = 1 limit=128 [ 2030.562132][T28454] Buffer I/O error on dev loop2, logical block 13269809, async page read [ 2030.570842][T28454] syz.2.9596: attempt to access beyond end of device [ 2030.570842][T28454] loop2: rw=0, sector=1157, nr_sectors = 1 limit=128 [ 2030.585362][T28454] Buffer I/O error on dev loop2, logical block 1157, async page read [ 2030.595044][ T29] audit: type=1800 audit(1727646888.494:184): pid=28454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.9596" name="/" dev="loop2" ino=2 res=0 errno=0 [ 2030.700381][T28460] netlink: 'syz.3.9595': attribute type 4 has an invalid length. [ 2030.708765][T28460] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.9595'. [ 2030.780671][T25940] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2030.934844][T26980] sysv_free_block: trying to free block not in datazone [ 2030.942920][T26980] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 2031.083801][T22883] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 2031.285251][T22883] usb 2-1: Using ep0 maxpacket: 32 [ 2031.303114][T22883] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 2031.312165][T22883] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 2031.321185][T22883] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 2031.330823][T22883] usb 2-1: config 1 has no interface number 0 [ 2031.337403][T22883] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2031.348892][T22883] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 2031.362481][T22883] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 2031.373569][T22883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2031.424921][T22883] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 2031.741033][T28475] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9602'. [ 2032.024550][T22883] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached [ 2032.266175][ T5246] usb 2-1: USB disconnect, device number 86 [ 2032.274181][ T5246] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 2032.673191][T28476] loop4: detected capacity change from 0 to 4096 [ 2032.718302][T28476] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 2033.072653][T28476] ntfs3: loop4: Failed to initialize $Extend/$Reparse. [ 2034.122094][ T5246] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 2034.321196][ T5246] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 2034.332319][ T5246] usb 3-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00 [ 2034.344998][ T5246] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2034.803141][T28508] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9619'. [ 2035.194549][T28511] loop3: detected capacity change from 0 to 164 [ 2036.270074][T28523] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9626'. [ 2037.652541][T28530] netlink: 'syz.1.9630': attribute type 3 has an invalid length. [ 2037.660651][T28530] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9630'. [ 2037.670198][T28530] netlink: 'syz.1.9630': attribute type 3 has an invalid length. [ 2037.678328][T28530] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9630'. [ 2039.754144][T28544] Failed to get privilege flags for destination (handle=0x2:0x0) [ 2040.466436][ T5246] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 2040.500856][ T5246] usb 3-1: USB disconnect, device number 86 [ 2041.919958][T28567] loop2: detected capacity change from 0 to 256 [ 2041.930292][T28567] exfat: Deprecated parameter 'namecase' [ 2041.939701][T28567] exfat: Deprecated parameter 'utf8' [ 2041.945976][T28567] exfat: Deprecated parameter 'namecase' [ 2041.952058][T28567] exfat: Deprecated parameter 'utf8' [ 2042.283576][T28567] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 2042.752330][ T5246] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 2042.897580][T28573] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9649'. [ 2042.969852][ T5246] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 2042.987667][ T5246] usb 2-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 2042.997630][ T5246] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2043.155786][ T5246] usb 2-1: config 0 descriptor?? [ 2043.219639][ T5246] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 2043.374815][ T5246] usb 2-1: USB disconnect, device number 87 [ 2044.422830][T28586] netpci0: tun_chr_ioctl cmd 1074025677 [ 2044.429029][T28586] netpci0: linktype set to 0 [ 2044.599435][T28410] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 2044.614613][T28410] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 2044.625085][T28410] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 2044.640151][T28410] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 2044.656809][T28410] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 2044.670435][T28410] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 2045.661475][T25940] bridge0: port 3(syz_tun) entered disabled state [ 2045.693037][T25940] syz_tun (unregistering): left allmulticast mode [ 2045.703496][T25940] syz_tun (unregistering): left promiscuous mode [ 2045.710349][T25940] bridge0: port 3(syz_tun) entered disabled state [ 2045.901840][T28600] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9659'. [ 2045.913293][T28600] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9659'. [ 2046.280319][T16665] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2046.606014][T28610] netlink: 24 bytes leftover after parsing attributes in process `syz.3.9663'. [ 2046.674688][T16665] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2046.823579][T28410] Bluetooth: hci6: command tx timeout [ 2046.946772][T16665] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2047.000557][T28587] chnl_net:caif_netlink_parms(): no params data found [ 2047.531430][T16665] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2047.911005][T16665] bridge_slave_1: left allmulticast mode [ 2047.917393][T16665] bridge_slave_1: left promiscuous mode [ 2047.924142][T16665] bridge0: port 2(bridge_slave_1) entered disabled state [ 2048.000730][T16665] bridge_slave_0: left allmulticast mode [ 2048.006921][T16665] bridge_slave_0: left promiscuous mode [ 2048.013947][T16665] bridge0: port 1(bridge_slave_0) entered disabled state [ 2048.853718][T16665] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2048.884189][T16665] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2048.892254][T16665] bond0 (unregistering): Released all slaves [ 2048.901365][T28410] Bluetooth: hci6: command tx timeout [ 2049.367872][T28587] bridge0: port 1(bridge_slave_0) entered blocking state [ 2049.368402][T28587] bridge0: port 1(bridge_slave_0) entered disabled state [ 2049.369074][T28587] bridge_slave_0: entered allmulticast mode [ 2049.372566][T28587] bridge_slave_0: entered promiscuous mode [ 2049.428429][T28587] bridge0: port 2(bridge_slave_1) entered blocking state [ 2049.428946][T28587] bridge0: port 2(bridge_slave_1) entered disabled state [ 2049.429619][T28587] bridge_slave_1: entered allmulticast mode [ 2049.433116][T28587] bridge_slave_1: entered promiscuous mode [ 2049.788789][T28587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2049.823301][T28587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2049.975537][T16665] hsr_slave_0: left promiscuous mode [ 2049.979013][T16665] hsr_slave_1: left promiscuous mode [ 2049.986801][T16665] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2049.987020][T16665] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2049.990096][T16665] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2049.990255][T16665] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2050.029626][T16665] veth1_macvtap: left promiscuous mode [ 2050.029775][T16665] veth0_macvtap: left promiscuous mode [ 2050.030057][T16665] veth1_vlan: left promiscuous mode [ 2050.030306][T16665] veth0_vlan: left promiscuous mode [ 2050.247916][T28643] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9675'. [ 2050.797706][T16665] team0 (unregistering): Port device team_slave_1 removed [ 2050.837188][T16665] team0 (unregistering): Port device team_slave_0 removed [ 2051.015368][T28410] Bluetooth: hci6: command tx timeout [ 2051.309328][T28652] loop1: detected capacity change from 0 to 128 [ 2051.398505][T28587] team0: Port device team_slave_0 added [ 2051.509188][T28652] VFS: Found a Xenix FS (block size = 512) on device loop1 [ 2051.510669][T28652] sysv_free_block: trying to free block not in datazone [ 2051.516895][T28652] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 2051.620859][T28587] team0: Port device team_slave_1 added [ 2051.788534][T28587] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2051.788618][T28587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2051.788767][T28587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2051.795563][T28587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2051.795644][T28587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2051.795795][T28587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2052.434539][T28587] hsr_slave_0: entered promiscuous mode [ 2052.444970][T28587] hsr_slave_1: entered promiscuous mode [ 2053.081463][T28410] Bluetooth: hci6: command tx timeout [ 2053.786048][T28666] VFS: could not find a valid V7 on nullb0. [ 2053.808108][T28666] hpfs: Bad magic ... probably not HPFS [ 2054.271482][T28656] loop3: detected capacity change from 0 to 4096 [ 2054.330045][T28656] NILFS (loop3): invalid segment: Checksum error in segment payload [ 2054.330216][T28656] NILFS (loop3): trying rollback from an earlier position [ 2054.407176][T28587] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2054.442146][T28656] NILFS (loop3): recovery complete [ 2054.444405][T28587] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2054.463637][T28672] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2054.558068][T28587] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2054.597840][T28587] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2055.312157][T28587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2055.389814][T28587] 8021q: adding VLAN 0 to HW filter on device team0 [ 2055.410726][T16665] bridge0: port 1(bridge_slave_0) entered blocking state [ 2055.411194][T16665] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2055.477447][T16665] bridge0: port 2(bridge_slave_1) entered blocking state [ 2055.477921][T16665] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2055.573754][T28682] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9691'. [ 2058.206304][T28700] vivid-004: disconnect [ 2058.213083][T28699] vivid-004: reconnect [ 2058.737068][ T5196] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2058.778586][ T5196] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2058.932480][ T5196] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2058.945733][ T5196] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2058.957044][ T5196] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 2058.966459][ T5196] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2058.976144][T28711] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9702'. [ 2058.985579][T28711] netlink: 48 bytes leftover after parsing attributes in process `syz.1.9702'. [ 2058.994964][T28711] netlink: 36 bytes leftover after parsing attributes in process `syz.1.9702'. [ 2059.022421][T28711] vlan3: entered allmulticast mode [ 2059.027856][T28711] mac80211_hwsim hwsim61 wlan1: entered allmulticast mode [ 2059.641224][T28587] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2060.458448][ T3338] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2060.786981][ T3338] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2061.057988][ T5196] Bluetooth: hci0: command tx timeout [ 2061.417012][ T3338] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2061.492881][T28705] chnl_net:caif_netlink_parms(): no params data found [ 2061.638175][ T3338] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2062.064802][ T3338] bridge_slave_1: left allmulticast mode [ 2062.070749][ T3338] bridge_slave_1: left promiscuous mode [ 2062.077754][ T3338] bridge0: port 2(bridge_slave_1) entered disabled state [ 2062.213173][ T3338] bridge_slave_0: left allmulticast mode [ 2062.219083][ T3338] bridge_slave_0: left promiscuous mode [ 2062.226022][ T3338] bridge0: port 1(bridge_slave_0) entered disabled state [ 2062.269972][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 2062.276995][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 2062.608726][T28749] loop2: detected capacity change from 0 to 512 [ 2062.723448][T28749] EXT4-fs (loop2): 1 truncate cleaned up [ 2062.731134][T28749] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2062.892921][ T3338] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2062.958067][ T3338] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2063.036511][ T3338] bond0 (unregistering): Released all slaves [ 2063.153433][ T5196] Bluetooth: hci0: command tx timeout [ 2063.214358][T26980] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2063.332557][T28587] veth0_vlan: entered promiscuous mode [ 2063.428795][T28587] veth1_vlan: entered promiscuous mode [ 2063.653516][T28705] bridge0: port 1(bridge_slave_0) entered blocking state [ 2063.661407][T28705] bridge0: port 1(bridge_slave_0) entered disabled state [ 2063.669570][T28705] bridge_slave_0: entered allmulticast mode [ 2063.679012][T28705] bridge_slave_0: entered promiscuous mode [ 2063.838852][T28705] bridge0: port 2(bridge_slave_1) entered blocking state [ 2063.846945][T28705] bridge0: port 2(bridge_slave_1) entered disabled state [ 2063.854998][T28705] bridge_slave_1: entered allmulticast mode [ 2063.864121][T28705] bridge_slave_1: entered promiscuous mode [ 2064.213471][T28762] loop1: detected capacity change from 0 to 128 [ 2064.367784][T28705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2064.389215][T28705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2064.547550][ T3338] hsr_slave_0: left promiscuous mode [ 2064.567112][ T3338] hsr_slave_1: left promiscuous mode [ 2064.579391][ T3338] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2064.588476][ T3338] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2064.625001][ T3338] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2064.633264][ T3338] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2064.682343][ T3338] veth1_macvtap: left promiscuous mode [ 2064.688197][ T3338] veth0_macvtap: left promiscuous mode [ 2064.694407][ T3338] veth1_vlan: left promiscuous mode [ 2064.699973][ T3338] veth0_vlan: left promiscuous mode [ 2065.225912][ T5196] Bluetooth: hci0: command tx timeout [ 2065.475031][ T3338] team0 (unregistering): Port device team_slave_1 removed [ 2065.584081][ T3338] team0 (unregistering): Port device team_slave_0 removed [ 2066.084380][T28705] team0: Port device team_slave_0 added [ 2066.105709][T28705] team0: Port device team_slave_1 added [ 2066.119198][T28770] nr0: tun_chr_ioctl cmd 1074025673 [ 2066.203372][T28587] veth0_macvtap: entered promiscuous mode [ 2066.425802][T28587] veth1_macvtap: entered promiscuous mode [ 2066.482058][T28587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2066.494101][T28587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2066.505907][T28587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2066.505961][ T29] audit: type=1326 audit(1727646924.404:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28781 comm="syz.1.9728" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc3579 code=0x0 [ 2066.518056][T28587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2066.555722][T28587] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2066.585199][T28705] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2066.595550][T28705] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2066.623127][T28705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2066.732993][T28705] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2066.740198][T28705] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2066.766813][T28705] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2066.825452][T28587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2066.836445][T28587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2066.846717][T28587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2066.857519][T28587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2066.872419][T28587] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2067.115572][T28705] hsr_slave_0: entered promiscuous mode [ 2067.146823][T28705] hsr_slave_1: entered promiscuous mode [ 2067.166356][T28705] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2067.166442][T28705] Cannot create hsr debugfs directory [ 2067.170311][T28587] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2067.170530][T28587] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2067.170735][T28587] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2067.170946][T28587] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2067.293104][ T5196] Bluetooth: hci0: command tx timeout [ 2068.764616][T28705] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 2068.793628][T28705] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 2068.824217][T28705] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 2068.856735][T28705] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 2069.027724][T28804] loop3: detected capacity change from 0 to 164 [ 2069.073257][T28804] rock: directory entry would overflow storage [ 2069.073315][T28804] rock: sig=0x66, size=4, remaining=3 [ 2069.123519][T28804] rock: directory entry would overflow storage [ 2069.123579][T28804] rock: sig=0x66, size=4, remaining=3 [ 2069.707051][T28705] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2069.863983][T28705] 8021q: adding VLAN 0 to HW filter on device team0 [ 2069.909692][T16665] bridge0: port 1(bridge_slave_0) entered blocking state [ 2069.910169][T16665] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2069.966300][T16665] bridge0: port 2(bridge_slave_1) entered blocking state [ 2069.966789][T16665] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2071.893385][T28819] loop3: detected capacity change from 0 to 2048 [ 2072.114498][T28830] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2072.849251][T28705] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2073.176031][T28705] veth0_vlan: entered promiscuous mode [ 2073.216544][T28705] veth1_vlan: entered promiscuous mode [ 2073.389129][T28705] veth0_macvtap: entered promiscuous mode [ 2073.423042][T28705] veth1_macvtap: entered promiscuous mode [ 2073.512048][T28705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2073.512148][T28705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2073.512248][T28705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2073.512339][T28705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2073.512412][T28705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2073.512502][T28705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2073.517209][T28705] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2073.541979][T28705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2073.542081][T28705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2073.542174][T28705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2073.542270][T28705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2073.542344][T28705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2073.542433][T28705] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2073.547055][T28705] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2073.596176][T28705] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2073.596406][T28705] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2073.596612][T28705] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2073.596819][T28705] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2074.916239][T16665] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2074.924544][T16665] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2074.932986][T16668] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2074.933085][T16668] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2075.853059][T28846] tipc: Started in network mode [ 2075.858361][T28846] tipc: Node identity fe8000000000000000000000000000aa, cluster identity 4711 [ 2075.868432][T28846] tipc: Enabling of bearer rejected, failed to enable media [ 2076.206400][T28854] syz.2.9745[28854] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2076.206841][T28854] syz.2.9745[28854] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2076.223911][T28854] syz.2.9745[28854] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2077.044523][T28868] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 2077.064392][T28868] macvtap1: entered promiscuous mode [ 2077.070793][T28868] macvtap1: entered allmulticast mode [ 2077.076669][T28868] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 2077.697300][T28880] IPv6: NLM_F_CREATE should be specified when creating new route [ 2077.705827][T28880] netlink: 1 bytes leftover after parsing attributes in process `syz.4.9755'. [ 2078.208410][T28888] tap0: tun_chr_ioctl cmd 1074025677 [ 2078.216194][T28888] tap0: linktype set to 65534 [ 2078.856001][T28900] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9761'. [ 2078.865696][T28900] 8021q: VLANs not supported on hsr0 [ 2079.444496][ T3338] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2079.452719][ T3338] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2079.472308][T28908] loop2: detected capacity change from 0 to 2048 [ 2079.516887][T28908] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 2079.552163][T27001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2079.560366][T27001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2079.587763][T28908] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 2079.692405][T28908] UDF-fs: unknown compression code (0) [ 2080.859738][T28927] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9771'. [ 2081.709911][T28941] bridge0: port 2(bridge_slave_1) entered disabled state [ 2081.759980][T28937] loop1: detected capacity change from 0 to 2048 [ 2082.225624][T28937] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2082.356263][T28937] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 2082.582918][T28937] EXT4-fs (loop1): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 28 [ 2082.596499][T28937] EXT4-fs (loop1): This should not happen!! Data will be lost [ 2082.596499][T28937] [ 2082.606684][T28937] EXT4-fs (loop1): Total free blocks count 0 [ 2082.613188][T28937] EXT4-fs (loop1): Free/Dirty block details [ 2082.619323][T28937] EXT4-fs (loop1): free_blocks=2415919104 [ 2082.625489][T28937] EXT4-fs (loop1): dirty_blocks=16 [ 2082.630841][T28937] EXT4-fs (loop1): Block reservation details [ 2082.637265][T28937] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 2082.697188][T28954] loop3: detected capacity change from 0 to 1024 [ 2082.726505][T28954] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 2082.773856][T28951] EXT4-fs (loop1): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 28 [ 2082.976738][T28954] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 2083.190217][T28954] EXT4-fs (loop3): orphan cleanup on readonly fs [ 2083.390430][T28954] EXT4-fs error (device loop3): __ext4_get_inode_loc:4403: comm syz.3.9785: Invalid inode table block 0 in block_group 0 [ 2083.502272][T28954] EXT4-fs (loop3): Remounting filesystem read-only [ 2083.509080][T28954] Quota error (device loop3): write_blk: dquota write failed [ 2083.517401][T28954] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 2083.527909][T28954] EXT4-fs (loop3): 1 truncate cleaned up [ 2083.721371][T28954] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 2084.207728][T28973] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9793'. [ 2084.319513][T22773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2084.347143][T28978] Attempt to restore checkpoint with obsolete wellknown handles [ 2084.784622][T28982] tap0: tun_chr_ioctl cmd 1074025681 [ 2085.304146][T28997] loop1: detected capacity change from 0 to 64 [ 2085.548679][T29005] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9808'. [ 2085.558057][T29005] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9808'. [ 2086.027887][T22883] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 2086.082972][T29012] libceph: resolve 'a' (ret=-3): failed [ 2086.596320][T22883] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 2086.608775][T22883] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 2086.619198][T22883] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 2086.628724][T22883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2086.656932][T29007] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 2086.711748][T22883] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 2087.297638][T29034] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 2087.354874][T29032] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9821'. [ 2087.357879][ T5243] usb 5-1: USB disconnect, device number 66 [ 2087.813863][T29040] sctp: [Deprecated]: syz.1.9824 (pid 29040) Use of int in max_burst socket option deprecated. [ 2087.813863][T29040] Use struct sctp_assoc_value instead [ 2088.290195][T29046] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9827'. [ 2088.510684][T29050] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9830'. [ 2089.283182][T29064] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9833'. [ 2089.468008][T29059] loop0: detected capacity change from 0 to 2048 [ 2089.553509][T29059] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 2090.162946][T29078] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9842'. [ 2090.193164][T29078] netlink: 104 bytes leftover after parsing attributes in process `syz.3.9842'. [ 2090.202672][T29078] netlink: 104 bytes leftover after parsing attributes in process `syz.3.9842'. [ 2090.734330][T29087] netlink: 408 bytes leftover after parsing attributes in process `syz.1.9847'. [ 2090.760255][T29088] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 2092.248383][T29112] loop3: detected capacity change from 0 to 128 [ 2092.278039][T29112] VFS: Found a Xenix FS (block size = 512) on device loop3 [ 2092.293706][T29112] sysv_free_block: trying to free block not in datazone [ 2092.319112][T29112] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 2094.696345][T29150] loop0: detected capacity change from 0 to 64 [ 2094.788440][T29149] netlink: 'syz.2.9874': attribute type 12 has an invalid length. [ 2094.797102][T29149] netlink: 'syz.2.9874': attribute type 29 has an invalid length. [ 2094.805584][T29149] netlink: 'syz.2.9874': attribute type 2 has an invalid length. [ 2094.813792][T29149] netlink: 128 bytes leftover after parsing attributes in process `syz.2.9874'. [ 2095.900176][T29169] loop0: detected capacity change from 0 to 256 [ 2096.779127][T29180] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9888'. [ 2097.144240][ T29] audit: type=1326 audit(1727646955.034:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29186 comm="syz.4.9893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47579 code=0x7ffc0000 [ 2097.229252][ T29] audit: type=1326 audit(1727646955.084:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29186 comm="syz.4.9893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f47579 code=0x7ffc0000 [ 2097.325052][ T29] audit: type=1326 audit(1727646955.154:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29186 comm="syz.4.9893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47579 code=0x7ffc0000 [ 2097.347976][ T29] audit: type=1326 audit(1727646955.154:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29186 comm="syz.4.9893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47579 code=0x7ffc0000 [ 2097.370750][ T29] audit: type=1326 audit(1727646955.154:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29186 comm="syz.4.9893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f47579 code=0x7ffc0000 [ 2097.393540][ T29] audit: type=1326 audit(1727646955.164:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29186 comm="syz.4.9893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47579 code=0x7ffc0000 [ 2097.419498][ T29] audit: type=1326 audit(1727646955.164:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29186 comm="syz.4.9893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=95 compat=1 ip=0xf7f47579 code=0x7ffc0000 [ 2097.443424][ T29] audit: type=1326 audit(1727646955.164:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29186 comm="syz.4.9893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47579 code=0x7ffc0000 [ 2097.465943][ T29] audit: type=1326 audit(1727646955.164:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29186 comm="syz.4.9893" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f47579 code=0x7ffc0000 [ 2097.901848][T29196] [U] ™˜ðN [ 2098.465542][T29209] loop2: detected capacity change from 0 to 256 [ 2099.197134][T29221] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9908'. [ 2099.404171][T29227] netlink: 48 bytes leftover after parsing attributes in process `syz.1.9912'. [ 2099.654318][T29230] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9915'. [ 2099.671963][T29230] netlink: 277 bytes leftover after parsing attributes in process `syz.2.9915'. [ 2099.681351][T29230] netlink: 277 bytes leftover after parsing attributes in process `syz.2.9915'. [ 2099.841269][T29231] loop0: detected capacity change from 0 to 256 [ 2100.015383][T29240] nicvf0: tun_chr_ioctl cmd 35111 [ 2100.305145][T29243] loop4: detected capacity change from 0 to 64 [ 2100.999321][T29252] loop1: detected capacity change from 0 to 1024 [ 2101.163320][T29244] loop2: detected capacity change from 0 to 4096 [ 2101.192377][T29244] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 2101.324716][T27001] hfsplus: b-tree write err: -5, ino 4 [ 2101.700919][ T29] audit: type=1800 audit(1727646959.594:195): pid=29244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.9920" name="bus" dev="loop2" ino=33 res=0 errno=0 [ 2102.384877][T29272] loop1: detected capacity change from 0 to 512 [ 2102.964080][T29272] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2102.977409][T29272] ext4 filesystem being mounted at /230/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 2103.217115][T29268] loop0: detected capacity change from 0 to 4096 [ 2103.275700][T29268] EXT4-fs (loop0): Test dummy encryption mode enabled [ 2103.336986][T29268] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2103.391333][T26765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2103.493474][T29268] EXT4-fs: Ignoring removed mblk_io_submit option [ 2103.500613][T29268] EXT4-fs: Ignoring removed nomblk_io_submit option [ 2103.511128][T29268] EXT4-fs: Remounting file system with no journal so ignoring journalled data option [ 2103.568494][T29268] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 2103.924128][T29294] loop3: detected capacity change from 0 to 512 [ 2103.971913][T28705] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2104.407184][T29303] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9947'. [ 2104.425283][T29294] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.9938: bg 0: block 393: padding at end of block bitmap is not set [ 2104.504878][T29294] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 2104.607609][T29294] EXT4-fs (loop3): 2 truncates cleaned up [ 2104.616066][T29294] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2105.282712][T22773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2105.813559][T27001] ===================================================== [ 2105.820896][T27001] BUG: KMSAN: uninit-value in n_tty_receive_buf_closing+0x539/0xb40 [ 2105.829971][T27001] n_tty_receive_buf_closing+0x539/0xb40 [ 2105.837138][T27001] n_tty_receive_buf_common+0x196b/0x2490 [ 2105.844180][T27001] n_tty_receive_buf2+0x4c/0x60 [ 2105.849249][T27001] tty_ldisc_receive_buf+0xd0/0x290 [ 2105.854882][T27001] tty_port_default_receive_buf+0xdf/0x190 [ 2105.860895][T27001] flush_to_ldisc+0x473/0xdb0 [ 2105.865919][T27001] process_scheduled_works+0xae0/0x1c40 [ 2105.871781][T27001] worker_thread+0xea7/0x14f0 [ 2105.876654][T27001] kthread+0x3e2/0x540 [ 2105.880943][T27001] ret_from_fork+0x6d/0x90 [ 2105.885612][T27001] ret_from_fork_asm+0x1a/0x30 [ 2105.890581][T27001] [ 2105.893091][T27001] Uninit was created at: [ 2105.897585][T27001] __kmalloc_noprof+0x661/0xf30 [ 2105.902891][T27001] __tty_buffer_request_room+0x36e/0x6d0 [ 2105.908747][T27001] __tty_insert_flip_string_flags+0x140/0x570 [ 2105.919429][T27001] uart_insert_char+0x39e/0xa10 [ 2105.926065][T27001] serial8250_read_char+0x1a7/0x5d0 [ 2105.931450][T27001] serial8250_handle_irq+0x970/0x1130 [ 2105.937168][T27001] serial8250_default_handle_irq+0x120/0x2b0 [ 2105.943444][T27001] serial8250_interrupt+0xc5/0x360 [ 2105.948785][T27001] __handle_irq_event_percpu+0x118/0xca0 [ 2105.954754][T27001] handle_irq_event+0xef/0x2c0 [ 2105.959730][T27001] handle_edge_irq+0x340/0xfb0 [ 2105.965559][T27001] __common_interrupt+0x97/0x1f0 [ 2105.970687][T27001] common_interrupt+0x92/0xb0 [ 2105.975756][T27001] asm_common_interrupt+0x2b/0x40 [ 2105.981003][T27001] [ 2105.983568][T27001] CPU: 1 UID: 0 PID: 27001 Comm: kworker/u8:0 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 2105.994594][T27001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2106.004912][T27001] Workqueue: events_unbound flush_to_ldisc [ 2106.010938][T27001] ===================================================== [ 2106.024022][T27001] Disabling lock debugging due to kernel taint [ 2106.032080][T27001] Kernel panic - not syncing: kmsan.panic set ... [ 2106.038648][T27001] CPU: 1 UID: 0 PID: 27001 Comm: kworker/u8:0 Tainted: G B 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 2106.050930][T27001] Tainted: [B]=BAD_PAGE [ 2106.055186][T27001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2106.065392][T27001] Workqueue: events_unbound flush_to_ldisc [ 2106.071394][T27001] Call Trace: [ 2106.074785][T27001] [ 2106.077817][T27001] dump_stack_lvl+0x216/0x2d0 [ 2106.082680][T27001] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 2106.088667][T27001] dump_stack+0x1e/0x30 [ 2106.093002][T27001] panic+0x4e2/0xcf0 [ 2106.097130][T27001] ? kmsan_get_metadata+0x41/0x1c0 [ 2106.102413][T27001] kmsan_report+0x2c7/0x2d0 [ 2106.107074][T27001] ? kmsan_memmove+0x67/0x110 [ 2106.111950][T27001] ? __msan_warning+0x95/0x120 [ 2106.116908][T27001] ? n_tty_receive_buf_closing+0x539/0xb40 [ 2106.122946][T27001] ? n_tty_receive_buf_common+0x196b/0x2490 [ 2106.129045][T27001] ? n_tty_receive_buf2+0x4c/0x60 [ 2106.134268][T27001] ? tty_ldisc_receive_buf+0xd0/0x290 [ 2106.139917][T27001] ? tty_port_default_receive_buf+0xdf/0x190 [ 2106.146094][T27001] ? flush_to_ldisc+0x473/0xdb0 [ 2106.151201][T27001] ? process_scheduled_works+0xae0/0x1c40 [ 2106.157114][T27001] ? worker_thread+0xea7/0x14f0 [ 2106.162155][T27001] ? kthread+0x3e2/0x540 [ 2106.166589][T27001] ? ret_from_fork+0x6d/0x90 [ 2106.171349][T27001] ? ret_from_fork_asm+0x1a/0x30 [ 2106.176487][T27001] ? kmsan_get_metadata+0x13e/0x1c0 [ 2106.181849][T27001] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 2106.187827][T27001] ? __update_load_avg_cfs_rq+0x969/0x10e0 [ 2106.193837][T27001] ? __update_load_avg_se+0x9e2/0x11a0 [ 2106.199481][T27001] ? kmsan_get_metadata+0x13e/0x1c0 [ 2106.204872][T27001] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 2106.210846][T27001] ? kmsan_get_metadata+0x13e/0x1c0 [ 2106.216206][T27001] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 2106.222190][T27001] __msan_warning+0x95/0x120 [ 2106.226987][T27001] n_tty_receive_buf_closing+0x539/0xb40 [ 2106.232858][T27001] n_tty_receive_buf_common+0x196b/0x2490 [ 2106.238798][T27001] ? pick_eevdf+0x56e/0x13e0 [ 2106.243659][T27001] n_tty_receive_buf2+0x4c/0x60 [ 2106.248715][T27001] ? __pfx_n_tty_receive_buf2+0x10/0x10 [ 2106.254482][T27001] tty_ldisc_receive_buf+0xd0/0x290 [ 2106.259883][T27001] tty_port_default_receive_buf+0xdf/0x190 [ 2106.265889][T27001] flush_to_ldisc+0x473/0xdb0 [ 2106.270751][T27001] ? __pfx_tty_port_default_receive_buf+0x10/0x10 [ 2106.277363][T27001] ? __pfx_flush_to_ldisc+0x10/0x10 [ 2106.282741][T27001] process_scheduled_works+0xae0/0x1c40 [ 2106.288534][T27001] worker_thread+0xea7/0x14f0 [ 2106.293401][T27001] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 2106.299399][T27001] kthread+0x3e2/0x540 [ 2106.303668][T27001] ? __pfx_worker_thread+0x10/0x10 [ 2106.308979][T27001] ? __pfx_kthread+0x10/0x10 [ 2106.313766][T27001] ret_from_fork+0x6d/0x90 [ 2106.318346][T27001] ? __pfx_kthread+0x10/0x10 [ 2106.323150][T27001] ret_from_fork_asm+0x1a/0x30 [ 2106.328118][T27001] [ 2106.331502][T27001] Kernel Offset: disabled [ 2106.335931][T27001] Rebooting in 86400 seconds..