last executing test programs: 5.522668376s ago: executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) 4.998728884s ago: executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001800)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$inet_sctp(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000200)="fa", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[], 0x88}, 0x0) 3.933954356s ago: executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x48, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_TAIL={0x2a, 0xe, [@chsw_timing={0x68, 0x4}, @ht={0x2d, 0x1a}, @perr={0x84, 0x2}]}]]}, 0x48}}, 0x0) 3.362170464s ago: executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000240)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 3.344261681s ago: executing program 2: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x4, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0xb0ffffff}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0xffffff1f}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff0, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {0x7, 0x0, 0xa, 0x2, 0x0, 0x0, 0x1400}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 3.099361238s ago: executing program 0: epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000001b00), 0x8) 2.962005942s ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x0, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x0, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) r2 = syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) read$hidraw(r2, 0x0, 0x0) syz_usb_ep_write(r1, 0x81, 0x1, &(0x7f0000000000)='B') close_range(r0, 0xffffffffffffffff, 0x0) 2.791457194s ago: executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000009c0)="18acf8b1ed479de320cdbff21bc648a4423880b9fb95564f48c38e3fdaea755288c2a91a1ef344702de01af77d599320e22a0ea41b13aa09f1b359b0e2d2e8b6074bb4119ea219d2055df8bab18280f3c3ea8e45510d60a28f7af2a9c471dbe0a88f57ae4580b0b420f5f90b70efb6805d81812d5d64c87c99f9c75e9f656dfd6e0cb005b1abd4d879a097dd9d3e6e12f85505cd45c840f9503b2fff6c33e6a675512ab99729da82acc41b65a398d515700ba76224267cdabfb9576027eb82a82c337e379c488d47691d7fe2c55bbe29a7a37633648559a31b90f145d0f5a2d8d9499f100ba95da30ce9df964d2af22e6551f8a35878071d2b5477c0f1c0ab067a8bd9368c04ed9b6e1547f04d022d726bb32daf66bded05624baa409848f50d96df5d0a86c6ce2b9b0767e85c5233c1e30aaad953301d7294b375db43804290971c857070e9d2c8b6397ab8d56358476fc0359ee79b7956f0ef1ce2edefc6bd340037706a57aa98105019c21be58ce8c868c90db57bfe8304416b3e7e02837ea3ce01ce463321f2ea429ee0c42b27d28c2b6063eb5cd746e26ade0c9ae3049ebb8c5038b01281f26c9777fb1263a5ba1262fa783e07ef5ded966eb85a4a811f5aab0d9575551239e9b0f76e5217744b0a8edcb1504774e36818033e3ab03ca6164df64fdf4352b9c88bfa91add131e13bee44e7eb4e38e613f3bab3c6c8a5038e446d57c9058b975f05f36e0e49171b426b99aa82a0656d7ffc46169ee20456aab06ee429bff9408fb1961e3976e288bee69e9ec6dc72862e1cfcc6c4804457285efcb056b0d834666748129994a3fc172c4c9c622a0c4ddd84bce972d56c70f3687222e5857f9a24b0e138a8359409f5b4ba3206c1a7f35c9e90f3ad903715ab7283e700f9ec2c641f38e998122266a8b1731ce1f03d12a643f281b3ace22f1e403dfe05052fdca3da258f8f1bd7c88949d2a14510b4116c5e403b6cee434d4969113ff8eebc1052e6a1dfa710cadfa0dbd96afa3dd1ab32b10e97d4c015e357bb938d5c2420ed83fff6a17ca9c334fc1b1a3b171f3ca2f4f88a66c59477a73265a8dc10c6d0e5ab2f595e4b9bdd160f35a7917d46df4a50b7651a5991f2444fc0a235f210e8ce8afede0b725d0cabfa20e4d36a836314d180f66614db4fbbd15ef7a947247f7f6f0eb34af0b7aeaaa9210154285dcd0389de273ad3459a1d87f062d9a050c57b6325750aeb9f47d7242117d8e0d38ae1e6cef179809d422ae852bf41f8d5ec42fac487ed46e0511a1f554cd6181e6c81dfdafa7c69daa2ba822e22e305b4b8f34c20fcc8e50cf451f053df249a7f5b20cbc0bc127f55d80bc9c0ba3cf9f0a9c56286215c20f9d60cb61276c6bbf772c151be2520e22b8f6daea2aa1f9e1b30bbeed092d3c2fb92a10fb71e7fea336a0258620c918581487ec04c54ca4e9811a83a6bf39dca6a4e89092cdee6e40024bd7c1ae7b3a8cdbb38c21ccb1de68f7fc9fa4726b832cedcfdd22b71f37d66f350e78e3c19bcae0322f8f070c316bc3c2ba0cb12a43746bd8aaa1645e3f8800b93722ac1791396bb3def1678cb5ab3f42c097c4c3684ea61dc89209ae57906bd4577a93b14eceff6f18893064198d9141a927ced2af06226011187f1851d6a5c1b5ff78a4c6d8b387a781c06a286f052d2e828ed94110cd7b9e6cfcb840e12019678080a6e9e517ce8ba6276c5a919197fd0adf86547135fcec083f2c1fea0e40564f279ceec580e827e39fa77bfa823d6e08aa7bd320491381f21be8b10dc2ed7fee1524680a52bb1e14cb6248519100edd7df29bac5c4ad1c893ee99db03aa7e077ba6608b0db797f31a6cd6d5a01077a41df98fc373ac5c149b87c55bb73bb17b09dffa7847b134b866b9ce179d547750dd2fb9c280e2003d132c87e2535f31232a32d738aeedeff052f256a9c866b6c2cb880d15f1acca7396a8f6113afe45e46e96a6c7762eb09d2c568df561d5484356b4ae71f89bf0126c6670c4fbeee59a89e20206401ef85f083039aa9ceacc2912427b031c35e29c7a702e0054f4dbb01062c0daab2a5faa49a86cd5d48d64bbee12f60ee529a00ad13a579934faff4ec12778038a3e48217fc4eb97ebe3dec9ecdfc0af3e722ed7ca0f12952c2902b0db061098d4bf14664104c440c9d07af7fbaa375274f61b04c17050a3e139dcce999071f18468139182cfe78a84c90c0428d7c75a621a6eaa69e028ce47626235ca3edbbb53e15afebebb25e18c732a820edca2f60be8c0ecd7e5a30282a0add95c6eb43b0afea34d91de7b20f4fb999d17c7fc418738f61cce38d656ce86e2d0a97f31dad0296ee63fb48e859003f88d0a27c874a47301dc0f1fd4f4e9b1bcd7806f715c751b94e182307d2d01278eb0ad2e1a48c3cac80ea5ec28b9b52f5cf6ea8b5611be5a24f91545cae2f581fd58fd47e6aa3b88b380442f21739319050ef702ffe604d7b1341013d330ad4e8d7c3cec17da298b4fcf1205e156f30642d654384d4be8b9eb4add6d9603e8fe122b9d70171d6f8ea5", 0xfffffdef}], 0x1}}], 0x1, 0x0) 2.739695572s ago: executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x400) syz_io_uring_setup(0x0, 0x0, 0x0, &(0x7f0000000140)) r1 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002, 0x8012, r0, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0x5008, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r0, 0x80045017, 0x0) 2.700476381s ago: executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b80)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x58}}, 0x0) 2.453465766s ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00d, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.223266006s ago: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000000)={0xb6, 0x2}) 2.183565544s ago: executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b00)=ANY=[@ANYBLOB="240000001a00010000000000000000001c0000000000001914beb80008000100000001"], 0x24}}, 0x0) 2.11766536s ago: executing program 2: migrate_pages(0x0, 0x4, &(0x7f0000000040)=0x200000007f, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) socket(0x0, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000002100)=0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 1.908497248s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d300500000000004704000001ed00000f030000000000001d44000000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efa95ea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f023486404c8df47e4ff2ad7f4132b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226d79fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) 1.78422361s ago: executing program 1: r0 = syz_open_dev$usbfs(&(0x7f0000000c40), 0x310decfa, 0x1) ioctl$USBDEVFS_CONTROL(r0, 0x80045510, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.770710852s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x8, 0x3, 0x9}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000a80)='ext4_writepages\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_pid(r2, &(0x7f0000000980), 0x12) 1.452356147s ago: executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) r3 = open(&(0x7f0000000140)='./file1\x00', 0x42242, 0x0) ftruncate(r3, 0x200004) read$FUSE(0xffffffffffffffff, 0x0, 0x0) sendfile(r2, r3, 0x0, 0x80001d00c0d1) setsockopt(r2, 0x1, 0x20, &(0x7f0000000040)="c04bfa0a", 0x4) 1.423290613s ago: executing program 1: r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x800000001ff, 0xe8082) r1 = dup(r0) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000040)={0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.376538649s ago: executing program 2: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000080)={'wg2\x00'}) setsockopt$inet_opts(r0, 0x0, 0x8, &(0x7f0000000000)='s', 0x1) getsockopt$inet_opts(r0, 0x0, 0x9, 0x0, &(0x7f0000000100)) 1.321692276s ago: executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz0\x00'}) ioctl$UI_DEV_CREATE(r0, 0x5501) read(r0, &(0x7f0000000200)=""/200, 0xc8) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x5452, &(0x7f0000000200)=0x3e) recvmmsg(r2, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}}], 0xf00, 0x0, 0x0) fcntl$setsig(r2, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r3}], 0x1, 0xfffffffffffffff8) dup2(r2, r3) fcntl$setown(r3, 0x8, r1) tkill(r1, 0x14) 1.038387811s ago: executing program 2: syz_emit_ethernet(0x9a, &(0x7f0000000340)={@link_local, @dev, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x64, 0x11, 0x0, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[], {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "b391495b7cca0d671930cda1aef1b07f797e4f4dd36317b45bbac71279350c83", "49c2e49c4b0a487c76511d66b2121dd4", {"1f528df383d9abb71e1ff7c5bb465265", "52fe46c84fd4c48b563b7eb988c0491a"}}}}}}}}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000000c0)) 972.63681ms ago: executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$fou(0x0, 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000a00), 0xffffffffffffffff) sendmsg$FOU_CMD_GET(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000007c0)={0x14, r2, 0xb05}, 0x14}}, 0x0) 754.057197ms ago: executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x2}}}, @TCA_TBF_BURST={0x8}]}}]}, 0x60}}, 0x0) 664.063702ms ago: executing program 1: r0 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8918, &(0x7f0000000040)={'ip6gretap0\x00', @random="0200ff7fdfff"}) 649.175802ms ago: executing program 2: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x400) syz_io_uring_setup(0x0, 0x0, 0x0, &(0x7f0000000140)) r1 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002, 0x8012, r0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r0, 0x80045017, 0x0) 369.706269ms ago: executing program 4: r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) fsopen(&(0x7f0000000000)='ext4\x00', 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 298.981894ms ago: executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_io_uring_setup(0x24ff, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f00000003c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x0, r0}) io_uring_enter(r1, 0x5c26, 0x0, 0x0, 0x0, 0x0) 33.912456ms ago: executing program 0: syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket(0xa, 0x6, 0x0) getsockopt$inet6_mreq(r1, 0x10d, 0xf, 0x0, &(0x7f0000000040)) 0s ago: executing program 3: migrate_pages(0x0, 0x4, &(0x7f0000000040)=0x200000007f, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) socket(0x0, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000002100)=0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) kernel console output (not intermixed with test programs): id 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (10987) [ 981.612422][T10994] syz-executor.3: attempt to access beyond end of device [ 981.612422][T10994] loop3: rw=1, sector=8454, nr_sectors = 2048 limit=1024 [ 981.640744][T10994] syz-executor.3: attempt to access beyond end of device [ 981.640744][T10994] loop3: rw=1, sector=10502, nr_sectors = 2048 limit=1024 [ 981.656109][T10911] Bluetooth: hci1: command tx timeout [ 981.672222][T10987] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 981.682932][T10987] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 981.692719][T10987] BTRFS info (device loop2): using free-space-tree [ 981.709093][T10994] syz-executor.3: attempt to access beyond end of device [ 981.709093][T10994] loop3: rw=1, sector=12550, nr_sectors = 2048 limit=1024 [ 981.727798][T10994] syz-executor.3: attempt to access beyond end of device [ 981.727798][T10994] loop3: rw=1, sector=14598, nr_sectors = 2048 limit=1024 [ 981.755705][T10994] syz-executor.3: attempt to access beyond end of device [ 981.755705][T10994] loop3: rw=1, sector=16646, nr_sectors = 2048 limit=1024 [ 981.831142][ T3948] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 981.870129][ T3875] BTRFS warning (device loop2): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x26333c6f level 0 [ 981.882106][T10953] usb 5-1: USB disconnect, device number 27 [ 981.893026][T10987] BTRFS warning (device loop2): couldn't read tree root [ 981.900479][T10987] BTRFS warning (device loop2): try to load backup roots slot 1 [ 981.929161][ T3875] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x78ca8373 level 0 [ 981.939663][ T3948] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 981.951907][T10987] BTRFS warning (device loop2): couldn't read tree root [ 981.959099][T10987] BTRFS warning (device loop2): try to load backup roots slot 2 [ 981.972413][ T3875] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 981.999702][T10987] BTRFS warning (device loop2): couldn't read tree root [ 982.007126][T10987] BTRFS warning (device loop2): try to load backup roots slot 3 [ 982.034671][ T3948] bond0 (unregistering): Released all slaves [ 982.067530][ T8458] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 982.144157][T10987] BTRFS info (device loop2): rebuilding free space tree [ 982.346083][T10987] BTRFS info (device loop2): checking UUID tree [ 982.561106][T10981] chnl_net:caif_netlink_parms(): no params data found [ 982.893511][ T7283] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 982.920922][ T3948] hsr_slave_0: left promiscuous mode [ 982.942182][ T3948] hsr_slave_1: left promiscuous mode [ 982.961258][ T3948] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 982.969045][ T3948] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 983.001427][T11017] loop3: detected capacity change from 0 to 8192 [ 983.025341][ T3948] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 983.034741][ T3948] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 983.136336][ T3948] veth1_macvtap: left promiscuous mode [ 983.142683][ T3948] veth0_macvtap: left promiscuous mode [ 983.150907][ T3948] veth1_vlan: left promiscuous mode [ 983.156472][ T3948] veth0_vlan: left promiscuous mode [ 983.271989][T11018] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 983.539076][T11017] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=18) [ 983.539350][ T29] audit: type=1800 audit(983.424:399): pid=11017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 983.572102][ T29] audit: type=1804 audit(983.504:400): pid=11017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3272511842/syzkaller.pDhA59/155/file0/bus" dev="loop3" ino=18 res=1 errno=0 [ 983.642071][T11017] Remounting filesystem read-only [ 983.722290][T10911] Bluetooth: hci1: command tx timeout [ 984.001113][ T3948] team0 (unregistering): Port device team_slave_1 removed [ 984.085393][ T3948] team0 (unregistering): Port device team_slave_0 removed [ 984.161415][ T7739] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 984.172656][ T7739] NILFS (loop3): discard dirty page: offset=0, ino=2 [ 984.179588][ T7739] NILFS (loop3): discard dirty block: blocknr=15, size=2048 [ 984.187863][ T7739] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=2048 [ 984.301207][ T7739] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 984.308159][ T7739] NILFS (loop3): discard dirty block: blocknr=25, size=2048 [ 984.317115][ T7739] NILFS (loop3): discard dirty block: blocknr=26, size=2048 [ 984.324780][ T7739] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 984.335612][ T7739] NILFS (loop3): discard dirty block: blocknr=27, size=2048 [ 984.344896][ T7739] NILFS (loop3): discard dirty block: blocknr=28, size=2048 [ 984.453845][ T7739] NILFS (loop3): discard dirty page: offset=0, ino=18 [ 984.461657][ T7739] NILFS (loop3): discard dirty block: blocknr=0, size=2048 [ 984.469188][ T7739] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=2048 [ 984.479476][ T7739] NILFS (loop3): discard dirty page: offset=65536, ino=18 [ 984.487215][ T7739] NILFS (loop3): discard dirty block: blocknr=0, size=2048 [ 984.494770][ T7739] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=2048 [ 984.602300][ T7739] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 984.609269][ T7739] NILFS (loop3): discard dirty block: blocknr=31, size=2048 [ 984.616962][ T7739] NILFS (loop3): discard dirty block: blocknr=32, size=2048 [ 984.624719][ T7739] NILFS (loop3): discard dirty page: offset=135168, ino=3 [ 984.632218][ T7739] NILFS (loop3): discard dirty block: blocknr=0, size=2048 [ 984.642909][ T7739] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=2048 [ 985.027876][T11027] loop2: detected capacity change from 0 to 2048 [ 985.066110][T11027] udf: Unknown parameter 'archarset' [ 985.125400][T10910] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 985.190504][T10910] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 985.248715][T10910] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 985.339112][T10910] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 985.544793][T11032] loop4: detected capacity change from 0 to 256 [ 985.712262][T11032] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 985.826218][T10911] Bluetooth: hci1: command tx timeout [ 986.019695][T11027] loop2: detected capacity change from 0 to 32768 [ 986.037533][T10981] bridge0: port 1(bridge_slave_0) entered blocking state [ 986.045672][T10981] bridge0: port 1(bridge_slave_0) entered disabled state [ 986.046615][ T29] audit: type=1804 audit(985.954:401): pid=11032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir163231968/syzkaller.9rfqLP/116/file0/file0" dev="loop4" ino=1048663 res=1 errno=0 [ 986.053441][T10981] bridge_slave_0: entered allmulticast mode [ 986.089408][T10981] bridge_slave_0: entered promiscuous mode [ 986.103025][T11027] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (11027) [ 986.131152][T10981] bridge0: port 2(bridge_slave_1) entered blocking state [ 986.138828][T10981] bridge0: port 2(bridge_slave_1) entered disabled state [ 986.146694][T10981] bridge_slave_1: entered allmulticast mode [ 986.155896][T10981] bridge_slave_1: entered promiscuous mode [ 986.165186][T11027] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 986.179300][T11027] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 986.189611][T11027] BTRFS info (device loop2): using free-space-tree [ 986.242905][T11036] loop3: detected capacity change from 0 to 64 [ 986.343777][T10981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 986.375528][T10981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 986.458196][T11036] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.3'. [ 986.542178][T10981] team0: Port device team_slave_0 added [ 986.629587][T10981] team0: Port device team_slave_1 added [ 986.829510][ T7283] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 986.866508][T10981] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 986.876440][T10981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 986.903885][T10981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 987.025747][T10981] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 987.033149][T10981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 987.060482][T10981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 987.529257][T10910] 8021q: adding VLAN 0 to HW filter on device bond0 [ 987.632235][T10981] hsr_slave_0: entered promiscuous mode [ 987.657942][T10981] hsr_slave_1: entered promiscuous mode [ 987.904865][T10911] Bluetooth: hci1: command tx timeout [ 987.965236][T10910] 8021q: adding VLAN 0 to HW filter on device team0 [ 988.079367][ T4726] bridge0: port 1(bridge_slave_0) entered blocking state [ 988.087188][ T4726] bridge0: port 1(bridge_slave_0) entered forwarding state [ 988.136081][T11056] loop4: detected capacity change from 0 to 4096 [ 988.205136][ T4726] bridge0: port 2(bridge_slave_1) entered blocking state [ 988.211963][T11056] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 988.212805][ T4726] bridge0: port 2(bridge_slave_1) entered forwarding state [ 988.231550][ T5126] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 988.557201][ T5126] usb 4-1: Using ep0 maxpacket: 8 [ 988.685013][ T5126] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 988.693972][ T5126] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 988.704362][ T5126] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 988.714557][ T5126] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 988.724870][ T5126] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 988.740747][ T5126] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 988.750067][ T5126] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 988.975763][ T29] audit: type=1800 audit(988.954:402): pid=11063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="sda1" ino=1952 res=0 errno=0 [ 989.132122][ T5126] usb 4-1: usb_control_msg returned -32 [ 989.138289][ T5126] usbtmc 4-1:16.0: can't read capabilities [ 989.241570][T11066] loop4: detected capacity change from 0 to 64 [ 989.427694][T10981] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 989.481845][T10981] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 989.563431][T10981] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 989.669066][T10981] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 990.189442][T10910] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 990.288132][ T29] audit: type=1804 audit(990.214:403): pid=11078 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3272511842/syzkaller.pDhA59/158/cgroup.controllers" dev="sda1" ino=1951 res=1 errno=0 [ 990.315385][ T29] audit: type=1804 audit(990.234:404): pid=11078 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir3272511842/syzkaller.pDhA59/158/cgroup.controllers" dev="sda1" ino=1951 res=1 errno=0 [ 990.572037][T11081] loop3: detected capacity change from 0 to 1024 [ 990.610651][T11081] EXT4-fs: Ignoring removed nomblk_io_submit option [ 990.645355][T11081] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 990.654388][T11081] EXT4-fs (loop3): Test dummy encryption mode enabled [ 990.769533][T11081] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003] [ 990.796040][T10910] veth0_vlan: entered promiscuous mode [ 990.822308][T10981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 990.903998][T10981] 8021q: adding VLAN 0 to HW filter on device team0 [ 990.948765][T11081] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 990.988952][T10910] veth1_vlan: entered promiscuous mode [ 991.023494][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 991.031253][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 991.141528][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 991.149212][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 991.435776][T10910] veth0_macvtap: entered promiscuous mode [ 991.517628][T10910] veth1_macvtap: entered promiscuous mode [ 991.686531][T10910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 991.699455][T10910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 991.714168][T10910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 991.726860][T10910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 991.737578][T10910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 991.748292][T10910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 991.763208][T10910] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 991.869291][T10910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 991.880093][T10910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 991.890533][T10910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 991.901278][T10910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 991.912499][T10910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 991.923518][T10910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 991.938381][T10910] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 992.037217][T10910] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 992.046560][T10910] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 992.055676][T10910] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 992.064895][T10910] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 992.192422][T11090] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073709551614) [ 992.204081][T11090] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647 [ 992.725845][ T8] usb 4-1: USB disconnect, device number 31 [ 992.838205][ T7739] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 992.886606][T10981] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 993.378581][T10981] veth0_vlan: entered promiscuous mode [ 993.522124][T10981] veth1_vlan: entered promiscuous mode [ 993.939693][T10981] veth0_macvtap: entered promiscuous mode [ 994.010437][T10981] veth1_macvtap: entered promiscuous mode [ 994.064975][T11104] loop3: detected capacity change from 0 to 2048 [ 994.122183][T11104] udf: Unknown parameter 'archarset' [ 994.178209][T10981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 994.189167][T10981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.189598][T11107] loop2: detected capacity change from 0 to 256 [ 994.199185][T10981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 994.199282][T10981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.199361][T10981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 994.240026][T10981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.250292][T10981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 994.261043][T10981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.325591][T11107] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 994.339094][T10981] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 994.436037][T10981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 994.447616][T10981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.457770][T10981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 994.471663][T10981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.482875][T10981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 994.493640][T10981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.503841][T10981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 994.516624][T10981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.532374][T10981] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 994.789868][T10981] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 994.799202][T10981] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 994.809336][T10981] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 994.820830][T10981] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 995.022773][T11104] loop3: detected capacity change from 0 to 32768 [ 995.036568][T11104] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (11104) [ 995.154525][T11104] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 995.167198][T11104] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 995.177414][T11104] BTRFS info (device loop3): using free-space-tree [ 997.673960][T11104] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 997.676847][T11104] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 997.695708][T11104] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 997.707975][T11104] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 997.721273][T11104] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 997.733957][T11104] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 998.335906][T11104] BTRFS error (device loop3): open_ctree failed [ 998.851305][ T5128] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 999.121806][ T5128] usb 3-1: Using ep0 maxpacket: 32 [ 999.250654][ T5128] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 999.451586][ T5128] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 999.461137][ T5128] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 999.469406][ T5128] usb 3-1: Product: syz [ 999.473949][ T5128] usb 3-1: Manufacturer: syz [ 999.478768][ T5128] usb 3-1: SerialNumber: syz [ 999.522840][ T5128] usb 3-1: config 0 descriptor?? [ 999.554058][T11137] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 999.635831][ T5128] hub 3-1:0.0: bad descriptor, ignoring hub [ 999.642208][ T5128] hub 3-1:0.0: probe with driver hub failed with error -5 [ 999.658474][ T5128] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input11 [ 999.813931][ T5128] usb 3-1: USB disconnect, device number 37 [ 1000.079341][ T29] audit: type=1800 audit(1000.004:405): pid=11154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="sda1" ino=1935 res=0 errno=0 [ 1000.653291][T11163] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1001.342121][ T780] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 1001.462437][ T3875] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1001.470625][ T3875] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1001.559468][ T4243] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1001.567813][ T4243] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1001.710975][ T780] usb 4-1: Using ep0 maxpacket: 8 [ 1001.833007][ T780] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1001.844278][ T780] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1001.855261][ T780] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1001.865448][ T780] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1001.875801][ T780] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1001.892910][ T780] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1001.903466][ T780] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1001.987794][T11181] loop2: detected capacity change from 0 to 256 [ 1002.043253][T11181] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1002.243614][ T780] usb 4-1: usb_control_msg returned -32 [ 1002.249544][ T780] usbtmc 4-1:16.0: can't read capabilities [ 1002.311248][ T5128] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 1002.570658][ T5128] usb 1-1: Using ep0 maxpacket: 32 [ 1005.561278][ T5128] usb 1-1: unable to read config index 0 descriptor/all [ 1005.568688][ T5128] usb 1-1: can't read configurations, error -71 [ 1005.573962][ T8] usb 4-1: USB disconnect, device number 32 [ 1005.706209][ T4265] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1005.714888][ T4265] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1005.787315][T11197] loop2: detected capacity change from 0 to 2048 [ 1005.838707][T11197] udf: Unknown parameter 'archarset' [ 1005.893017][ T4425] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1005.902099][ T4425] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1006.029892][T11202] loop0: detected capacity change from 0 to 128 [ 1006.072738][T11202] affs: Unrecognized mount option "Ä-÷Wº×…ß„ÚÍ¢ŸþS½¡;™hý¡9Nß"@ý#>ÉÐå±Ú??M)h¢iÆ°ïv½ /|¬çÂ" or missing value [ 1006.089717][T11202] affs: Error parsing options [ 1006.581028][ T5128] usb 1-1: new low-speed USB device number 30 using dummy_hcd [ 1006.783405][T11197] loop2: detected capacity change from 0 to 32768 [ 1006.803318][T11197] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (11197) [ 1006.834475][T11197] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1006.845141][T11197] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 1006.855733][T11197] BTRFS info (device loop2): using free-space-tree [ 1006.874786][ T5128] usb 1-1: Invalid ep0 maxpacket: 32 [ 1006.900099][ T29] audit: type=1800 audit(1006.874:406): pid=11209 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="sda1" ino=1968 res=0 errno=0 [ 1006.906541][ T5128] usb usb1-port1: attempt power cycle [ 1007.359018][ T7283] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1007.373870][ T5128] usb 1-1: new low-speed USB device number 31 using dummy_hcd [ 1007.480891][ T5128] usb 1-1: Invalid ep0 maxpacket: 32 [ 1007.652116][ T5128] usb 1-1: new low-speed USB device number 32 using dummy_hcd [ 1007.750779][ T5128] usb 1-1: Invalid ep0 maxpacket: 32 [ 1007.769811][ T5128] usb usb1-port1: unable to enumerate USB device [ 1007.783014][ T5126] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 1007.798932][T11238] loop1: detected capacity change from 0 to 256 [ 1007.849766][T11238] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1007.867504][T11240] fuse: Bad value for 'fd' [ 1007.977099][T11240] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1007.984016][ T5126] usb 5-1: device descriptor read/64, error -71 [ 1007.994413][T11240] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 1008.270640][ T5126] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 1008.501006][ T5126] usb 5-1: device descriptor read/64, error -71 [ 1008.627330][ T5126] usb usb5-port1: attempt power cycle [ 1008.755069][ T5128] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 1008.765823][ T780] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 1009.020453][ T780] usb 2-1: Using ep0 maxpacket: 32 [ 1009.035228][ T5128] usb 4-1: Using ep0 maxpacket: 8 [ 1009.056799][ T5126] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 1009.084187][T11251] loop0: detected capacity change from 0 to 1024 [ 1009.103373][T11251] EXT4-fs: Ignoring removed orlov option [ 1009.109379][T11251] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1009.130451][T11251] EXT4-fs (loop0): Test dummy encryption mode enabled [ 1009.145933][ T780] usb 2-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 1009.159542][ T780] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1009.162544][T11251] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1009.180816][ T5126] usb 5-1: device descriptor read/8, error -71 [ 1009.191305][ T5128] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1009.199775][ T5128] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1009.209986][ T5128] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1009.222778][ T5128] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1009.234036][ T5128] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1009.247494][ T5128] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1009.260992][ T5128] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1009.307342][ T780] usb 2-1: config 0 descriptor?? [ 1009.372209][ T780] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 1009.470654][ T5126] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 1009.510557][T10910] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1009.560845][ T5126] usb 5-1: device descriptor read/8, error -71 [ 1009.589946][ T5128] usb 4-1: usb_control_msg returned -32 [ 1009.596013][ T5128] usbtmc 4-1:16.0: can't read capabilities [ 1009.702128][ T5126] usb usb5-port1: unable to enumerate USB device [ 1009.992480][T11249] loop2: detected capacity change from 0 to 32768 [ 1010.021552][T11249] btrfs: Deprecated parameter 'usebackuproot' [ 1010.027983][T11249] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 1010.121175][T11249] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (11249) [ 1010.225633][T11249] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1010.236353][T11249] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm [ 1010.250140][T11249] BTRFS info (device loop2): using free-space-tree [ 1010.671397][ T4243] BTRFS warning (device loop2): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x26333c6f level 0 [ 1010.706142][T11249] BTRFS warning (device loop2): couldn't read tree root [ 1010.713664][T11249] BTRFS warning (device loop2): try to load backup roots slot 1 [ 1010.769503][ T4243] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x78ca8373 level 0 [ 1010.832192][T11249] BTRFS warning (device loop2): couldn't read tree root [ 1010.839694][T11249] BTRFS warning (device loop2): try to load backup roots slot 2 [ 1010.876274][ T4243] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 1010.906764][T11249] BTRFS warning (device loop2): couldn't read tree root [ 1010.914377][T11249] BTRFS warning (device loop2): try to load backup roots slot 3 [ 1010.965303][ T29] audit: type=1804 audit(1010.864:407): pid=11277 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3272511842/syzkaller.pDhA59/166/cgroup.controllers" dev="sda1" ino=1936 res=1 errno=0 [ 1010.992209][ T29] audit: type=1804 audit(1010.894:408): pid=11277 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir3272511842/syzkaller.pDhA59/166/cgroup.controllers" dev="sda1" ino=1936 res=1 errno=0 [ 1011.132042][T11275] loop0: detected capacity change from 0 to 32768 [ 1011.147806][T11249] BTRFS info (device loop2): rebuilding free space tree [ 1011.161918][T11275] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (11275) [ 1011.194801][T11275] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1011.211532][T11275] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 1011.222020][T11275] BTRFS info (device loop0): using free-space-tree [ 1011.285134][T11283] loop3: detected capacity change from 0 to 1024 [ 1011.293050][T11249] BTRFS info (device loop2): checking UUID tree [ 1011.300040][T11283] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1011.337398][T11283] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1011.346590][T11283] EXT4-fs (loop3): Test dummy encryption mode enabled [ 1011.429733][T11283] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003] [ 1011.631732][T11283] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1011.653332][T11243] loop1: detected capacity change from 0 to 2048 [ 1011.736164][T10910] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1011.835129][T11243] EXT4-fs error (device loop1): __ext4_fill_super:5464: inode #2: comm syz-executor.1: unexpected EA_INODE flag [ 1011.863450][T11243] EXT4-fs (loop1): get root inode failed [ 1011.873745][T11243] EXT4-fs (loop1): mount failed [ 1011.997447][T11312] Process accounting resumed [ 1012.023144][ T7283] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1012.106746][ T4726] usb 2-1: USB disconnect, device number 40 [ 1013.114881][T11320] loop4: detected capacity change from 0 to 1024 [ 1013.167524][T11320] EXT4-fs: Ignoring removed orlov option [ 1013.170512][ T29] audit: type=1800 audit(1013.094:409): pid=11317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="sda1" ino=1953 res=0 errno=0 [ 1013.173874][T11320] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1013.281286][T11320] EXT4-fs (loop4): Test dummy encryption mode enabled [ 1013.353597][T11320] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1013.399468][ T780] usb 4-1: USB disconnect, device number 33 [ 1013.555800][ T4726] hid-generic 0000:0000:0000.0020: unknown main item tag 0x0 [ 1013.565102][ T4726] hid-generic 0000:0000:0000.0020: unknown main item tag 0x0 [ 1013.632847][ T7739] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1013.664511][ T4726] hid-generic 0000:0000:0000.0020: hidraw0: HID v0.00 Device [syz0] on syz1 [ 1013.850743][ T8458] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1013.948163][T11332] loop1: detected capacity change from 0 to 512 [ 1013.995858][T11332] EXT4-fs (loop1): Test dummy encryption mode enabled [ 1014.014326][T11332] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #15: comm syz-executor.1: casefold flag without casefold feature [ 1014.053097][T11332] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz-executor.1: couldn't read orphan inode 15 (err -117) [ 1014.112539][T11332] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1014.241907][T11340] input: syz0 as /devices/virtual/input/input12 [ 1014.316280][T11344] syz-executor.1[11344] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1014.616430][T11346] binder: 11336:11346 ioctl 4018620d 0 returned -22 [ 1014.895228][T11341] loop4: detected capacity change from 0 to 32768 [ 1015.138385][T11341] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (11341) [ 1015.178647][T11341] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1015.190542][T11341] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 1015.208897][T11341] BTRFS info (device loop4): using free-space-tree [ 1015.466401][T11332] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))" [ 1015.692439][T11374] Process accounting resumed [ 1015.866935][ T8458] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1015.949737][T10981] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1015.980933][ T780] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 1016.236825][ T780] usb 4-1: Using ep0 maxpacket: 32 [ 1016.384797][ T780] usb 4-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 1016.394309][ T780] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1016.440106][T11380] loop1: detected capacity change from 0 to 2048 [ 1016.440825][ T780] usb 4-1: config 0 descriptor?? [ 1016.494941][ T4726] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 1016.507275][ T780] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 1016.565949][T11380] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1016.645254][T11380] EXT4-fs error (device loop1): ext4_find_dest_de:2111: inode #2: block 16: comm syz-executor.1: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0 [ 1016.793753][ T4726] usb 3-1: Using ep0 maxpacket: 8 [ 1016.953150][ T4726] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 1016.962018][ T4726] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1016.972304][ T4726] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1016.982395][ T4726] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1016.992676][ T4726] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1017.006961][ T4726] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1017.016742][ T4726] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1017.110768][ T779] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 1017.164921][T11373] loop0: detected capacity change from 0 to 32768 [ 1017.198380][T11373] btrfs: Deprecated parameter 'usebackuproot' [ 1017.207927][T11373] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 1017.231848][T11373] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (11373) [ 1017.278768][T11373] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1017.289641][T11373] BTRFS info (device loop0): using crc32c (crc32c-generic) checksum algorithm [ 1017.299623][T11373] BTRFS info (device loop0): using free-space-tree [ 1017.361339][ T4726] usb 3-1: usb_control_msg returned -32 [ 1017.368895][ T4726] usbtmc 3-1:16.0: can't read capabilities [ 1017.389860][ T4243] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x26333c6f level 0 [ 1017.410476][T11373] BTRFS warning (device loop0): couldn't read tree root [ 1017.417871][T11373] BTRFS warning (device loop0): try to load backup roots slot 1 [ 1017.428816][ T6538] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x78ca8373 level 0 [ 1017.452054][T11373] BTRFS warning (device loop0): couldn't read tree root [ 1017.459259][T11373] BTRFS warning (device loop0): try to load backup roots slot 2 [ 1017.470741][ T6538] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 1017.482003][T11373] BTRFS warning (device loop0): couldn't read tree root [ 1017.489189][T11373] BTRFS warning (device loop0): try to load backup roots slot 3 [ 1017.533409][T11373] BTRFS info (device loop0): rebuilding free space tree [ 1017.566145][ T779] usb 2-1: config 1 has an invalid interface number: 2 but max is 1 [ 1017.574888][ T779] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1017.585376][ T779] usb 2-1: config 1 has 3 interfaces, different from the descriptor's value: 2 [ 1017.594688][ T779] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1017.605967][ T779] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1017.617160][ T779] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 1017.627518][ T779] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1017.640816][ T779] usb 2-1: config 1 interface 1 has no altsetting 0 [ 1017.665133][T11373] BTRFS info (device loop0): checking UUID tree [ 1017.827542][ T779] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1017.837156][ T779] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1017.845478][ T779] usb 2-1: Product: syz [ 1017.849861][ T779] usb 2-1: Manufacturer: syz [ 1017.854790][ T779] usb 2-1: SerialNumber: syz [ 1017.868704][ T1230] ieee802154 phy0 wpan0: encryption failed: -22 [ 1017.875961][ T1230] ieee802154 phy1 wpan1: encryption failed: -22 [ 1017.933144][ T29] audit: type=1800 audit(1017.884:410): pid=11405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file2" dev="sda1" ino=1970 res=0 errno=0 [ 1018.018761][T10910] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1018.168430][ T779] usb 2-1: selecting invalid altsetting 0 [ 1018.174671][ T779] usb 2-1: selecting invalid altsetting 0 [ 1018.184128][ T779] cdc_ncm 2-1:1.0: bind() failure [ 1018.220510][ T779] cdc_ncm 2-1:1.2: CDC Union missing and no IAD found [ 1018.229006][ T779] cdc_ncm 2-1:1.2: bind() failure [ 1018.247206][ T779] usb 2-1: selecting invalid altsetting 0 [ 1018.253333][ T779] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -22 [ 1018.263490][ T779] usb 2-1: selecting invalid altsetting 0 [ 1018.270847][ T779] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -22 [ 1018.282881][ T779] usb 2-1: selecting invalid altsetting 0 [ 1018.288855][ T779] usbtest 2-1:1.1: probe with driver usbtest failed with error -22 [ 1018.376454][T11376] loop3: detected capacity change from 0 to 2048 [ 1018.539529][T11376] EXT4-fs error (device loop3): __ext4_fill_super:5464: inode #2: comm syz-executor.3: unexpected EA_INODE flag [ 1018.588082][T11376] EXT4-fs (loop3): get root inode failed [ 1018.594294][T11376] EXT4-fs (loop3): mount failed [ 1018.596193][ T29] audit: type=1804 audit(1018.524:411): pid=11408 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1837345664/syzkaller.V1TXDR/198/cgroup.controllers" dev="sda1" ino=1932 res=1 errno=0 [ 1018.626161][ T29] audit: type=1804 audit(1018.554:412): pid=11408 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir1837345664/syzkaller.V1TXDR/198/cgroup.controllers" dev="sda1" ino=1932 res=1 errno=0 [ 1018.707106][T11413] loop4: detected capacity change from 0 to 1024 [ 1018.753711][T11413] EXT4-fs: Ignoring removed orlov option [ 1018.759757][T11413] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1018.803357][T11413] EXT4-fs (loop4): Test dummy encryption mode enabled [ 1018.862458][T11413] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1018.916915][ T780] usb 4-1: USB disconnect, device number 34 [ 1019.051738][T11409] loop2: detected capacity change from 0 to 1024 [ 1019.101053][T11409] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1019.145367][T11409] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1019.156334][T11409] EXT4-fs (loop2): Test dummy encryption mode enabled [ 1019.218412][T11409] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003] [ 1019.277840][T11419] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1019.280074][T11409] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1019.318554][T11419] ieee802154 phy0 wpan0: encryption failed: -22 [ 1019.339886][ T8458] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1019.776908][ T4726] usb 2-1: USB disconnect, device number 41 [ 1019.997285][T10981] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1020.148342][T11428] loop3: detected capacity change from 0 to 132 [ 1020.347870][ T29] audit: type=1804 audit(1020.264:413): pid=11430 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir163231968/syzkaller.9rfqLP/142/file0" dev="sda1" ino=1955 res=1 errno=0 [ 1020.917855][ T5126] usb 3-1: USB disconnect, device number 38 [ 1021.577561][ T7283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1021.639257][T11439] loop3: detected capacity change from 0 to 128 [ 1021.704204][T11434] loop1: detected capacity change from 0 to 32768 [ 1021.751637][T11434] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (11434) [ 1021.782800][T11434] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1021.793619][T11434] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 1021.803819][T11434] BTRFS info (device loop1): using free-space-tree [ 1021.834126][T11439] affs: No valid root block on device loop3 [ 1022.667021][T11460] Process accounting resumed [ 1022.815986][T10981] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1023.076387][T11456] loop4: detected capacity change from 0 to 8192 [ 1023.276552][T11456] REISERFS warning (device loop4): super-6507 reiserfs_parse_options: bad value auto+conv for -oresize [ 1023.276552][T11456] [ 1023.586736][T11465] loop2: detected capacity change from 0 to 1024 [ 1023.760347][T11465] EXT4-fs: Ignoring removed orlov option [ 1023.766300][T11465] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1023.835987][T11465] EXT4-fs (loop2): Test dummy encryption mode enabled [ 1023.979342][T11465] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1024.353516][ T4726] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 1024.483852][ T7283] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1024.660911][ T4726] usb 1-1: Using ep0 maxpacket: 32 [ 1024.742575][ T29] audit: type=1800 audit(1024.674:414): pid=11476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file2" dev="sda1" ino=1953 res=0 errno=0 [ 1024.835775][ T4726] usb 1-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 1024.847973][ T4726] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1024.892666][ T4726] usb 1-1: config 0 descriptor?? [ 1024.938970][ T4726] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 1025.512447][T11491] loop4: detected capacity change from 0 to 1024 [ 1025.748629][T11491] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1025.791669][ T8] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 1026.010914][T11488] loop2: detected capacity change from 0 to 32768 [ 1026.029027][T11488] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (11488) [ 1026.079996][T11488] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1026.080709][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 1026.090797][T11488] BTRFS info (device loop2): using sha256 (sha256-generic) checksum algorithm [ 1026.107408][T11488] BTRFS info (device loop2): using free-space-tree [ 1026.110998][T11491] loop4: detected capacity change from 1024 to 0 [ 1026.242923][ T8] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1026.251503][ T8] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1026.262907][ T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1026.273492][ T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1026.283844][ T8] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1026.297236][ T8] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1026.306681][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1026.344502][ T8458] bio_check_eod: 23 callbacks suppressed [ 1026.344573][ T8458] syz-executor.4: attempt to access beyond end of device [ 1026.344573][ T8458] loop4: rw=12288, sector=32, nr_sectors = 2 limit=0 [ 1026.466642][ T8458] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1026.514572][ T8458] syz-executor.4: attempt to access beyond end of device [ 1026.514572][ T8458] loop4: rw=145409, sector=2, nr_sectors = 2 limit=0 [ 1026.531381][ T8458] Buffer I/O error on dev loop4, logical block 1, lost sync page write [ 1026.539857][ T8458] EXT4-fs (loop4): I/O error while writing superblock [ 1026.649223][ T8] usb 2-1: usb_control_msg returned -32 [ 1026.655356][ T8] usbtmc 2-1:16.0: can't read capabilities [ 1026.710499][T11493] kmmpd-loop4: attempt to access beyond end of device [ 1026.710499][T11493] loop4: rw=14337, sector=128, nr_sectors = 2 limit=0 [ 1026.725707][T11493] Buffer I/O error on dev loop4, logical block 64, lost sync page write [ 1027.115897][ T6538] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1027.263505][ T6538] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1027.409634][ T6538] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1027.446574][T11469] loop0: detected capacity change from 0 to 2048 [ 1027.810648][T11469] EXT4-fs warning (device loop0): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop0. [ 1027.848586][ T6538] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1028.458976][ T780] usb 1-1: USB disconnect, device number 33 [ 1028.667314][ T6538] bridge_slave_1: left allmulticast mode [ 1028.674549][ T6538] bridge_slave_1: left promiscuous mode [ 1028.688950][ T6538] bridge0: port 2(bridge_slave_1) entered disabled state [ 1028.718437][ T6538] bridge_slave_0: left allmulticast mode [ 1028.725304][ T6538] bridge_slave_0: left promiscuous mode [ 1028.733008][ T6538] bridge0: port 1(bridge_slave_0) entered disabled state [ 1028.781163][ T29] audit: type=1804 audit(1028.684:415): pid=11516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3762663747/syzkaller.M1fV2o/9/cgroup.controllers" dev="sda1" ino=1946 res=1 errno=0 [ 1028.811157][ T5126] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 1029.058909][T11514] loop1: detected capacity change from 0 to 1024 [ 1029.140443][ T5126] usb 4-1: Using ep0 maxpacket: 8 [ 1029.168063][T11514] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1029.253626][T11514] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1029.262923][T11514] EXT4-fs (loop1): Test dummy encryption mode enabled [ 1029.294470][ T5126] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1029.305270][ T5126] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 1029.316320][ T5126] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1029.333827][ T5126] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1029.344516][ T5126] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1029.355494][ T7283] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1029.407329][T11514] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003] [ 1029.417511][ T6538] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1029.426042][T11514] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1029.465348][ T5126] usb 4-1: config 0 descriptor?? [ 1029.487544][ T6538] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1029.526235][ T6538] bond0 (unregistering): Released all slaves [ 1029.748571][ T5128] usb 4-1: USB disconnect, device number 35 [ 1029.976283][T11527] loop0: detected capacity change from 0 to 1024 [ 1030.021692][T11527] EXT4-fs: Ignoring removed orlov option [ 1030.027721][T11527] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1030.068463][T11527] EXT4-fs (loop0): Test dummy encryption mode enabled [ 1030.178441][T11527] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1030.356288][ T6538] hsr_slave_0: left promiscuous mode [ 1030.403570][ T6538] hsr_slave_1: left promiscuous mode [ 1030.441452][ T6538] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1030.449190][ T6538] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1030.501294][ T6538] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1030.508993][ T6538] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1030.596555][ T6538] veth1_macvtap: left promiscuous mode [ 1030.602621][ T6538] veth0_macvtap: left promiscuous mode [ 1030.608600][ T6538] veth1_vlan: left promiscuous mode [ 1030.614250][ T6538] veth0_vlan: left promiscuous mode [ 1031.257227][T10910] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1031.364692][ T29] audit: type=1800 audit(1031.294:416): pid=11533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file2" dev="sda1" ino=1963 res=0 errno=0 [ 1031.377433][ T779] usb 2-1: USB disconnect, device number 42 [ 1031.522590][T10981] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1031.834213][ T8446] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1031.838499][ T6538] team0 (unregistering): Port device team_slave_1 removed [ 1031.900526][ T8446] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1031.916765][ T6538] team0 (unregistering): Port device team_slave_0 removed [ 1031.918992][ T8446] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1032.054600][ T8446] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1032.070862][ T8446] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1032.097211][ T8446] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1033.045521][T11552] loop3: detected capacity change from 0 to 512 [ 1033.188099][T11552] EXT4-fs: Ignoring removed nobh option [ 1033.329708][T11552] EXT4-fs warning (device loop3): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 1033.342487][T11552] EXT4-fs warning (device loop3): dx_probe:880: Enable large directory feature to access it [ 1033.352972][T11552] EXT4-fs warning (device loop3): dx_probe:965: inode #2: comm syz-executor.3: Corrupt directory, running e2fsck is recommended [ 1033.560111][T11553] loop2: detected capacity change from 0 to 32768 [ 1033.578054][T11553] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (11553) [ 1033.626122][T11553] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1033.637959][T11553] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 1033.648188][T11553] BTRFS info (device loop2): using free-space-tree [ 1034.059518][T11552] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 1034.166567][T11552] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2250: inode #15: comm syz-executor.3: corrupted in-inode xattr: invalid ea_ino [ 1034.195297][T11536] chnl_net:caif_netlink_parms(): no params data found [ 1034.210785][T11577] loop1: detected capacity change from 0 to 256 [ 1034.263804][T11552] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 1034.315696][ T7283] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1034.348499][T11552] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1034.370589][T10911] Bluetooth: hci2: command tx timeout [ 1034.472197][T11552] EXT4-fs warning (device loop3): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 1034.484488][T11552] EXT4-fs warning (device loop3): dx_probe:880: Enable large directory feature to access it [ 1034.495265][T11552] EXT4-fs warning (device loop3): dx_probe:965: inode #2: comm syz-executor.3: Corrupt directory, running e2fsck is recommended [ 1034.605551][ T779] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 1034.895018][ T779] usb 1-1: Using ep0 maxpacket: 32 [ 1035.051707][ T779] usb 1-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 1035.062057][ T779] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1035.107254][ T779] usb 1-1: config 0 descriptor?? [ 1035.173046][ T779] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 1035.403342][ T7739] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1035.555937][T11536] bridge0: port 1(bridge_slave_0) entered blocking state [ 1035.563860][T11536] bridge0: port 1(bridge_slave_0) entered disabled state [ 1035.571753][T11536] bridge_slave_0: entered allmulticast mode [ 1035.584591][T11536] bridge_slave_0: entered promiscuous mode [ 1035.647437][T11536] bridge0: port 2(bridge_slave_1) entered blocking state [ 1035.655563][T11536] bridge0: port 2(bridge_slave_1) entered disabled state [ 1035.663518][T11536] bridge_slave_1: entered allmulticast mode [ 1035.672635][T11536] bridge_slave_1: entered promiscuous mode [ 1035.800768][T11588] loop1: detected capacity change from 0 to 1024 [ 1035.857307][T11588] EXT4-fs: Ignoring removed orlov option [ 1035.863353][T11588] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1035.891619][T11536] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1035.906192][T11588] EXT4-fs (loop1): Test dummy encryption mode enabled [ 1035.941249][T11536] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1035.959235][T11588] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1036.079855][T11536] team0: Port device team_slave_0 added [ 1036.105995][T11536] team0: Port device team_slave_1 added [ 1036.200665][ T8] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 1036.241271][T11536] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1036.251349][T11536] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1036.278813][T11536] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1036.326038][T11593] loop2: detected capacity change from 0 to 64 [ 1036.365185][T11536] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1036.372616][T11536] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1036.394140][T10981] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1036.401605][T11536] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1036.424778][T11594] Process accounting resumed [ 1036.460824][T10911] Bluetooth: hci2: command tx timeout [ 1036.472341][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 1036.510905][T11593] Process accounting resumed [ 1036.642790][ T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1036.653404][ T8] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 1036.665093][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1036.678651][ T8] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1036.688215][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1036.723203][T11536] hsr_slave_0: entered promiscuous mode [ 1036.732370][ T8] usb 4-1: config 0 descriptor?? [ 1036.742390][T11536] hsr_slave_1: entered promiscuous mode [ 1036.789416][T11536] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1036.798146][T11536] Cannot create hsr debugfs directory [ 1036.938593][T11599] loop2: detected capacity change from 0 to 256 [ 1036.978534][ T780] usb 4-1: USB disconnect, device number 36 [ 1037.063226][T11579] loop0: detected capacity change from 0 to 2048 [ 1037.131913][ T8] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 1037.150629][T11579] EXT4-fs error (device loop0): __ext4_fill_super:5464: inode #2: comm syz-executor.0: unexpected EA_INODE flag [ 1037.226711][T11579] EXT4-fs (loop0): get root inode failed [ 1037.233011][T11579] EXT4-fs (loop0): mount failed [ 1037.346691][ T780] usb 1-1: USB disconnect, device number 34 [ 1037.410601][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 1037.449088][T11603] mmap: syz-executor.2 (11603): VmData 175796224 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 1037.561827][ T8] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1037.570571][ T8] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1037.581575][ T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1037.592052][ T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1037.602327][ T8] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1037.615719][ T8] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1037.625910][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1037.905248][T11536] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1037.941057][ T8] usb 2-1: usb_control_msg returned -32 [ 1037.946995][ T8] usbtmc 2-1:16.0: can't read capabilities [ 1037.952353][T11536] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1038.011774][T11536] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1038.049751][T11536] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1038.517537][ T780] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 1038.531387][T10911] Bluetooth: hci2: command tx timeout [ 1038.713193][T11616] loop3: detected capacity change from 0 to 256 [ 1038.931957][ T780] usb 1-1: config 0 has an invalid interface number: 48 but max is 0 [ 1038.940470][ T780] usb 1-1: config 0 has no interface number 0 [ 1038.946804][ T780] usb 1-1: too many endpoints for config 0 interface 48 altsetting 120: 48, using maximum allowed: 30 [ 1038.960717][ T780] usb 1-1: config 0 interface 48 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 48 [ 1038.978485][ T780] usb 1-1: config 0 interface 48 has no altsetting 0 [ 1038.985614][ T780] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1038.995155][ T780] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1039.014800][T11536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1039.068375][ T780] usb 1-1: config 0 descriptor?? [ 1039.182203][T11536] 8021q: adding VLAN 0 to HW filter on device team0 [ 1039.232214][ T5126] bridge0: port 1(bridge_slave_0) entered blocking state [ 1039.239999][ T5126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1039.261026][ T29] audit: type=1804 audit(1039.134:417): pid=11618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3762663747/syzkaller.M1fV2o/15/cgroup.controllers" dev="sda1" ino=1960 res=1 errno=0 [ 1039.288292][ T29] audit: type=1804 audit(1039.204:418): pid=11618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir3762663747/syzkaller.M1fV2o/15/cgroup.controllers" dev="sda1" ino=1960 res=1 errno=0 [ 1039.369742][ T5126] bridge0: port 2(bridge_slave_1) entered blocking state [ 1039.377553][ T5126] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1039.489657][T11619] loop1: detected capacity change from 0 to 1024 [ 1039.561935][ T780] usb 1-1: string descriptor 0 read error: -32 [ 1039.578382][T11619] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1039.692226][T11619] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1039.702156][T11619] EXT4-fs (loop1): Test dummy encryption mode enabled [ 1039.792962][T11619] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003] [ 1039.892666][T11619] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1040.261912][ T780] usb 1-1: Cannot set autoneg [ 1040.267298][ T780] MOSCHIP usb-ethernet driver 1-1:0.48: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 1040.363222][ T780] usb 1-1: USB disconnect, device number 35 [ 1040.565699][T11631] loop3: detected capacity change from 0 to 64 [ 1040.602553][T10911] Bluetooth: hci2: command tx timeout [ 1040.803199][T11536] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1041.036782][T11612] loop2: detected capacity change from 0 to 32768 [ 1041.081429][T11612] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (11612) [ 1041.703950][ T779] usb 2-1: USB disconnect, device number 43 [ 1041.896498][T10981] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1042.003617][ T780] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 1042.122649][ T5128] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 1042.293381][ T780] usb 4-1: Using ep0 maxpacket: 8 [ 1042.420801][ T780] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1042.431488][ T780] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 1042.446774][ T780] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1042.460677][ T780] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1042.470010][ T780] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1042.480039][ T5128] usb 1-1: Using ep0 maxpacket: 32 [ 1042.515844][ T780] usb 4-1: config 0 descriptor?? [ 1042.571340][T11650] IPVS: set_ctl: invalid protocol: 0 172.20.20.0:0 [ 1042.605441][ T5128] usb 1-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 1042.614963][ T5128] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1042.632304][T11652] fuse: Unknown parameter '8¢&Æÿ' [ 1042.662748][ T5128] usb 1-1: config 0 descriptor?? [ 1042.709182][ T5128] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 1042.789731][ T780] usb 4-1: USB disconnect, device number 37 [ 1042.867433][T11536] veth0_vlan: entered promiscuous mode [ 1042.931711][T11536] veth1_vlan: entered promiscuous mode [ 1043.136225][T11536] veth0_macvtap: entered promiscuous mode [ 1043.168873][T11536] veth1_macvtap: entered promiscuous mode [ 1043.246264][T11536] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.258366][T11536] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.269100][T11536] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.279896][T11536] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.290040][T11536] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.301005][T11536] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.311107][T11536] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.322858][T11536] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.338684][T11536] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1043.386271][T11536] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1043.397605][T11536] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.411935][T11536] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1043.425195][T11536] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.435667][T11536] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1043.446395][T11536] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.456508][T11536] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1043.467237][T11536] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.483429][T11536] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1043.537678][T11536] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1043.546882][T11536] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1043.556078][T11536] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1043.568207][T11536] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1044.050797][T11662] loop3: detected capacity change from 0 to 256 [ 1044.312819][T11666] loop1: detected capacity change from 0 to 256 [ 1044.566767][T11666] FAT-fs (loop1): Directory bread(block 64) failed [ 1044.575138][T11666] FAT-fs (loop1): Directory bread(block 65) failed [ 1044.582167][T11666] FAT-fs (loop1): Directory bread(block 66) failed [ 1044.591563][T11666] FAT-fs (loop1): Directory bread(block 67) failed [ 1044.598478][T11666] FAT-fs (loop1): Directory bread(block 68) failed [ 1044.606157][T11666] FAT-fs (loop1): Directory bread(block 69) failed [ 1044.613187][T11666] FAT-fs (loop1): Directory bread(block 70) failed [ 1044.619945][T11666] FAT-fs (loop1): Directory bread(block 71) failed [ 1044.627037][T11666] FAT-fs (loop1): Directory bread(block 72) failed [ 1044.634519][T11666] FAT-fs (loop1): Directory bread(block 73) failed [ 1044.740509][T11644] loop0: detected capacity change from 0 to 2048 [ 1044.899286][T11644] EXT4-fs error (device loop0): __ext4_fill_super:5464: inode #2: comm syz-executor.0: unexpected EA_INODE flag [ 1045.012228][T11644] EXT4-fs (loop0): get root inode failed [ 1045.018215][T11644] EXT4-fs (loop0): mount failed [ 1045.296950][ T5128] usb 1-1: USB disconnect, device number 36 [ 1045.831009][ T780] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 1045.911765][ T5128] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 1046.117031][ T780] usb 3-1: Using ep0 maxpacket: 8 [ 1046.206054][ T5128] usb 2-1: Using ep0 maxpacket: 8 [ 1046.271034][ T780] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 1046.279695][ T780] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1046.294282][ T780] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1046.305586][ T780] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1046.316048][ T780] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1046.331638][ T780] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1046.341990][ T780] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1046.401437][ T5128] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1046.411338][ T5128] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1046.471187][ T5128] usb 2-1: config 0 descriptor?? [ 1046.644877][ T780] usb 3-1: usb_control_msg returned -32 [ 1046.651053][ T780] usbtmc 3-1:16.0: can't read capabilities [ 1046.748657][ T5128] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 1046.759522][ T5128] asix 2-1:0.0: probe with driver asix failed with error -32 [ 1047.035552][T11679] loop3: detected capacity change from 0 to 32768 [ 1047.092956][T11679] BTRFS: device /dev/loop3 (7:3) using temp-fsid 5798e30c-8ac0-4c02-90c9-5ea78c22b430 [ 1047.105755][T11679] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (11679) [ 1047.142144][T11700] loop0: detected capacity change from 0 to 4096 [ 1047.157679][T11679] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1047.163745][T11700] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 1047.168193][T11679] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 1047.187474][T11679] BTRFS info (device loop3): using free-space-tree [ 1047.764522][ T6538] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1047.773308][ T6538] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1047.816215][ T7739] BTRFS info (device loop3): last unmount of filesystem 5798e30c-8ac0-4c02-90c9-5ea78c22b430 [ 1047.848271][ T5126] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 1047.934048][ T6538] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1047.942328][ T6538] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1048.242519][ T5126] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1048.253667][ T5126] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1048.263769][ T5126] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 1048.275169][ T5126] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1048.319556][ T5126] usb 1-1: config 0 descriptor?? [ 1048.726487][ T4726] usb 2-1: USB disconnect, device number 44 [ 1049.164975][ T4726] usb 3-1: USB disconnect, device number 39 [ 1049.496265][T11734] [U] 1 [ 1059.513769][ T8446] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1059.532723][ T8446] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1059.569934][ T8446] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1059.604619][ T8446] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1059.631580][ T8446] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1060.731112][T11824] chnl_net:caif_netlink_parms(): no params data found [ 1060.810530][ T779] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 1061.001188][ T4726] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 1061.081923][ T779] usb 4-1: Using ep0 maxpacket: 32 [ 1061.259143][ T3924] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1061.331738][ T779] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1061.331926][ T779] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1061.332132][ T779] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1061.332298][ T779] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1061.375096][ T4726] usb 5-1: Using ep0 maxpacket: 32 [ 1061.409764][ T779] hub 4-1:4.0: USB hub found [ 1061.422211][ T3924] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1061.534304][ T4726] usb 5-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 1061.534473][ T4726] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1061.539160][ T4726] usb 5-1: config 0 descriptor?? [ 1061.561051][ T3924] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1061.594647][ T4726] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 1061.686472][ T3924] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1061.721125][T10911] Bluetooth: hci4: command tx timeout [ 1061.760732][T11840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1061.761218][T11840] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1061.982165][ T3924] bridge_slave_1: left allmulticast mode [ 1061.982272][ T3924] bridge_slave_1: left promiscuous mode [ 1061.983135][ T3924] bridge0: port 2(bridge_slave_1) entered disabled state [ 1061.996104][ T3924] bridge_slave_0: left allmulticast mode [ 1061.996210][ T3924] bridge_slave_0: left promiscuous mode [ 1061.997137][ T3924] bridge0: port 1(bridge_slave_0) entered disabled state [ 1062.569137][T11854] loop0: detected capacity change from 0 to 64 [ 1062.585155][ T3924] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1062.635189][ T3924] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1062.695288][ T3924] bond0 (unregistering): Released all slaves [ 1062.928587][T11824] bridge0: port 1(bridge_slave_0) entered blocking state [ 1062.936680][T11824] bridge0: port 1(bridge_slave_0) entered disabled state [ 1062.944661][T11824] bridge_slave_0: entered allmulticast mode [ 1062.953924][T11824] bridge_slave_0: entered promiscuous mode [ 1062.983841][T11824] bridge0: port 2(bridge_slave_1) entered blocking state [ 1062.992204][T11824] bridge0: port 2(bridge_slave_1) entered disabled state [ 1063.000071][T11824] bridge_slave_1: entered allmulticast mode [ 1063.009362][T11824] bridge_slave_1: entered promiscuous mode [ 1063.012346][ T3924] IPVS: stopping backup sync thread 10639 ... [ 1063.332470][T11824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1063.490071][T11844] loop1: detected capacity change from 0 to 32768 [ 1063.545521][T11824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1063.599692][T11844] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (11844) [ 1063.746844][T11842] loop4: detected capacity change from 0 to 2048 [ 1063.821942][T10911] Bluetooth: hci4: command tx timeout [ 1063.843114][ T3924] hsr_slave_0: left promiscuous mode [ 1063.868261][ T3924] hsr_slave_1: left promiscuous mode [ 1063.906956][ T3924] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1063.915712][ T3924] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1063.930151][T11842] EXT4-fs error (device loop4): __ext4_fill_super:5464: inode #2: comm syz-executor.4: unexpected EA_INODE flag [ 1063.970060][ T3924] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1063.978016][ T3924] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1063.995142][T11842] EXT4-fs (loop4): get root inode failed [ 1064.003490][T11842] EXT4-fs (loop4): mount failed [ 1064.078997][ T3924] veth1_macvtap: left promiscuous mode [ 1064.085055][ T3924] veth0_macvtap: left promiscuous mode [ 1064.091367][ T3924] veth1_vlan: left promiscuous mode [ 1064.096918][ T3924] veth0_vlan: left promiscuous mode [ 1064.433788][ T779] hub 4-1:4.0: config failed, can't read hub descriptor (err -22) [ 1064.533966][ T779] usb 4-1: USB disconnect, device number 40 [ 1064.558657][ T3924] pimreg (unregistering): left allmulticast mode [ 1065.146971][ T3924] team0 (unregistering): Port device team_slave_1 removed [ 1065.177548][ T3924] team0 (unregistering): Port device team_slave_0 removed [ 1065.884100][T11865] loop0: detected capacity change from 0 to 4096 [ 1065.902297][T10911] Bluetooth: hci4: command tx timeout [ 1065.958787][T11824] team0: Port device team_slave_0 added [ 1065.967294][T11865] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 1066.049057][T11824] team0: Port device team_slave_1 added [ 1066.178541][T11867] loop3: detected capacity change from 0 to 32768 [ 1066.196252][T11867] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (11867) [ 1066.256926][T11867] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1066.268727][T11867] BTRFS info (device loop3): using sha256 (sha256-generic) checksum algorithm [ 1066.280034][T11867] BTRFS info (device loop3): using free-space-tree [ 1066.316438][ T4726] usb 5-1: USB disconnect, device number 32 [ 1066.548029][T11824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1066.555704][T11824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1066.586051][T11824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1066.711710][T11824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1066.718864][T11824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1066.745348][T11824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1066.873594][ T5128] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 1067.131591][T11886] loop4: detected capacity change from 0 to 64 [ 1067.361713][ T5128] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1067.369523][T11824] hsr_slave_0: entered promiscuous mode [ 1067.373162][ T5128] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1067.392379][ T5128] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 1067.401967][ T5128] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1067.465915][T11886] hfs: type requires a 4 character value [ 1067.472174][T11886] hfs: unable to parse mount options [ 1067.545540][T11824] hsr_slave_1: entered promiscuous mode [ 1067.564215][T11824] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1067.566444][ T5128] usb 1-1: config 0 descriptor?? [ 1067.572107][T11824] Cannot create hsr debugfs directory [ 1067.610684][ T4726] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 1067.976230][T10911] Bluetooth: hci4: command tx timeout [ 1068.060896][ T4726] usb 2-1: Using ep0 maxpacket: 8 [ 1068.191242][ T5128] usbhid 1-1:0.0: can't add hid device: -71 [ 1068.201180][ T5128] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1068.241435][ T4726] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1068.249915][ T4726] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1068.260961][ T4726] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1068.271121][ T4726] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1068.281446][ T4726] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1068.294978][ T4726] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1068.304738][ T4726] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1068.322065][ T5128] usb 1-1: USB disconnect, device number 42 [ 1068.440036][ T7739] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1068.687540][ T4726] usb 2-1: usb_control_msg returned -32 [ 1068.693548][ T4726] usbtmc 2-1:16.0: can't read capabilities [ 1069.034717][T11895] loop4: detected capacity change from 0 to 64 [ 1069.354488][T11899] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 1069.362904][T11899] netlink: 83992 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1069.375507][T11824] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1069.415487][T11824] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1069.530877][T11824] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1069.587844][T11824] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1070.031248][ T29] audit: type=1804 audit(1069.914:422): pid=11904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3762663747/syzkaller.M1fV2o/26/cgroup.controllers" dev="sda1" ino=1936 res=1 errno=0 [ 1070.060777][ T29] audit: type=1804 audit(1070.004:423): pid=11904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir3762663747/syzkaller.M1fV2o/26/cgroup.controllers" dev="sda1" ino=1936 res=1 errno=0 [ 1070.417890][T11906] loop4: detected capacity change from 0 to 32768 [ 1070.432629][T11906] btrfs: Deprecated parameter 'usebackuproot' [ 1070.438952][T11906] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 1070.456786][T11906] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (11906) [ 1070.543285][T11906] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1070.554645][T11906] BTRFS info (device loop4): using crc32c (crc32c-generic) checksum algorithm [ 1070.566362][T11906] BTRFS info (device loop4): using free-space-tree [ 1070.686369][T11901] loop1: detected capacity change from 0 to 1024 [ 1070.721875][T11901] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1070.790930][T11901] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1070.801081][T11901] EXT4-fs (loop1): Test dummy encryption mode enabled [ 1070.837987][ T6538] BTRFS warning (device loop4): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x26333c6f level 0 [ 1070.854470][T11906] BTRFS warning (device loop4): couldn't read tree root [ 1070.862232][T11906] BTRFS warning (device loop4): try to load backup roots slot 1 [ 1070.872947][ T9960] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x78ca8373 level 0 [ 1070.888028][T11906] BTRFS warning (device loop4): couldn't read tree root [ 1070.895305][T11906] BTRFS warning (device loop4): try to load backup roots slot 2 [ 1070.917713][ T4265] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 1070.938275][T11906] BTRFS warning (device loop4): couldn't read tree root [ 1070.945561][T11906] BTRFS warning (device loop4): try to load backup roots slot 3 [ 1071.032944][T11901] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003] [ 1071.083263][T11906] BTRFS info (device loop4): rebuilding free space tree [ 1071.176803][T11906] BTRFS info (device loop4): checking UUID tree [ 1071.198932][T11901] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1071.272115][T11824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1071.511608][T11824] 8021q: adding VLAN 0 to HW filter on device team0 [ 1071.531768][T11536] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1071.577898][ T780] bridge0: port 1(bridge_slave_0) entered blocking state [ 1071.585874][ T780] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1071.671426][ T780] bridge0: port 2(bridge_slave_1) entered blocking state [ 1071.679177][ T780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1072.326187][ T5128] usb 2-1: USB disconnect, device number 47 [ 1072.364925][ T780] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 1072.568153][T10981] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1072.652177][ T780] usb 4-1: Using ep0 maxpacket: 32 [ 1072.782275][ T780] usb 4-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 1072.791776][ T780] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1072.855437][ T780] usb 4-1: config 0 descriptor?? [ 1072.954237][ T780] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 1073.302155][T11941] mmap: syz-executor.1 (11941) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 1073.484855][T11824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1073.892525][T11824] veth0_vlan: entered promiscuous mode [ 1073.997684][T11824] veth1_vlan: entered promiscuous mode [ 1074.315700][T11824] veth0_macvtap: entered promiscuous mode [ 1074.366475][T11824] veth1_macvtap: entered promiscuous mode [ 1074.543108][T11824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1074.554918][T11824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1074.565084][T11824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1074.575812][T11824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1074.585907][T11824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1074.599070][T11824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1074.611658][T11824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1074.622871][T11824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1074.637914][T11824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1074.708903][T11824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1074.719748][T11824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1074.729917][T11824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1074.740750][T11824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1074.751086][T11824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1074.761827][T11824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1074.771964][T11824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1074.782677][T11824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1074.783991][ T780] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 1074.798936][T11824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1074.881379][T11824] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1074.890634][T11824] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1074.900887][T11824] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1074.909928][T11824] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1074.934172][T11935] loop3: detected capacity change from 0 to 2048 [ 1075.072153][T11935] EXT4-fs error (device loop3): __ext4_fill_super:5464: inode #2: comm syz-executor.3: unexpected EA_INODE flag [ 1075.147250][T11935] EXT4-fs (loop3): get root inode failed [ 1075.153391][T11935] EXT4-fs (loop3): mount failed [ 1075.221702][ T780] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 64, changing to 10 [ 1075.233712][ T780] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 1075.244083][ T780] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 1075.254322][ T780] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1075.265432][ T780] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1075.345522][ T43] usb 4-1: USB disconnect, device number 41 [ 1075.629468][ T780] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -12 [ 1075.707186][ T780] usb 2-1: USB disconnect, device number 48 [ 1076.758481][T11959] loop0: detected capacity change from 0 to 32768 [ 1076.815567][T11959] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (11959) [ 1077.132653][T11961] loop3: detected capacity change from 0 to 32768 [ 1077.166649][T11959] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1077.177399][T11959] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm [ 1077.188838][T11959] BTRFS info (device loop0): using free-space-tree [ 1077.562114][T10911] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1077.571065][T10911] Bluetooth: hci1: Injecting HCI hardware error event [ 1077.578968][T10911] Bluetooth: hci1: hardware error 0x00 [ 1078.133671][T11985] loop1: detected capacity change from 0 to 64 [ 1079.301316][ T1230] ieee802154 phy0 wpan0: encryption failed: -22 [ 1079.308009][ T1230] ieee802154 phy1 wpan1: encryption failed: -22 [ 1079.393617][ T779] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 1079.652376][T10911] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1079.671053][ T779] usb 4-1: Using ep0 maxpacket: 16 [ 1079.830905][ T779] usb 4-1: config 0 has an invalid interface descriptor of length 8, skipping [ 1079.840310][ T779] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1079.850958][ T779] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1079.860362][ T779] usb 4-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.00 [ 1079.869701][ T779] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1079.977893][ T779] usb 4-1: config 0 descriptor?? [ 1080.113119][T11995] loop4: detected capacity change from 0 to 64 [ 1080.138893][T11995] hfs: gid requires an argument [ 1080.144824][T11995] hfs: unable to parse mount options [ 1080.750635][T11993] loop1: detected capacity change from 0 to 32768 [ 1080.768137][T11993] btrfs: Deprecated parameter 'usebackuproot' [ 1080.774860][T11993] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 1080.890141][T11993] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (11993) [ 1081.032497][T11993] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1081.051145][T11993] BTRFS info (device loop1): using crc32c (crc32c-generic) checksum algorithm [ 1081.062066][T11993] BTRFS info (device loop1): using free-space-tree [ 1081.133779][T11990] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1081.307557][ T6538] BTRFS warning (device loop1): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x26333c6f level 0 [ 1081.323561][T11993] BTRFS warning (device loop1): couldn't read tree root [ 1081.331271][T11993] BTRFS warning (device loop1): try to load backup roots slot 1 [ 1081.354151][ T3924] BTRFS warning (device loop1): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x78ca8373 level 0 [ 1081.368167][T11993] BTRFS warning (device loop1): couldn't read tree root [ 1081.378562][T11993] BTRFS warning (device loop1): try to load backup roots slot 2 [ 1081.392708][ T4726] usb 4-1: USB disconnect, device number 42 [ 1081.434654][ T3924] BTRFS error (device loop1): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 1081.446880][T11993] BTRFS warning (device loop1): couldn't read tree root [ 1081.458385][T11993] BTRFS warning (device loop1): try to load backup roots slot 3 [ 1081.502961][T11993] BTRFS info (device loop1): rebuilding free space tree [ 1081.582086][T11993] BTRFS info (device loop1): checking UUID tree [ 1081.658327][T10910] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1081.886417][T10981] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1082.003473][ T780] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 1082.301371][ T780] usb 5-1: Using ep0 maxpacket: 8 [ 1082.421692][ T780] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 1082.432068][ T780] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1082.442777][ T780] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1082.452920][ T780] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1082.463250][ T780] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1082.479544][ T780] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1082.489940][ T780] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1082.673349][ T5128] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 1082.793695][ T780] usb 5-1: usb_control_msg returned -32 [ 1082.799642][ T780] usbtmc 5-1:16.0: can't read capabilities [ 1082.972056][ T5128] usb 4-1: Using ep0 maxpacket: 32 [ 1083.091674][ T5128] usb 4-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 1083.101240][ T5128] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1083.119074][ T5128] usb 4-1: config 0 descriptor?? [ 1083.171904][ T5128] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 1083.194056][ T3875] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1083.202310][ T3875] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1083.288059][ T780] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1083.301223][ T780] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1083.977953][ T29] audit: type=1804 audit(1083.944:424): pid=12037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3706854838/syzkaller.gZHad4/13/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0 [ 1084.004936][ T29] audit: type=1804 audit(1083.954:425): pid=12035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir3706854838/syzkaller.gZHad4/13/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0 [ 1084.210624][ T43] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 1084.253877][T12039] loop4: detected capacity change from 0 to 1024 [ 1084.290955][T12039] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1084.330943][T12039] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1084.340611][T12039] EXT4-fs (loop4): Test dummy encryption mode enabled [ 1084.397466][T12039] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003] [ 1084.506036][T12039] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1084.632768][ T43] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 64, changing to 10 [ 1084.644683][ T43] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1084.655067][ T43] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1084.664496][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1084.712531][T12041] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1084.917361][T12031] loop1: detected capacity change from 0 to 32768 [ 1084.933490][T12031] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (12031) [ 1084.975082][T12031] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1084.980145][ T43] usb 3-1: USB disconnect, device number 40 [ 1084.985808][T12031] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 1085.017601][T12031] BTRFS info (device loop1): using free-space-tree [ 1085.098910][T12023] loop3: detected capacity change from 0 to 2048 [ 1085.178301][T12023] EXT4-fs error (device loop3): __ext4_fill_super:5464: inode #2: comm syz-executor.3: unexpected EA_INODE flag [ 1085.199999][T12023] EXT4-fs (loop3): get root inode failed [ 1085.206208][T12023] EXT4-fs (loop3): mount failed [ 1085.336309][ T780] usb 4-1: USB disconnect, device number 43 [ 1085.431439][T10981] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1086.445786][ T780] usb 5-1: USB disconnect, device number 33 [ 1086.874286][T11536] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1086.914002][T12082] loop1: detected capacity change from 0 to 64 [ 1086.923007][ T43] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 1087.057729][T12078] loop3: detected capacity change from 0 to 32768 [ 1087.083746][T12078] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (12078) [ 1087.108435][T12078] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1087.119304][T12078] BTRFS info (device loop3): using sha256 (sha256-generic) checksum algorithm [ 1087.130816][T12078] BTRFS info (device loop3): using free-space-tree [ 1087.137458][T12084] raw_sendmsg: syz-executor.2 forgot to set AF_INET. Fix it! [ 1087.150775][ T43] usb 1-1: device descriptor read/64, error -71 [ 1087.470825][ T43] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 1087.562702][T10911] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 1087.572829][T10911] Bluetooth: hci0: Injecting HCI hardware error event [ 1087.580778][ T8446] Bluetooth: hci0: hardware error 0x00 [ 1087.712293][ T43] usb 1-1: device descriptor read/64, error -71 [ 1087.913515][ T43] usb usb1-port1: attempt power cycle [ 1088.542782][ T43] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 1088.684355][ T43] usb 1-1: device descriptor read/8, error -71 [ 1089.084173][ T43] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 1089.242969][ T43] usb 1-1: device descriptor read/8, error -71 [ 1089.461797][ T43] usb usb1-port1: unable to enumerate USB device [ 1089.653839][ T8446] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1090.790660][ T5128] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 1091.014176][ T7739] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1091.201732][ T5128] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 64, changing to 10 [ 1091.213640][ T5128] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1091.224124][ T5128] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1091.233702][ T5128] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1091.322419][T12117] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1091.616179][ T4726] usb 2-1: USB disconnect, device number 49 [ 1092.556458][T12142] syzkaller0: mtu less than device minimum [ 1092.829601][T12148] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1093.161036][ T8446] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 1093.169633][ T8446] Bluetooth: hci4: Injecting HCI hardware error event [ 1093.177379][ T8446] Bluetooth: hci4: hardware error 0x00 [ 1093.475011][T12163] nvme_fabrics: unknown parameter or missing value ']' in ctrl creation request [ 1093.478134][ T29] audit: type=1804 audit(1093.434:426): pid=12163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3351455024/syzkaller.eNZFcH/42/bus" dev="sda1" ino=1940 res=1 errno=0 [ 1093.546996][T12163] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 1094.231645][ T4726] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 1094.257361][T12173] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1094.621618][ T4726] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 1094.633668][ T4726] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 1094.645345][ T4726] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1094.654771][ T4726] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1094.698878][T12168] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1095.098167][T12154] loop1: detected capacity change from 0 to 32768 [ 1095.111997][T12154] XFS (loop1): sunit and swidth options incompatible with the noalign option [ 1095.242759][ T8446] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1095.703954][ T29] audit: type=1326 audit(1095.684:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12145 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43c507cea9 code=0x7fc00000 [ 1096.461163][ T4726] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 1096.472264][ T4726] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input13 [ 1096.574291][ T4726] usb 1-1: USB disconnect, device number 47 [ 1096.580616][ C0] aiptek 1-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 1096.832249][T12209] tmpfs: Unknown parameter 'nr_blùN¡å£°v' [ 1097.577555][T12216] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1097.884728][T12220] loop2: detected capacity change from 0 to 128 [ 1104.413542][T12247] loop3: detected capacity change from 0 to 1024 [ 1104.462991][T12247] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 1104.502864][T12247] JBD2: no valid journal superblock found [ 1104.508805][T12247] EXT4-fs (loop3): Could not load journal inode [ 1110.692904][T12273] loop1: detected capacity change from 0 to 32768 [ 1110.822949][T12273] workqueue: Failed to create a rescuer kthread for wq "xfs-inodegc/loop1": -EINTR [ 1111.544192][T12286] loop3: detected capacity change from 0 to 128 [ 1111.773355][T12287] syz-executor.3: attempt to access beyond end of device [ 1111.773355][T12287] loop3: rw=2049, sector=145, nr_sectors = 264 limit=128 [ 1112.183431][ T3875] kworker/u8:17: attempt to access beyond end of device [ 1112.183431][ T3875] loop3: rw=1, sector=409, nr_sectors = 632 limit=128 [ 1112.857276][T12291] loop1: detected capacity change from 0 to 2048 [ 1112.934109][T12291] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 1113.085201][T12291] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1113.107375][T12291] EXT4-fs error (device loop1): ext4_find_extent:936: inode #2: comm syz-executor.1: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 1113.155105][T12291] EXT4-fs (loop1): Remounting filesystem read-only [ 1113.249829][T10981] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1113.336257][T12296] loop3: detected capacity change from 0 to 1024 [ 1113.432905][T12296] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 1113.452502][T12296] JBD2: no valid journal superblock found [ 1113.458509][T12296] EXT4-fs (loop3): Could not load journal inode [ 1116.184382][T12309] loop1: detected capacity change from 0 to 64 [ 1116.382490][T12309] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1116.389603][T12309] overlayfs: failed to set xattr on upper [ 1116.397554][T12309] overlayfs: ...falling back to redirect_dir=nofollow. [ 1116.404878][T12309] overlayfs: ...falling back to index=off. [ 1116.410902][T12309] overlayfs: ...falling back to uuid=null. [ 1120.689067][ T8446] Bluetooth: hci2: link tx timeout [ 1120.694583][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.708474][ T8446] Bluetooth: hci2: link tx timeout [ 1120.714031][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.722640][ T8446] Bluetooth: hci2: link tx timeout [ 1120.730126][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.738219][ T8446] Bluetooth: hci2: link tx timeout [ 1120.743871][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.761067][ T8446] Bluetooth: hci2: link tx timeout [ 1120.766382][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.778949][ T8446] Bluetooth: hci2: link tx timeout [ 1120.785645][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.798481][ T8446] Bluetooth: hci2: link tx timeout [ 1120.803933][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.814215][ T8446] Bluetooth: hci2: link tx timeout [ 1120.819527][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.827533][ T8446] Bluetooth: hci2: link tx timeout [ 1120.834714][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.863478][ T8446] Bluetooth: hci2: link tx timeout [ 1120.868795][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.882536][ T8446] Bluetooth: hci2: link tx timeout [ 1120.887856][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.895958][ T8446] Bluetooth: hci2: link tx timeout [ 1120.901360][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.913865][ T8446] Bluetooth: hci2: link tx timeout [ 1120.919175][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.927159][ T8446] Bluetooth: hci2: link tx timeout [ 1120.934273][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.942858][ T8446] Bluetooth: hci2: link tx timeout [ 1120.948168][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.956271][ T8446] Bluetooth: hci2: link tx timeout [ 1120.961634][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.971090][ T8446] Bluetooth: hci2: link tx timeout [ 1120.980880][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1120.990382][ T8446] Bluetooth: hci2: link tx timeout [ 1120.995693][ T8446] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 1122.520072][T12348] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 1122.529561][T12348] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 1122.658563][T12354] loop4: detected capacity change from 0 to 512 [ 1122.658945][T12348] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 1122.674518][T12354] EXT4-fs: Ignoring removed bh option [ 1122.677367][T12354] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 1122.716572][T12356] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 1122.761695][ T8446] Bluetooth: hci2: command 0x0406 tx timeout [ 1122.850968][T12354] EXT4-fs (loop4): 1 truncate cleaned up [ 1122.857056][T12354] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1122.999492][T12360] loop1: detected capacity change from 0 to 24 [ 1123.040064][T12360] VFS: Can't find a romfs filesystem on dev loop1. [ 1123.040064][T12360] [ 1123.130816][T12354] loop4: detected capacity change from 512 to 64 [ 1123.161497][T12363] syz-executor.4: attempt to access beyond end of device [ 1123.161497][T12363] loop4: rw=2049, sector=72, nr_sectors = 2 limit=64 [ 1123.178515][T12363] EXT4-fs warning (device loop4): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 36) [ 1123.190699][T12363] Buffer I/O error on device loop4, logical block 36 [ 1123.607165][T11536] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1125.346450][T12375] loop4: detected capacity change from 0 to 4096 [ 1126.451761][T12379] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1127.080955][T12382] loop1: detected capacity change from 0 to 2048 [ 1127.148402][T12382] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 1127.209473][T12382] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1130.117174][T12395] syz-executor.3: attempt to access beyond end of device [ 1130.117174][T12395] nbd3: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 1130.131184][T12395] hfsplus: unable to find HFS+ superblock [ 1131.017044][T12403] loop1: detected capacity change from 0 to 512 [ 1131.066528][T12403] EXT4-fs: Ignoring removed bh option [ 1131.106356][T12403] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 1131.183322][T12403] EXT4-fs (loop1): 1 truncate cleaned up [ 1131.189257][T12403] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1131.481057][T12412] loop1: detected capacity change from 512 to 64 [ 1131.570631][T12403] syz-executor.1: attempt to access beyond end of device [ 1131.570631][T12403] loop1: rw=2049, sector=72, nr_sectors = 2 limit=64 [ 1131.584649][T12403] EXT4-fs warning (device loop1): ext4_end_bio:347: I/O error 10 writing to inode 18 starting block 36) [ 1131.598985][T12403] Buffer I/O error on device loop1, logical block 36 [ 1131.622679][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1132.046752][T10981] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1133.522068][T12447] loop1: detected capacity change from 0 to 512 [ 1133.551151][T12447] EXT4-fs: Ignoring removed bh option [ 1133.574876][T12447] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 1133.661258][T12447] EXT4-fs (loop1): 1 truncate cleaned up [ 1133.667181][T12447] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1134.054305][T12447] loop1: detected capacity change from 512 to 64 [ 1134.409578][T12465] batadv1: entered promiscuous mode [ 1134.417930][T12465] batadv1: entered allmulticast mode [ 1134.479069][T10981] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1134.877832][T12471] capability: warning: `syz-executor.3' uses 32-bit capabilities (legacy support in use) [ 1136.446762][T12493] loop2: detected capacity change from 0 to 128 [ 1137.211257][T12501] block nbd3: shutting down sockets [ 1138.582027][T12493] syz-executor.2 (12493): drop_caches: 2 [ 1140.723656][ T1230] ieee802154 phy0 wpan0: encryption failed: -22 [ 1140.730637][ T1230] ieee802154 phy1 wpan1: encryption failed: -22 [ 1140.755015][T12538] loop0: detected capacity change from 0 to 128 [ 1143.772546][T12538] syz-executor.0 (12538): drop_caches: 2 [ 1145.500666][T12620] loop2: detected capacity change from 0 to 128 [ 1146.524012][T12634] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1146.938170][T12643] loop7: detected capacity change from 0 to 16384 [ 1147.074992][T12648] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1147.259133][T12643] I/O error, dev loop7, sector 1280 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [ 1147.289030][T12620] syz-executor.2 (12620): drop_caches: 2 [ 1147.558104][T12620] syz-executor.2 (12620): drop_caches: 2 [ 1148.151804][T12665] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1149.872430][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1151.414554][ T43] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 1151.686504][ T43] usb 5-1: Using ep0 maxpacket: 16 [ 1151.830689][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1151.842163][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1151.852262][ T43] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1151.867330][ T43] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1151.877252][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1151.927616][ T43] usb 5-1: config 0 descriptor?? [ 1152.426692][ T43] microsoft 0003:045E:07DA.0021: unknown main item tag 0x0 [ 1152.493510][ T43] microsoft 0003:045E:07DA.0021: No inputs registered, leaving [ 1152.540606][ T43] microsoft 0003:045E:07DA.0021: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 1152.552500][ T43] microsoft 0003:045E:07DA.0021: no inputs found [ 1152.559077][ T43] microsoft 0003:045E:07DA.0021: could not initialize ff, continuing anyway [ 1152.705367][T11847] usb 5-1: USB disconnect, device number 34 [ 1152.732673][T12763] input: syz0 as /devices/virtual/input/input14 [ 1153.528806][T12776] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1153.853817][T12783] ===================================================== [ 1153.864168][T12783] BUG: KMSAN: uninit-value in io_req_cqe_overflow+0x193/0x1c0 [ 1153.872543][T12783] io_req_cqe_overflow+0x193/0x1c0 [ 1153.878665][T12783] __io_submit_flush_completions+0x7eb/0x1be0 [ 1153.885199][T12783] io_submit_sqes+0x2b30/0x2f10 [ 1153.893082][T12783] __se_sys_io_uring_enter+0x40f/0x3c80 1970/01/01 00:19:13 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 1153.898820][T12783] __x64_sys_io_uring_enter+0x11f/0x1a0 [ 1153.904879][T12783] x64_sys_call+0x2c0/0x3b50 [ 1153.910370][T12783] do_syscall_64+0xcf/0x1e0 [ 1153.915137][T12783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1153.924056][T12783] [ 1153.926478][T12783] Uninit was stored to memory at: [ 1153.931888][T12783] io_recv_finish+0xf10/0x1560 [ 1153.936836][T12783] io_recv+0x12ec/0x1ea0 [ 1153.943028][T12783] io_issue_sqe+0x429/0x22c0 [ 1153.948689][T12783] io_submit_sqes+0x1266/0x2f10 [ 1153.956881][T12783] __se_sys_io_uring_enter+0x40f/0x3c80 [ 1153.962860][T12783] __x64_sys_io_uring_enter+0x11f/0x1a0 [ 1153.968602][T12783] x64_sys_call+0x2c0/0x3b50 [ 1153.973512][T12783] do_syscall_64+0xcf/0x1e0 [ 1153.978219][T12783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1153.987148][T12783] [ 1153.989624][T12783] Uninit was created at: [ 1153.994236][T12783] __kmalloc+0x6e4/0x1060 [ 1153.998731][T12783] io_alloc_async_data+0xc0/0x220 [ 1154.004101][T12783] io_recvmsg_prep+0xbe8/0x1a20 [ 1154.009124][T12783] io_submit_sqes+0x1135/0x2f10 [ 1154.016939][T12783] __se_sys_io_uring_enter+0x40f/0x3c80 [ 1154.023599][T12783] __x64_sys_io_uring_enter+0x11f/0x1a0 [ 1154.029342][T12783] x64_sys_call+0x2c0/0x3b50 [ 1154.034304][T12783] do_syscall_64+0xcf/0x1e0 [ 1154.039015][T12783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1154.047962][T12783] [ 1154.051615][T12783] CPU: 0 PID: 12783 Comm: syz-executor.1 Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 1154.062251][T12783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1154.075279][T12783] ===================================================== [ 1154.082908][T12783] Disabling lock debugging due to kernel taint [ 1154.089167][T12783] Kernel panic - not syncing: kmsan.panic set ... [ 1154.095702][T12783] CPU: 0 PID: 12783 Comm: syz-executor.1 Tainted: G B 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 1154.107438][T12783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1154.117636][T12783] Call Trace: [ 1154.121026][T12783] [ 1154.124063][T12783] dump_stack_lvl+0x216/0x2d0 [ 1154.128962][T12783] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1154.134973][T12783] dump_stack+0x1e/0x30 [ 1154.139333][T12783] panic+0x4e2/0xcd0 [ 1154.143441][T12783] ? kmsan_get_metadata+0xf1/0x1d0 [ 1154.148756][T12783] kmsan_report+0x2d5/0x2e0 [ 1154.153452][T12783] ? __msan_warning+0x95/0x120 [ 1154.158385][T12783] ? io_req_cqe_overflow+0x193/0x1c0 [ 1154.163903][T12783] ? __io_submit_flush_completions+0x7eb/0x1be0 [ 1154.170381][T12783] ? io_submit_sqes+0x2b30/0x2f10 [ 1154.175586][T12783] ? __se_sys_io_uring_enter+0x40f/0x3c80 [ 1154.181498][T12783] ? __x64_sys_io_uring_enter+0x11f/0x1a0 [ 1154.187410][T12783] ? x64_sys_call+0x2c0/0x3b50 [ 1154.192383][T12783] ? do_syscall_64+0xcf/0x1e0 [ 1154.197262][T12783] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1154.203547][T12783] ? kmsan_get_metadata+0x146/0x1d0 [ 1154.208956][T12783] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1154.214971][T12783] ? io_recv_finish+0xead/0x1560 [ 1154.220105][T12783] ? kmsan_get_metadata+0x146/0x1d0 [ 1154.225489][T12783] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1154.231496][T12783] ? io_recv+0x19e8/0x1ea0 [ 1154.236096][T12783] ? kmsan_get_metadata+0x146/0x1d0 [ 1154.241480][T12783] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1154.247483][T12783] __msan_warning+0x95/0x120 [ 1154.252246][T12783] io_req_cqe_overflow+0x193/0x1c0 [ 1154.257605][T12783] __io_submit_flush_completions+0x7eb/0x1be0 [ 1154.263958][T12783] io_submit_sqes+0x2b30/0x2f10 [ 1154.269039][T12783] __se_sys_io_uring_enter+0x40f/0x3c80 [ 1154.274784][T12783] ? kmsan_get_metadata+0x146/0x1d0 [ 1154.280187][T12783] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 1154.286219][T12783] __x64_sys_io_uring_enter+0x11f/0x1a0 [ 1154.291992][T12783] x64_sys_call+0x2c0/0x3b50 [ 1154.296835][T12783] do_syscall_64+0xcf/0x1e0 [ 1154.301559][T12783] ? clear_bhb_loop+0x25/0x80 [ 1154.306536][T12783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1154.312640][T12783] RIP: 0033:0x7f2295a7cea9 [ 1154.317194][T12783] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1154.337007][T12783] RSP: 002b:00007f22968af0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1154.345636][T12783] RAX: ffffffffffffffda RBX: 00007f2295bb3f80 RCX: 00007f2295a7cea9 [ 1154.353766][T12783] RDX: 0000000000000000 RSI: 0000000000005c26 RDI: 0000000000000005 [ 1154.361877][T12783] RBP: 00007f2295aebff4 R08: 0000000000000000 R09: 0000000000000000 [ 1154.369996][T12783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1154.378116][T12783] R13: 000000000000000b R14: 00007f2295bb3f80 R15: 00007ffd3f8966d8 [ 1154.386262][T12783] [ 1154.389612][T12783] Kernel Offset: disabled [ 1154.393994][T12783] Rebooting in 86400 seconds..