last executing test programs: 2m16.819061072s ago: executing program 4 (id=211): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=5']) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020) 2m16.139228924s ago: executing program 4 (id=216): r0 = epoll_create(0x3ff) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0x2016}) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000280)={0x2000000}) 2m15.774623645s ago: executing program 4 (id=219): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000001c0)={r1, 0x1, 0x20}, 0xc) 2m14.823935242s ago: executing program 0 (id=224): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000c40), 0x2, 0x4a7, &(0x7f0000001140)="$eJzs3EtvG0UcAPD/bl59hZhSXm2hhoKIeCRNWqAHJB4CqRckJDiUY0jTqjRtUBMkWkU0IFSOqJ+gcETiE3CCCwIkJBBXuCOkCuXS0gNatLY3dRI7OGkc0+T3k1zPeGZ3ZnY969mZbgLYssr5P0nEroj4LSIGqtHFGcrVtxvzs+N/z8+OJ5Flb/6VVPJdn58dL7IW2+2sRQbTiPSTJPY1KHf6wsUzY5OTE+dr8eGZs+8NT1+4+Mzps2OnJk5NnBs9evTI4ZHnnxt9dl3a2Z/Xde+HU/sfPPb2ldfHj19554ev8vruqqVfn5/tXbxFqQjsjYhs6f5eaqHMcpQXH8s6j6+u+v97/XXhpLuDFWFVuiIiP109lf4/EF1x6+QNxGsfR6QdrR/QPlmWZX3LPs2vCtvzwFwGbGJJdLoGQGcUv/j5fXzx2uAhSEdde7l6A5S3+0btVU3prtz5lEvVe6P+NpVfjgMRcfPq8bmbV2PJfAoAQDt8k49/nm40/kvjvrp8d9XWhkoRcXdE7I6IeyJiT0TcG1HJe39EPNBqwUnjpZHl459ftq+xaS3Jx38v1Na2Fo//Fua9S121WH+l/T3JydOTE4dqx2Qwevry+MgKZXz76q+fNUsrR0Q+9iteefnFWLBWjz+7l0zQnRibGbudNte7diBib3ej9icLKwFJbFvz/vNjdvrJL/c3S//v9q9gHdaZsi8inqie/7lY0v5CsvL65PC2mJw4NFx8K5b78efLbzQr/7bavw6ufRSxo+H3f6H9paR+vXZ61UV0X/7906b3NGv9/vcmb1XCxaLtB2MzM+dHInqTueWfj97atogX+fP2Dx5s3P93R/zzeW27fRGRf4kfioiHIyp3bXndH4mIRyPi4AoH4PtXHns3f/9pTe1vr7z9J1Z1/usDPbH0k0aBrjPffd2s/NbO/5FKaLD2SSvXv2rhxXWreQXXetwAAADgTpJW/g98kkRU50121aXtiR3p5NT0zFMnp94/d6KaVoqetJjpGqibDx2pzQ0X8dEl8cOVeeMsy7LtlfjQ+NRku9bUgdbsrPb/dGjhWpCmQ0PVtD+6Fud9sSM1BNpqVetozZ5oA+5IrfV/HR82o4X+v/xJwILOD5tUtf93DXS6HsDG8/daYOtq1P8vRdzoQFWADeb3H7Yu/R+2rtX2/1Kb6gFsPL//sCUtfiS+N1p4nL+lwO5j67OfzR/o6nQ1+ta2eaQdP3TLA0mDpLRB5rTlPfeuS8VipTx9EdHqDi/FRh3MTl+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1se/AQAA//++KOKq") mkdir(&(0x7f0000000000)='./control\x00', 0x0) 2m14.332332231s ago: executing program 4 (id=226): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x47, 0xc16, &(0x7f0000001940)="$eJzs3V1oXOl5B/DnnSOtRtp0o91NvEmbTQdSEqPUxl+xFVyCnFXUBhxviKzQvYpGH3aGlUdGkhtv2ga1JS30JnRvSm6KaLq0kItedXtZpdlCQimUkIv0oiBosuxFL3QRKLRsVM6Zd6SRLdvKem3J698vTP5nzjxn9H7MnjkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nMXTpxMB90KAOBhujT5pROnff8DwGPlst//AQAAAAAAAAAAAADgsEtRxJFIMfT6ZpqunnfUL7baN25OjU/sfdhgihS1KKr68lE/eer0mU+dPTfazbsf/277cLw4eflC44XFa9eX5peX5+caU+3W7OLc/L7f4X6Pv9VINQCNay/fmLtyZblx6vjpXS/fHH5z4Mkjw+fPHTs72q2dGp+YmOyp6et/xz/9Nnda4fFEFNGMFG8Pv5WaEVGL+x+Le3x2HrTBqhMjVSemxieqjiy0mu2V8sVUy1W1iEbPQWPdMXoIc3FfxiJWy+aXDR4puzd5vbnUnFmYb3yxubTSWmkttlOt09qyP42oxWiKWIuIjYHb364/ivhopHj1xGaaiYiiOw6frBYG37s9tQfQx30o29noj1irPQJzdogNRBGXIsXP3zgas+WY5Ud8POILZb4e8VqZn4lI5QfjTMTP9vgc8WjqiyL+LVIsps00V50PuueVi19ufL59ZbGntnteeeS/Hx6mQ35uqkcRM9UZfzO984sdAAAAAAAAAAAAAAAAAN5tg1HEdyLFnzz/e9W64qjWpb///Oj7Xvrt3jXjz93jfcra4xGxWtvfmtz+vHQ41cr/PYCOsS/1KOIbef3fHx10YwAAAAAAAAAAAAAAAAAAAB5rRbwUKb5y7Ghai957irfaVxuXmzMLnbvCdu/9271n+tbW1lYjdXIs53TO1ZxrOddzbuSMWj4+51jO6ZyrOddyrufcyBlFPj7nWM7pnKs513Ku59zIGX35+JxjOadzruZcy7mecyNnHJJ79wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvJfUoohfRIpvfW0zRYqIsYjp6OT6wEG3DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo1VMRxyPF+kv16vlaLeJyRPxia2ur+4iIzTLv10H3FQAAAAAAAAAAAAAAAAAAAA6tVMTHIsWz/7uZGhFxc/jNgSePDJ8/d+zsaBFFpLKkt/7FycsXGi8sXru+NL+8PD/XmGq3Zhfn5vf74+oXW+0bN6fGJx5IZ+5p8AG3f7D+wuL1V5ZaV7+6sufrQ/ULM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2h0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ//c8zqbtuvK+z5v9XOs+K7drX/mDnbwEs3JJdvX8/YD/bab8NHakW3jemxicmJnt29/XfXlq2KaUinosUn3j1Q9V6+BRDe66NL+ueKuuuncl1w79W1q3uqqqPTI1PNC4tto9dWFhYnG2uNGcW5huT15uz+/7DAQAAAAAAAAAAAAAAAAAAAHAXQ6mIH0eK//67f0/d+87n9f99nWc96/9/q1pCX6mn3bmtWtv/VLW2v7P9/vOjQx99/k77H8T6/7JNKRXxzUhx+scfqu6n313/P31LbVn3Z5Hirec/kutqT5R1zW53Ou94pbUwf6Ks/atI8etvd2ujqr2aa5/dqT1Z1g5Gir/c3F371Vz7gZ3aU2Xt0Ujx/f/au/aDO7Wny9qfRop//NtGt3aorP39XHtkp/b47OLC3L2GtZz/70aKv7n0O6nb5zvOf8/ff1i9JbfdNud333635n+4Z99qntc/zfPfvMf8n40U361/JNd1xn4mv/509f878/+JSPEf/7q79kqufWan9uR+u3XQyvn/TqT43rd/st3nPP95ZHdmqHf+f7Vvd25/Sg5o/p/u2Tec2zX7S47F42j5la+/3FxYmF+yYcOGje2Ngz4z8TCU3/9/Hin+70iRutcx+fv/fZ1nO9d///ONne//87fktgP6/n+mZ9/5fNXS3xdRX7l2vf+5iPryK18/1rrWvDp/db596uSJT3/67MkTJ8/2P9G9uNvZ2vfYvReU8//DSPGjv//R9u8xu6//9r7+H7oltx3Q/D/b26dd1zX7HorHUjn/fx0pnv7sT7Z/37zb9X/39/+jH9udzzyVTxcHNP8f6Nk3nNvV+qVHAwAAAAAAAAAA4NExlIr4i0jxu3/8m6m7hmg///5v7pbcdkD//utIz765h7SuYd+DDABwiJTXfx+MFP+09YPttdy7r//iN7q1vdd/d3IY7v8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPuhRF/GGkGHp9M60PlM876hdb7Rs3p8Yn9j5sMEWKWhRVffmonzx1+synzp4b7ebdj3+3fThenLx8ofHC4rXrS/PLy/Nzjal2a3Zxbn7f73C/x99qpBqAxrWXb8xdubLcOHX89K6Xbw6/OfDkkeHz546dHe3WTo1PTEz21PT1v+Offpt0h/1PRBE/iBRvD7+VvjcQUYv7H4t7fHYetMGqEyNVJ6bGJ6qOLLSa7ZXyxVTLVbWIRs9BY90xeghzcV/GIlbL5pcNHim7N3m9udScWZhvfLG5tNJaaS22U63T2rI/jajFaIpYi4iNgdvfrj+K+GakePXEZvrngYiiOw6fvDT5pROn792e2gPo4z6U7Wz0R6zVHoE5O8QGooh/iBQ/f+NofH8goi86j/h4xBfKfD3itTI/E5HKD8aZiJ/t8Tni0dQXRZyJFItpM70xUJ4PuueVi19ufL59ZbGntnteiRe//Wh/PzxMh/zcVI8iflid8TfTv/jvGgAAAAAAAAAAAAAAAOAQKWItUnzl2NFUrQ/eXlPcal9tXG7OLHSW9XXX/nXXTG9tbW01UifHck7nXM25lnM950bOqOXjc47lnM65mnMt53rOjZxR5ONzjuWczrmacy3nes6NnNGXj885lnM652rOtZzrOTdyxiFZuwcAAAAAAAAAAAAAAAAAALy31KKo7uL+ra9tpq2Bzv2lp6OT6+4H+p73/wEAAP//bDd1Vw==") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x0, 0x0, 0x1400) 2m13.778446746s ago: executing program 0 (id=229): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0xc0086202, &(0x7f0000000040)) 2m13.169482608s ago: executing program 4 (id=232): r0 = open(&(0x7f0000000080)='./file1\x00', 0x20042, 0x144) r1 = open(&(0x7f0000000000)='./file2\x00', 0x6840, 0x120) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffffffc}]}) copy_file_range(r1, 0x0, r0, 0x0, 0x3df1, 0x0) 2m13.127013705s ago: executing program 0 (id=233): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2m12.446330228s ago: executing program 0 (id=236): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0) 2m12.243179257s ago: executing program 4 (id=237): prctl$PR_SCHED_CORE(0x4d, 0x1, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) timer_create(0x2, &(0x7f0000000040)={0x0, 0x3d, 0x1}, &(0x7f0000000180)) 2m10.318138102s ago: executing program 32 (id=237): prctl$PR_SCHED_CORE(0x4d, 0x1, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) timer_create(0x2, &(0x7f0000000040)={0x0, 0x3d, 0x1}, &(0x7f0000000180)) 2m10.291001187s ago: executing program 0 (id=241): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000005c0)={0x0, 0xffffffffffffffff, 0x0, 0x31, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x140070, 0x0) 2m6.206067858s ago: executing program 0 (id=252): r0 = socket$netlink(0x10, 0x3, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000fcffffff850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f08000000480100100000000019002b000a0001000500000000000072080003000500000000", 0x39}], 0x1) 1m50.790926466s ago: executing program 33 (id=252): r0 = socket$netlink(0x10, 0x3, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000fcffffff850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f08000000480100100000000019002b000a0001000500000000000072080003000500000000", 0x39}], 0x1) 5.540231424s ago: executing program 5 (id=774): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1, &(0x7f0000000080), 0x3, 0x4cd, &(0x7f00000000c0)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pRiFLU2r4fNtPYxHx8eK/36Sv6DQO8ecaFQAAGDi/nMx7go39v0Lsrkv3/2wOZTQino6InRHxTETsiohnI6ppn4uI5xszSCIqHfLf1RBfzv/HbBahcPuRK9lB2v97K5vbWtn/y3t/MTqUxXZE5B3mucPZMRmP0vAnZ8tzR9rsf8sq+df3/9JXmn/eF8zKcbvYMEA3O70w/XC1bXbnesTeYmP9k2J64vJpnCQi9kTE3h72O1oXPvvad/uWIqWV6Vavf1WlxZRez/NxrVS+jXi1dv4XY8X5X84x6Tw/OTkS5bnDk+lVcLhlHr/9fuODdvmvWv+f/mrc5J3jP5961GovSc//trrrP/L52+X6jyYRydJ87XxEZai3PG788VV1v2OHmtc97PW/JfmoGs7b1+fTCwuXjkRsSd5rXj61vG0ez9On9R8/1Lr978y2SY/ECxGRXsQvRsRLEbE/K/uBiDgYES2qtuTXt1/+tN26Lq//NZPWf7bl/W/F+V+er+8ykG+cLhk6d+DWgzY3j+7O/7FqaDxb0vr+l6y4RXRb0kc7egAAALA5FKL63f/CxFK4UJiYqI0B7YpthfLF+YX9EXFhtvaMwGiUCvlIV208uJTk45+jdfGphvjRbNz466Gt1fjEzMXy7EZXHgbc9mqbT5raf+rvHsd5gU2oD/NowCa1WvvffXOdCgKsO+//MLjq2v9imySLvikDTybv/zC4WrX/a/F9x2cX3DNg86toyzDQtH8YXMX4cClcfey55dO2wJPI+z8MpF6f6+8tUBluvWokWvxiwMjaFGNri7w2JJD2rPq4w1JEdJd468NkkXcB2//CQ6G3HQ5H86qh6LRV0sPvOOSB9KismvjM7r5f/PlvovT7svlhuZ2WujzdfQpsyO0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7/4LAAD///QJ1ng=") syz_mount_image$ext4(&(0x7f0000000ac0)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x3810744, &(0x7f0000000340)={[{@noauto_da_alloc}, {@user_xattr}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x9}}, {}, {@nouid32}, {@sysvgroups}, {@nojournal_checksum}, {@noauto_da_alloc}, {@test_dummy_encryption}, {@jqfmt_vfsv1}, {@journal_dev={'journal_dev', 0x3d, 0x8}}, {@acl}]}, 0x1, 0x47f, &(0x7f0000002080)="$eJzs281vVFUbAPDn3k4pXy/ti/gBolbR2PjR0oLKwo1GExeamOgCl7UtBCnU0JoIITIag0tD4p4YV/4LrlwZ48rErW6NISFKTEA2jrkz99KZYabQ6ZQpzO+XDHPO3HPvuQ/nnLln7ukNoG+NZv8kEdsj4teIGK5lGwuM1t6uXTk788+VszNJVCrv/JlUy129cnamKFrsty3PjKUR6edJXkmjxdNnjk/Pz8+dyvMTSyc+nFg8feb5Yyemj84dnTs5dejQwQOTL7049UJX4szO6eqeTxb27n7jvQtvzRy+8P7mhu31cXTLaBb4X5Wq5m1PdbuyHvu3shxnUur12XC7BiIia67B6vgfjoFYbrzheP2znp4csK6y7+zfmz8cvJEqV4B7WBId7Rad7QZsHMWFPvv9W7zu4PSj5y6/UvsBlMV9LX/VtpQizf+DBtex/tGIOFy+fjF7RdN9iEqL+wYAAGv1fTb/ee7m+V8SEQ/UlUvytaGRiPh/ROyMiPsiYldE3J+XfTAiHlpl/Y815W+ef6aXOgzttmTzv5fzta3G+V9aFBkZyHP/q8Y/mBw5Nj+3PyJ2RMRYDA5l+clWBy8O8dovX7arv37+d7icTfqSKOaC+UEulYbqdjj3Te29S5PSy59G7Cm1ij+prgQkUalkbb87Ivas7tA7isSxZ77d265QY/zXL2b1N8a/gi6sM1W+jni61v7laIq/kKy8PjmxOebn9k8UveJmP/18/u129a8p/i7I2n9rY/9vKjH8d1K/Xru4+jrO//ZF29+UpVvGX9//a2u2s9NL05uSd6tr1pvyLR9PLy2dmozYlLxZzTd8PrV8tCJflM/iH9vXevzvzPfJ4n84IrJO/EhEPJp/b2Vt93hEPBER+1aI/8dXn/xgqOP411cW/2zL778b/X+ksf1Xnxg4/sN37eq/df/P2v9gNTWWf5K1fy21uW1c7U+n2KfT3gwAAAB3nzQitkeSjt9Ip+n4eO3v5XfF1nR+YXHp2SMLH52crT0jMBKDaXGna7jufuhkUs6PWMtP5feKi+0H8vvGXw1sqebHZxbmZ3scO/S7bW3Gf+aPgV6fHbDuPK8F/at5/Kc9Og/gznP9h/7V6fg3T4C7n+s/9K9W4/9cU95aANybXP+hfxn/0L+Mf+hfxj/0pbU819+dxJb8TJY/Ka3w9L7ERklEum5VlFe519AG6MYbKlHqwuju4ZcSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAF/0XAAD//x787TE=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000240)=@reiserfs_2={0x8, 0x2, {0xb}}, 0x206102) 3.710763956s ago: executing program 5 (id=790): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x40, 0x8}]}, 0x10) syz_emit_ethernet(0x83, &(0x7f0000000740)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd6aff0100004d110000000000000000000000ffffe0000002ff0200000000000000000000000000014e234e20004d90"], 0x0) 3.212214818s ago: executing program 5 (id=795): syz_open_dev$vim2m(0x0, 0x7, 0x2) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000001640)=0xc, 0x45) sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) 3.211912045s ago: executing program 6 (id=796): r0 = syz_io_uring_setup(0x111, &(0x7f00000002c0)={0x0, 0xaa64, 0x10000, 0x5, 0x1df}, &(0x7f00000029c0)=0x0, &(0x7f0000000200)=0x0) r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000001040)=@IORING_OP_CLOSE={0x13, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x1733, 0x6323, 0x20, 0x0, 0x0) 2.771251177s ago: executing program 6 (id=799): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0xe, 0x40, 0x3, 0x41}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140), &(0x7f0000000040), 0x1003, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r0, &(0x7f0000000300), 0x0}, 0x20) 2.655401019s ago: executing program 1 (id=800): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000004140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000004180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7000ffdbdf253000000008000300", @ANYRES32=r2, @ANYBLOB="060036003c000000060036"], 0x34}, 0x1, 0x0, 0x0, 0x24000000}, 0x800) 2.648014767s ago: executing program 2 (id=801): syz_mount_image$hfs(&(0x7f0000000100), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="696f636861727365743d63703836332c636f6465706167653d63703935302c747970653d3ae6f8f02c00"], 0x1, 0x2e5, &(0x7f0000000140)="$eJzs3U1PE0Ecx/HfbFsoD8EVMCZeNCiJXoioB+OlxvTq3ZNR25IQG4iAiXoRjUfjC/DuW/BFeNH4BvTkybucHDPTadnCdkvFshS/n4RmOzuz+5/OPsx/Y60A/LfuVL99uP7D/RmpoIKkW1IkqSwVJZ3R2fLTta3VrWajnrWhgm/h/oxaLc2+OrW1RlpT1863CGL3rqjpZBmGw1p7+3veQSB3/uxPEUnj4Tz068tHHNewbEvn847hqCUH2OxoR880k2M4AIBjINz/o3CbmPZFRlEkLYbb/om6/++cnK44N5r7imxmg8T938/urHHje8qv2s33fArn1kftLPEgwZT2vB9T68jqmmCaflmljyWaWFktaqn2SvVIr1UJEtXm/Wu9dei29Yl2ISU3zdB7ayXdnWz1xs8o92qHtLLabIy7hZT45wbb4+GZT+aLuW9ivVe9M/8rWuOGyY9UvGekopKL/2rvLU75Vq6WQtpfqVSiriqn/U7OhT0EfXpZTs9IkttsPyDY7kSQFaff96y6Hyu0erfcp9VcWqu4865Hq/muVoVwJCzV1puZj1KGo91F887cMwv6qY+qJub/kYtvUYkzM+v6aHzNcGTU1vXb2rH0mkVfM953ud09XS50IgjGB+4bpAGflr3VI93UzObzF48LzWZjwy08TFl4Mr1hQknpjZRaZ/gLBWXU0fZuiXVeWnvQLdtDBGb6fRpX+m/n18F36q4fnRJ3+qRVdmdZpyT6B5+8NTkM93FfqH5W1gE5OgvWSj1WDe06hWNk07QHPRRM5BwQjpqbd5lW/udn8mFW51Mk9xJnzNOzk0x1bXG5k8F1TwVn/evkQBncVO8MLrHHaz1yRp9zXbwsXUoUGmXuMQ5xnhCmqq96wPN/AAAAAAAAAAAAAAAAAACAURP+0X/7K5tD+aZBzl0EAAAAAAAAAAAAAAAAAAAAAGDk/dXv/6b9H/H+939jfv8XGCF/AgAA///7WndM") mkdirat(0xffffffffffffff9c, &(0x7f0000000840)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents64(r0, &(0x7f0000001f80)=""/4097, 0x1001) 2.39127238s ago: executing program 3 (id=802): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x49, 0x4, 0x2}, 0x50) socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r0, &(0x7f00000003c0), &(0x7f0000000580)=@tcp=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r0, &(0x7f00000003c0), &(0x7f0000000300)=@tcp=r1, 0x1}, 0x20) 2.334508461s ago: executing program 6 (id=803): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000280)={0x7, 0x6, 0x800077, 0x20800000000415, 0x6, 0x7, 0x1000, 0xf67, 0xfffffffc}) lchown(&(0x7f0000000080)='./file1\x00', 0xee01, 0xffffffffffffffff) chown(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) 2.103026625s ago: executing program 2 (id=804): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x34, r1, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x20, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4c445}, 0x4040140) 2.079631892s ago: executing program 1 (id=805): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000001040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f00000001c0)={0x30, r0, 0x1, 0x70bd22, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x14, 0x11d, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf0}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x30}}, 0x0) 1.911992096s ago: executing program 3 (id=806): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f00000000c0)='.\x00', 0xa4000061) close_range(r0, 0xffffffffffffffff, 0x0) 1.865778503s ago: executing program 5 (id=807): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x1}, 0x10) write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f00"/28, 0x1c) recvmmsg$unix(r0, &(0x7f0000000040), 0x4000000000002ac, 0x0, 0x0) 1.699997826s ago: executing program 1 (id=808): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000280)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050427bd7000fadbdf250100000008000100", @ANYRES32=r2, @ANYBLOB="3c00028038000100240001006e6f746966795f70656572735f636f756e74000000000000000000000000000005000300fdff000008"], 0x58}, 0x1, 0x0, 0x0, 0x10008001}, 0x44080) 1.551312184s ago: executing program 2 (id=809): r0 = socket(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRESDEC], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0) recvmmsg$unix(r0, &(0x7f0000008f40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000004740)=""/199, 0xc7}, {&(0x7f0000000800)=""/234, 0xea}, {&(0x7f00000002c0)=""/255, 0xff}, {&(0x7f0000004a40)=""/159, 0x9f}, {&(0x7f0000004b00)=""/213, 0xd5}, {&(0x7f0000000900)=""/4085, 0xff5}, {&(0x7f0000005d00)=""/204, 0xcc}], 0x7}}], 0x1, 0x0, 0x0) write(r0, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) 1.495811348s ago: executing program 3 (id=810): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r0, 0x26, &(0x7f0000000000)={0x1, 0x0, 0x800000000c, 0xfffffffffffffffd}) fcntl$lock(r0, 0x7, &(0x7f0000000140)={0x1, 0x2, 0x0, 0x8}) fcntl$lock(r0, 0x24, &(0x7f00000000c0)={0x2, 0x2, 0x9, 0x8}) 1.412581936s ago: executing program 6 (id=811): socket$packet(0x11, 0x2, 0x300) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7005}, 0x4) syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) 1.173084403s ago: executing program 2 (id=812): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80000, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000340)={0x0, 0x0, r1, 0x0, 0x4, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0xfffffffe, 0x0, "b14fea7a1316b81525ccf0f8b91fd2eddb851ba62b00d87337407214ea270251"}}) 1.14150506s ago: executing program 1 (id=813): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000030000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) fstatfs(0xffffffffffffffff, 0x0) 1.10664425s ago: executing program 3 (id=814): r0 = socket(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r1}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x0) 886.083185ms ago: executing program 6 (id=815): r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18}, './file0\x00'}) 747.274705ms ago: executing program 1 (id=816): r0 = socket(0x10, 0x803, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f00000002c0)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002502000020feffff7a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe5d6405000000000075040000000d000007"], 0x0}, 0x94) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) getsockopt$netlink(r0, 0x10e, 0x5, 0x0, &(0x7f0000000300)) 733.467545ms ago: executing program 3 (id=817): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000001c0)={@remote}, 0x14) 651.90836ms ago: executing program 2 (id=818): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000040)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x5e}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x14, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 634.317669ms ago: executing program 5 (id=819): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0xfffffffffffffffe]}, 0x8, 0x0) unshare(0x22020400) r1 = add_key(&(0x7f0000000100)='id_resolver\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f0000000480)="61e776c6c7e3", 0x6, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x63) 523.965992ms ago: executing program 1 (id=820): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023892) pselect6(0x40, &(0x7f0000002a80)={0x7, 0x10000, 0x7, 0x5, 0x1, 0x8, 0x3, 0xfffffffffffffffc}, 0x0, &(0x7f0000002b00)={0x9, 0xfffffffffffffff9, 0x10, 0x9, 0x4, 0x0, 0x2, 0x2}, 0x0, 0x0) 368.298762ms ago: executing program 6 (id=821): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0xe0, &(0x7f0000000240)={0x3, 0x0, 0xfffa, 0x4360}, 0x8, 0x6, 0x7d, 0x0, 0x1, 0x101, 0x0}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4008550d, 0x0) 133.009511ms ago: executing program 3 (id=822): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000000), &(0x7f0000000140)=0x8) 59.683585ms ago: executing program 2 (id=823): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec85"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x1008014, &(0x7f0000000000)=ANY=[], 0x3, 0x7e9, &(0x7f0000001f80)="$eJzs3U1sHPXZAPBnHDsfRm+EeF/lRVEIk0ClIAWz3kColQMs67EzdL1r7a6rRFVFEXGQhQMIilpygagStFWrqqf2Rrly661VpVZqpdJTpXLopTckThWV+iVQVcnVzO46a8cfwUkcKL+flf3Pzj7/+T8z3syzs96dCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgkvp0pTKZRCNvLpxLN1efbrfmtnh8sLxfrWnWeHzNuBFJ8S/274+P/t6b939XHz5U3ByPI717R2J/0eyPy3ccuvPM/46ODPpvkdBOHbvOuCTix/1klxdfWv/ovpuf2C303V984i4frxS3s1kz70Q+V5vN0rzTSqdOn648dHamk87kjaxzvtPN5tJ6O6t1W+30RP2BdHJq6lSaTZxvLTRnp2uNbDDz0Qerlcrp9MmJ+azW7rSaDz0ZnfrZvNHIm7NlTLXyjShiHk3rg6dIbS5NLy4tL57aLtUiaHLtrD1x9TY9cv+dH7zy/t+WFosn5GYLSfqjVicnq9XJ049MPfJopTJarVSrMTRjT0RUhkURUXaJkYiiyy150vIZcnN23HATjPTrfzQij2YsxLlIN/gZi3pMRztaMVfc/+PYNRF9g/r/hYf+8vutxh2u/4Mqf/fVhw9HWf+P9u4d3az+b5jrbv68HK/G5Xguno7lWI7FeOm2Z7TNz8iNLiFZc282smhGHp1oRR5zUSvnpP05aUzF6TgdlXgqzsZMdCKNmcijEVl04nx0ohtZ+YyqRzuyqEU3WtGONE5EPR6INCZjKqbiVKSRxUScj1YsRDNmYzpq5VIuxlK53U+ty/LQgfj5s3/44K1iejVocqvVer14IReL8dctglaL+XD9XzNjuPavrBSvF9ZHqP+fd7dgLw47szKo/wAAAMB/raR89704/h+Le8qpmbyRfWWrLns+XintXpIAAADADSn/8n+kaMaKqXsiKY7/KxtEvrfruQEAAAA3R1J+xy6JiPG4tzd1MZbi9ViMjd4EAAAAAD6Dyr//Hy2a8YjXyhmD06VUeh8JAAAAAD7rvr3ZOfbfH5xjtzO/L/nlWESMJVfmz92fXKoVcbVLe3r9+s2XV5fYnTmcHOwvpGxOj16+I4mI0Xp2JBmc/fLf+3rth+Xt4dHV7pud6z9pt7dMILZOoLwX34tjvZhjF8rmjn6X0aQ3yvhM3sgm6q3GmfKUiMW/7ivPL30zohj9O825g0lcXFpenHjmheULZS5Xiu5XDvRPoHjNeRS3yGWlvwXino3XeKz8IkZ/3PHeuJXh9R/pdR/ZesxkeMw34ngv5vh4rx0fPNIbc38x5uTEmcmo1Q6OdLNz3VdWhta+n8Xk6pqPXbm0gzV/I+7rxdx34r5es0EW1TVZPH9tFtWh7X+d22LwLNs2i7eOvXbun79tJdmp7bI4tVEWoxtnsbInYv22ALhdLpZn/blahQ6UVehfK/1T/CRJ9OpuUaxqvYC+bfa1xV7uH1dHWX2VcaD/R4WhWjca66v71T3o9VX3lejt0ftO9F5PjB7eoK5UNtijv7j04rv9PfrD7/zoJ189+rufluPuqLq9Ew/0YvpN3PXrdVmceXdhb5FFsc7fX1dV3y56vL3puJ1GNYkrEXu+funFOPTyq5cfXLr09LOL/7P4fLWoQQ9XKo9U9677BW2aKQCfX9tfY2fTiEGdSR5ed1QdF9bW3btWP1IwEc/EC7EcF+Jk+W2DiLh343HHhz6GcHKbo9bxoSu8nNzm2PJqbPXa2CQ2iT01tMX+/4dl89Et+XUAwK44vkEd/k3/wrbb1P/Vd+ZPxolexCbH3Wtr+bqj49i8lm/ki0PTrloEADuTtT9MxrtvJu12Pv/U5NTUZK17NkvbrfqX0nY+PZule5vdrF0/W2vOZul8cchfH7xxPJ110s7C/Hyr3U1nWu00Rjr5ufLK72lnfz9mrtbs5vXOfCOrdbK03mp2a/VuOp136un8whONvHM2a5edO/NZPZ/J67Vu3mqmndZCu55NpGkny4YC8+ms2c1n8mKymc6387la+0pENBbmsnQ669Tb+Xy31VvgYKy8OdNqz5WLnbh29f+8m9saAD4tXn718nNPLy8vvrSziT9dT/DtXkcAYC1VGgAAAAAAAAAAAAAAPv1WP/9/52CimHsD3wj8ZBP74vqCx+IGxlrpnyjo1q/Op2rimlUeXM7xdie2mxNfe+yx54bmHBiOeeK1u89e33Lier8pG28ejNj7sx/05jy+efC3burv4r2InfwHWUm2iFmzm9i7i7skAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjUfwIAAP//6q9P2Q==") pivot_root(&(0x7f0000000000)='.\x00', &(0x7f00000004c0)='./file1\x00') 0s ago: executing program 5 (id=824): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x3c, r0, 0x9, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_IDX={0x5, 0x2, 0x4}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48d1}, 0x0) kernel console output (not intermixed with test programs): orwarding state [ 173.640610][ T5812] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 174.477931][ T5801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.565509][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.596416][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.928390][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.974034][ T5810] veth0_vlan: entered promiscuous mode [ 175.061792][ T5801] veth0_vlan: entered promiscuous mode [ 175.148492][ T5801] veth1_vlan: entered promiscuous mode [ 175.168109][ T5810] veth1_vlan: entered promiscuous mode [ 175.359892][ T5818] veth0_vlan: entered promiscuous mode [ 175.484051][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.498623][ T5818] veth1_vlan: entered promiscuous mode [ 175.563129][ T5801] veth0_macvtap: entered promiscuous mode [ 175.599194][ T5810] veth0_macvtap: entered promiscuous mode [ 175.656541][ T5801] veth1_macvtap: entered promiscuous mode [ 175.700528][ T5810] veth1_macvtap: entered promiscuous mode [ 175.903305][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 175.915996][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 175.936563][ T5818] veth0_macvtap: entered promiscuous mode [ 176.002521][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 176.015073][ T5812] veth0_vlan: entered promiscuous mode [ 176.029499][ T5818] veth1_macvtap: entered promiscuous mode [ 176.067963][ T3604] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.085257][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 176.137681][ T3604] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.179885][ T5812] veth1_vlan: entered promiscuous mode [ 176.215390][ T3604] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.253054][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 176.269529][ T3604] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.344699][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 176.355758][ T3604] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.384767][ T3604] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.484859][ T2963] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.517039][ T5812] veth0_macvtap: entered promiscuous mode [ 176.526776][ T2963] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.578877][ T5812] veth1_macvtap: entered promiscuous mode [ 176.588764][ T2963] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.671528][ T2963] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.714523][ T2963] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.756087][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 176.766068][ T3604] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.854708][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 176.921963][ T35] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.974880][ T35] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.036003][ T35] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.084244][ T35] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.156689][ T5803] veth0_vlan: entered promiscuous mode [ 177.269159][ T5803] veth1_vlan: entered promiscuous mode [ 177.490780][ T5803] veth0_macvtap: entered promiscuous mode [ 177.567890][ T5803] veth1_macvtap: entered promiscuous mode [ 177.712786][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 177.802390][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 177.864590][ T143] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.943498][ T143] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.995232][ T143] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.066350][ T143] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.745354][ T3604] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 181.753533][ T3604] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 181.762545][ T2963] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 181.771047][ T2963] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 181.897199][ T3647] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 181.905367][ T3647] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 182.039906][ T3647] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.048048][ T3647] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 182.074192][ T143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.082758][ T143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 182.191619][ T3604] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.199609][ T3604] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 182.489710][ T5810] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 182.529436][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.538350][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 182.650276][ T3604] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.658678][ T3604] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.167284][ T5989] loop3: detected capacity change from 0 to 22 [ 183.705040][ T4040] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.713948][ T4040] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.938253][ T2963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.946708][ T2963] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.813298][ T5997] loop3: detected capacity change from 0 to 4096 [ 184.997051][ T6000] loop2: detected capacity change from 0 to 40427 [ 185.066780][ T5997] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 185.068649][ T6000] F2FS-fs (loop2): build fault injection rate: 771 [ 185.092019][ T6000] F2FS-fs (loop2): invalid crc value [ 185.251196][ T6010] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.368345][ T6000] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 185.408264][ T6000] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 185.431481][ T6000] syz.2.7: attempt to access beyond end of device [ 185.431481][ T6000] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 185.522665][ T5801] syz-executor: attempt to access beyond end of device [ 185.522665][ T5801] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 185.538195][ T5801] CPU: 1 UID: 0 PID: 5801 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 185.538326][ T5801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 185.538414][ T5801] Call Trace: [ 185.538467][ T5801] [ 185.538512][ T5801] __dump_stack+0x26/0x30 [ 185.538679][ T5801] dump_stack_lvl+0x1df/0x270 [ 185.538837][ T5801] dump_stack+0x1e/0x25 [ 185.538970][ T5801] f2fs_handle_critical_error+0xa6f/0xc20 [ 185.539136][ T5801] f2fs_stop_checkpoint+0x65/0x80 [ 185.539275][ T5801] f2fs_write_end_io+0x101c/0x1bc0 [ 185.539452][ T5801] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 185.539586][ T5801] bio_endio+0xeb4/0x1010 [ 185.539729][ T5801] submit_bio_noacct+0x2009/0x2930 [ 185.539931][ T5801] submit_bio+0x57c/0x630 [ 185.540076][ T5801] f2fs_submit_write_bio+0x92/0x250 [ 185.540255][ T5801] __submit_merged_bio+0x16f/0x6a0 [ 185.540430][ T5801] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 185.540583][ T5801] __submit_merged_write_cond+0x458/0x9a0 [ 185.540791][ T5801] f2fs_write_data_pages+0x4bb2/0x5480 [ 185.541048][ T5801] ? kmsan_get_metadata+0xfb/0x160 [ 185.541185][ T5801] ? folio_batch_move_lru+0x6a6/0x6e0 [ 185.541330][ T5801] ? __msan_warning+0x1b/0x30 [ 185.541445][ T5801] ? filter_irq_stacks+0x13f/0x190 [ 185.541626][ T5801] ? stack_depot_save_flags+0x35/0x7b0 [ 185.541757][ T5801] ? lru_gen_add_folio+0xd66/0x1190 [ 185.541923][ T5801] ? kmsan_get_metadata+0xfb/0x160 [ 185.542057][ T5801] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 185.542194][ T5801] ? kmsan_get_metadata+0xfb/0x160 [ 185.542327][ T5801] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 185.542465][ T5801] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 185.542599][ T5801] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 185.542729][ T5801] do_writepages+0x3f2/0x860 [ 185.542896][ T5801] ? _raw_spin_unlock+0x30/0x50 [ 185.543033][ T5801] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 185.543199][ T5801] filemap_fdatawrite+0x207/0x260 [ 185.543443][ T5801] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 185.543630][ T5801] f2fs_write_checkpoint+0x10a4/0x3730 [ 185.543911][ T5801] kill_f2fs_super+0x31b/0x990 [ 185.544091][ T5801] ? __pfx_kill_f2fs_super+0x10/0x10 [ 185.544248][ T5801] deactivate_locked_super+0xcb/0x3c0 [ 185.544424][ T5801] deactivate_super+0x12f/0x140 [ 185.544583][ T5801] cleanup_mnt+0x6fb/0x780 [ 185.544710][ T5801] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 185.544912][ T5801] ? __pfx___cleanup_mnt+0x10/0x10 [ 185.545044][ T5801] __cleanup_mnt+0x22/0x30 [ 185.545169][ T5801] task_work_run+0x209/0x2b0 [ 185.545312][ T5801] exit_to_user_mode_loop+0x2d1/0x370 [ 185.545456][ T5801] do_syscall_64+0x1e3/0xfa0 [ 185.545613][ T5801] ? irqentry_exit+0x16/0x60 [ 185.545758][ T5801] ? clear_bhb_loop+0x40/0x90 [ 185.545901][ T5801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.546033][ T5801] RIP: 0033:0x7f6292190a77 [ 185.546145][ T5801] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 185.546254][ T5801] RSP: 002b:00007ffea517dd78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 185.546374][ T5801] RAX: 0000000000000000 RBX: 00007f6292213d7d RCX: 00007f6292190a77 [ 185.546457][ T5801] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffea517de30 [ 185.546537][ T5801] RBP: 00007ffea517de30 R08: 0000000000000000 R09: 0000000000000000 [ 185.546616][ T5801] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffea517eec0 [ 185.546717][ T5801] R13: 00007f6292213d7d R14: 000000000002d459 R15: 00007ffea517ef00 [ 185.546842][ T5801] [ 185.900816][ T5801] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 186.048567][ T6016] capability: warning: `syz.1.12' uses deprecated v2 capabilities in a way that may be insecure [ 186.104495][ T6010] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.387372][ T5997] ntfs3(loop3): Inode r=19 is not in use! [ 186.393947][ T5997] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 186.407001][ T6010] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.586966][ T5997] ntfs3(loop3): Failed to initialize $Extend/$Reparse. [ 186.687547][ T6010] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.732445][ T5997] ntfs3(loop3): ino=1b, mi_enum_attr [ 186.738109][ T5997] ntfs3(loop3): ino=1b, mi_enum_attr [ 186.744169][ T5997] overlayfs: failed to get redirect (-22) [ 187.096907][ T3520] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.281868][ T6023] loop4: detected capacity change from 0 to 4096 [ 187.333605][ T3604] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.352295][ T3604] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.413676][ T3604] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.865543][ T6023] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 188.050049][ T6023] overlayfs: upper fs does not support tmpfile. [ 188.126294][ T6023] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 188.134957][ T6023] overlayfs: failed to set uuid (/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa, err=-22); falling back to uuid=null. [ 188.165583][ T6023] overlayfs: failed to verify upper root origin [ 188.454697][ T6041] netlink: 16 bytes leftover after parsing attributes in process `syz.3.21'. [ 188.589852][ T2963] ntfs3(loop4): ino=9, ntfs3_write_inode failed, -22. [ 188.653590][ T5803] ntfs3(loop4): ino=9, ntfs_sync_fs failed, -22. [ 189.083452][ T6046] binder: 6044:6046 unknown command 224 [ 189.089473][ T6046] binder: 6044:6046 ioctl c0306201 200000000080 returned -22 [ 189.108773][ T6047] loop3: detected capacity change from 0 to 512 [ 189.183313][ T6047] ======================================================= [ 189.183313][ T6047] WARNING: The mand mount option has been deprecated and [ 189.183313][ T6047] and is ignored by this kernel. Remove the mand [ 189.183313][ T6047] option from the mount to silence this warning. [ 189.183313][ T6047] ======================================================= [ 189.369957][ T6047] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 189.386268][ T6047] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 189.531947][ T6047] EXT4-fs (loop3): 1 truncate cleaned up [ 189.539580][ T6047] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 189.690116][ T6047] EXT4-fs error (device loop3): ext4_empty_dir:3120: inode #2: block 13: comm syz.3.25: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 189.750413][ T6047] EXT4-fs (loop3): Remounting filesystem read-only [ 190.037602][ T5818] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.649730][ T6063] debugfs: 'ttyS3' already exists in 'caif_serial' [ 191.767540][ T6085] vivid-000: disconnect [ 191.831784][ T6084] vivid-000: reconnect [ 192.015265][ T6081] loop3: detected capacity change from 0 to 4096 [ 192.037245][ T6081] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 192.616682][ T6099] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 193.193233][ T6105] program syz.3.49 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 193.419697][ T6109] loop0: detected capacity change from 0 to 256 [ 193.478144][ T6109] exfat: Deprecated parameter 'utf8' [ 193.645749][ T6109] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 194.077451][ T6120] loop2: detected capacity change from 0 to 64 [ 194.643511][ T6115] loop3: detected capacity change from 0 to 8192 [ 194.767652][ T6115] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 194.876818][ T6115] process 'syz.3.54' launched './file1' with NULL argv: empty string added [ 195.251643][ T6134] bond1: option downdelay: invalid value (18446744073709551609) [ 195.259659][ T6134] bond1: option downdelay: allowed values 0 - 2147483647 [ 195.309747][ T6134] bond1 (unregistering): Released all slaves [ 195.799890][ T6142] warning: `syz.1.66' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 196.081690][ T6145] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 196.093801][ T6145] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 196.110118][ T6145] overlayfs: fs on '.' does not support file handles, falling back to xino=off. [ 196.732329][ T6160] loop3: detected capacity change from 0 to 256 [ 196.816063][ T6160] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf4000b1f, utbl_chksum : 0xe619d30d) [ 196.956997][ T6164] sctp: [Deprecated]: syz.0.75 (pid 6164) Use of int in max_burst socket option. [ 196.956997][ T6164] Use struct sctp_assoc_value instead [ 197.718314][ T6174] netlink: 452 bytes leftover after parsing attributes in process `syz.3.79'. [ 198.613326][ T5859] kernel read not supported for file /vcsu (pid: 5859 comm: kworker/0:4) [ 199.043839][ T6189] netlink: 8 bytes leftover after parsing attributes in process `syz.3.86'. [ 199.053155][ T6189] netlink: 12 bytes leftover after parsing attributes in process `syz.3.86'. [ 199.286305][ T6185] loop1: detected capacity change from 0 to 32768 [ 199.417205][ T6185] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 200.092822][ T6185] XFS (loop1): Ending clean mount [ 200.252222][ T5810] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 200.656163][ T6217] loop2: detected capacity change from 0 to 2048 [ 200.665071][ T6218] loop3: detected capacity change from 0 to 1024 [ 200.806826][ T6217] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 200.880012][ T6218] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.998420][ T6225] loop4: detected capacity change from 0 to 2048 [ 201.073877][ T6228] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 201.293610][ T30] audit: type=1800 audit(1763646171.183:2): pid=6225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.99" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 201.697275][ T5818] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.182155][ T6236] mmap: syz.3.101 (6236) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 202.461979][ T6243] netlink: 4 bytes leftover after parsing attributes in process `syz.1.95'. [ 203.881195][ T6257] loop2: detected capacity change from 0 to 1024 [ 203.927367][ T6254] loop0: detected capacity change from 0 to 4096 [ 204.022039][ T6259] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 204.080091][ T6254] NILFS (loop0): invalid segment: Checksum error in segment payload [ 204.092282][ T6254] NILFS (loop0): trying rollback from an earlier position [ 204.211864][ T6254] NILFS (loop0): recovery complete [ 204.269493][ T6262] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 204.866232][ T6267] netlink: 4 bytes leftover after parsing attributes in process `syz.3.114'. [ 206.055928][ T6291] loop2: detected capacity change from 0 to 64 [ 206.233049][ T5859] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 206.404428][ T5859] usb 2-1: Using ep0 maxpacket: 32 [ 206.492357][ T5859] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.503802][ T5859] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 206.514569][ T5859] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 206.526879][ T5859] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.629970][ T5859] usb 2-1: config 0 descriptor?? [ 206.699191][ T5859] hub 2-1:0.0: USB hub found [ 206.860389][ T5859] hub 2-1:0.0: 5 ports detected [ 206.884566][ T5859] hub 2-1:0.0: insufficient power available to use all downstream ports [ 207.341609][ T5859] usb 2-1: USB disconnect, device number 2 [ 207.350420][ T6308] loop0: detected capacity change from 0 to 64 [ 207.756008][ T6312] loop2: detected capacity change from 0 to 136 [ 207.932419][ T6312] iso9660: Corrupted directory entry in block 2 of inode 1472 [ 208.322714][ T6317] loop0: detected capacity change from 0 to 256 [ 209.068203][ T6321] loop1: detected capacity change from 0 to 32768 [ 209.130132][ T6321] [ 209.130132][ T6321] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 209.130132][ T6321] [ 209.164720][ T6321] [ 209.164720][ T6321] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 209.164720][ T6321] [ 209.176608][ T6321] [ 209.176608][ T6321] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 209.176608][ T6321] [ 209.187482][ T6321] [ 209.187482][ T6321] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 209.187482][ T6321] [ 209.231914][ T111] [ 209.231914][ T111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 209.231914][ T111] [ 209.277160][ T5810] [ 209.277160][ T5810] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 209.277160][ T5810] [ 209.339780][ T5810] [ 209.339780][ T5810] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 209.339780][ T5810] [ 209.583710][ T6330] netlink: 12 bytes leftover after parsing attributes in process `syz.0.141'. [ 209.714804][ T6333] block nbd4: not configured, cannot reconfigure [ 211.218311][ T6354] raw_sendmsg: syz.2.153 forgot to set AF_INET. Fix it! [ 211.862409][ T6362] loop1: detected capacity change from 0 to 2048 [ 211.934976][ T6362] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 211.943172][ T6362] UDF-fs: Scanning with blocksize 512 failed [ 211.955347][ T5889] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 211.982348][ T6367] netlink: 4 bytes leftover after parsing attributes in process `syz.0.159'. [ 212.131266][ T6362] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 212.161102][ T5889] usb 4-1: Using ep0 maxpacket: 16 [ 212.189171][ T5889] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 212.200935][ T5889] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 212.211015][ T5889] usb 4-1: config 0 interface 0 has no altsetting 0 [ 212.217843][ T5889] usb 4-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 212.227175][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.367141][ T5889] usb 4-1: config 0 descriptor?? [ 212.803498][ T6374] loop4: detected capacity change from 0 to 512 [ 212.973119][ T6378] loop0: detected capacity change from 0 to 512 [ 213.005814][ T6374] EXT4-fs error (device loop4): ext4_xattr_inode_iget:446: comm syz.4.162: error while reading EA inode 32 err=-116 [ 213.071787][ T6374] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 213.086262][ T5889] cougar 0003:060B:500A.0001: usage count exceeds max: fixing up report descriptor [ 213.087452][ T5889] cougar 0003:060B:500A.0001: unexpected long global item [ 213.092163][ T5889] cougar 0003:060B:500A.0001: parse failed [ 213.103972][ T6374] EXT4-fs error (device loop4): ext4_xattr_inode_iget:446: comm syz.4.162: error while reading EA inode 32 err=-116 [ 213.144412][ T5889] cougar 0003:060B:500A.0001: probe with driver cougar failed with error -22 [ 213.188408][ T6378] EXT4-fs error (device loop0): ext4_iget_extra_inode:5075: inode #15: comm syz.0.164: corrupted in-inode xattr: e_value size too large [ 213.212947][ T6374] EXT4-fs (loop4): 1 orphan inode deleted [ 213.222425][ T6374] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 213.241588][ T6378] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.164: couldn't read orphan inode 15 (err -117) [ 213.258462][ T6374] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.295240][ T6378] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 213.349647][ T5889] usb 4-1: USB disconnect, device number 2 [ 213.613067][ T5812] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.772437][ T6385] loop2: detected capacity change from 0 to 4096 [ 213.781172][ T5859] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 213.991003][ T5859] usb 2-1: Using ep0 maxpacket: 16 [ 214.054669][ T5859] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 214.065091][ T5859] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 214.076387][ T5859] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 214.086350][ T5859] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 214.096636][ T5859] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 214.185452][ T6390] ipvlan2: entered promiscuous mode [ 214.197176][ T6390] bridge0: port 3(ipvlan2) entered blocking state [ 214.204396][ T6390] bridge0: port 3(ipvlan2) entered disabled state [ 214.211603][ T6390] ipvlan2: entered allmulticast mode [ 214.217064][ T6390] gretap0: entered allmulticast mode [ 214.227611][ T6390] ipvlan2: left allmulticast mode [ 214.233901][ T6390] gretap0: left allmulticast mode [ 214.313527][ T5859] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 214.323267][ T5859] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 214.337151][ T5859] usb 2-1: Manufacturer: syz [ 214.363241][ T5859] usb 2-1: config 0 descriptor?? [ 214.399528][ T6385] ntfs3(loop2): ino=0, "file1" The size of extended attributes must not exceed 64KiB [ 214.421360][ T6395] loop3: detected capacity change from 0 to 1024 [ 215.010484][ T5859] rc_core: IR keymap rc-hauppauge not found [ 215.016866][ T5859] Registered IR keymap rc-empty [ 215.023300][ T5859] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 215.087446][ T5859] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 215.096595][ T6401] loop0: detected capacity change from 0 to 128 [ 215.143315][ T5859] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 215.166245][ T5859] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input5 [ 215.243186][ T6401] ufs: ufs_fill_super(): fragment size 3263967611 is not a power of 2 [ 215.279540][ T5859] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 215.313039][ T5859] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 215.343773][ T5859] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 215.437934][ T5859] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 215.477306][ T5859] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 215.517550][ T5859] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 215.613138][ T5859] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 215.652798][ T5859] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 215.691484][ T5859] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 215.731100][ T5859] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 215.803095][ T5859] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 215.838381][ T5859] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version c8 [ 215.849691][ T5859] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 215.997996][ T5859] usb 2-1: USB disconnect, device number 3 [ 216.585450][ T6411] loop4: detected capacity change from 0 to 32768 [ 216.596901][ T6416] loop2: detected capacity change from 0 to 24 [ 216.663317][ T5976] Dev loop4 SGI disklabel: csum bad, label corrupted [ 216.679655][ T6416] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 216.723844][ T6411] Dev loop4 SGI disklabel: csum bad, label corrupted [ 216.932113][ T6420] netlink: 'syz.3.180': attribute type 13 has an invalid length. [ 216.942752][ T6420] netlink: 'syz.3.180': attribute type 17 has an invalid length. [ 217.493494][ T6420] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 218.005638][ T30] audit: type=1326 audit(1763646187.903:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6430 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6dd98f749 code=0x7ffc0000 [ 218.032953][ T30] audit: type=1326 audit(1763646187.903:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6430 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6dd98f749 code=0x7ffc0000 [ 218.249463][ T30] audit: type=1326 audit(1763646188.033:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6430 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fe6dd98f749 code=0x7ffc0000 [ 218.272353][ T30] audit: type=1326 audit(1763646188.033:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6430 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6dd98f749 code=0x7ffc0000 [ 218.294828][ T30] audit: type=1326 audit(1763646188.033:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6430 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6dd98f749 code=0x7ffc0000 [ 218.317205][ T30] audit: type=1326 audit(1763646188.033:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6430 comm="syz.1.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=243 compat=0 ip=0x7fe6dd98f749 code=0x7ffc0000 [ 218.900987][ T6444] loop2: detected capacity change from 0 to 128 [ 219.083832][ T6444] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 219.089275][ T6448] netlink: 4 bytes leftover after parsing attributes in process `syz.4.192'. [ 219.108028][ T6448] Zero length message leads to an empty skb [ 219.191707][ T6444] ext4 filesystem being mounted at /41/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 219.595584][ T5801] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 219.780920][ T5882] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 220.030545][ T5882] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 220.041436][ T5882] usb 5-1: config 0 has no interfaces? [ 220.084220][ T6464] loop2: detected capacity change from 0 to 512 [ 220.113308][ T5882] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 220.122786][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.126401][ T6464] EXT4-fs: Ignoring removed bh option [ 220.131137][ T5882] usb 5-1: Product: syz [ 220.131230][ T5882] usb 5-1: Manufacturer: syz [ 220.145592][ T5882] usb 5-1: SerialNumber: syz [ 220.192587][ T6464] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 220.206323][ T6466] loop3: detected capacity change from 0 to 512 [ 220.223735][ T5882] usb 5-1: config 0 descriptor?? [ 220.240208][ T6466] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 220.296763][ T6466] EXT4-fs (loop3): 1 orphan inode deleted [ 220.306185][ T6466] EXT4-fs (loop3): 1 truncate cleaned up [ 220.314430][ T6464] EXT4-fs (loop2): 1 truncate cleaned up [ 220.324786][ T6464] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.350438][ T6466] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.534016][ T5859] usb 5-1: USB disconnect, device number 2 [ 220.742718][ T5801] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.864116][ T5818] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.176710][ T6482] loop1: detected capacity change from 0 to 256 [ 221.214904][ T6482] exfat: Deprecated parameter 'utf8' [ 221.325665][ T6482] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6efbb19, utbl_chksum : 0xe619d30d) [ 221.560638][ T6479] loop2: detected capacity change from 0 to 4096 [ 221.620586][ T6479] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 222.075531][ T6479] ntfs3(loop2): ino=3, ntfs_set_state failed, -22. [ 222.430299][ T3604] ntfs3(loop2): ino=3, ntfs3_write_inode failed, -22. [ 222.473043][ T5801] ntfs3(loop2): ino=3, ntfs_set_state failed, -22. [ 222.479911][ T5801] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 222.487361][ T5801] ntfs3(loop2): ino=3, ntfs_set_state failed, -22. [ 222.571696][ T3604] ntfs3(loop2): ino=3, ntfs3_write_inode failed, -22. [ 223.174974][ T5859] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 223.401883][ T5859] usb 4-1: unable to get BOS descriptor or descriptor too short [ 223.458346][ T5859] usb 4-1: config 6 has an invalid interface number: 200 but max is 0 [ 223.467597][ T5859] usb 4-1: config 6 has no interface number 0 [ 223.476500][ T5859] usb 4-1: config 6 interface 200 altsetting 8 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 223.489545][ T5859] usb 4-1: config 6 interface 200 has no altsetting 0 [ 223.597800][ T5859] usb 4-1: string descriptor 0 read error: -22 [ 223.605233][ T5859] usb 4-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f [ 223.614889][ T5859] usb 4-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3 [ 223.730255][ T5859] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state. [ 224.018690][ T5859] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 224.066873][ T5859] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T) [ 224.075056][ T5859] usb 4-1: media controller created [ 224.153313][ T5859] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 224.348664][ T6520] loop0: detected capacity change from 0 to 512 [ 224.404930][ T5859] dvb-usb: recv bulk message failed: -22 [ 224.414957][ T6520] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.224: bad orphan inode 13 [ 224.455558][ T6520] ext4_test_bit(bit=12, block=4) = 1 [ 224.461441][ T6520] is_bad_inode(inode)=0 [ 224.468237][ T6520] NEXT_ORPHAN(inode)=0 [ 224.473535][ T6520] max_ino=32 [ 224.476881][ T6520] i_nlink=1 [ 224.506131][ T6520] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 224.525140][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 224.531987][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 224.608564][ T5859] dvb-usb: bulk message failed: -71 (6/0) [ 224.615137][ T5859] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T' [ 224.705368][ T5859] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input6 [ 224.748668][ T6520] EXT4-fs warning (device loop0): dx_probe:801: inode #2: comm syz.0.224: Unrecognised inode hash code 20 [ 224.761112][ T6520] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.224: Corrupt directory, running e2fsck is recommended [ 224.793020][ T5859] dvb-usb: schedule remote query interval to 150 msecs. [ 224.800193][ T5859] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected. [ 224.859029][ T6520] EXT4-fs warning (device loop0): dx_probe:801: inode #2: comm syz.0.224: Unrecognised inode hash code 20 [ 224.871516][ T6520] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.224: Corrupt directory, running e2fsck is recommended [ 224.912286][ T5859] usb 4-1: USB disconnect, device number 3 [ 225.134100][ T6528] loop4: detected capacity change from 0 to 2048 [ 225.168076][ T5812] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.178577][ T6528] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 225.261358][ T5882] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 225.265611][ T5859] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected. [ 225.305425][ T6528] overlayfs: upper fs needs to support d_type. [ 225.334931][ T6528] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 225.342287][ T6528] overlayfs: failed to set xattr on upper [ 225.348328][ T6528] overlayfs: ...falling back to redirect_dir=nofollow. [ 225.355483][ T6528] overlayfs: ...falling back to index=off. [ 225.361614][ T6528] overlayfs: ...falling back to uuid=null. [ 225.468743][ T5882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 225.480519][ T5882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 225.494730][ T5882] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 225.505113][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.598963][ T5882] usb 3-1: config 0 descriptor?? [ 225.719732][ T6538] netlink: 4 bytes leftover after parsing attributes in process `syz.3.231'. [ 225.915489][ T5803] UDF-fs: error (device loop4): udf_read_inode: (ino 1416) failed !bh [ 225.945687][ T5803] UDF-fs: error (device loop4): udf_read_inode: (ino 1416) failed !bh [ 226.131884][ T5882] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 226.139557][ T5882] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 226.149042][ T5882] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 226.157518][ T5882] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 226.165419][ T5882] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 226.355456][ T5882] playstation 0003:054C:0DF2.0002: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.2-1/input0 [ 226.407574][ T6545] loop3: detected capacity change from 0 to 64 [ 226.529999][ T6545] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 226.624899][ T3604] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.682000][ T5882] playstation 0003:054C:0DF2.0002: Failed to retrieve feature with reportID 32: -71 [ 226.692031][ T5882] playstation 0003:054C:0DF2.0002: Failed to retrieve DualSense firmware info: -71 [ 226.702543][ T5882] playstation 0003:054C:0DF2.0002: Failed to get firmware info from DualSense [ 226.711819][ T5882] playstation 0003:054C:0DF2.0002: Failed to create dualsense. [ 226.816641][ T5882] playstation 0003:054C:0DF2.0002: probe with driver playstation failed with error -71 [ 226.857890][ T5882] usb 3-1: USB disconnect, device number 2 [ 226.920369][ T3604] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.978262][ T6550] capability: warning: `syz.1.238' uses 32-bit capabilities (legacy support in use) [ 227.015555][ T6547] netlink: 28 bytes leftover after parsing attributes in process `syz.0.236'. [ 227.031225][ T6547] netlink: 28 bytes leftover after parsing attributes in process `syz.0.236'. [ 227.055818][ T6547] erspan0: entered promiscuous mode [ 227.066240][ T6547] gretap0: entered promiscuous mode [ 227.179827][ T3604] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.406952][ T3604] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.565067][ T6552] loop3: detected capacity change from 0 to 256 [ 227.628314][ T6549] fido_id[6549]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 227.633508][ T6552] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 227.955681][ T3604] bridge_slave_1: left allmulticast mode [ 227.961890][ T3604] bridge_slave_1: left promiscuous mode [ 227.968388][ T3604] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.057310][ T3604] bridge_slave_0: left allmulticast mode [ 228.063830][ T3604] bridge_slave_0: left promiscuous mode [ 228.070441][ T3604] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.572914][ T3604] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 228.592459][ T3604] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 228.612964][ T3604] bond0 (unregistering): Released all slaves [ 229.755991][ T3604] hsr_slave_0: left promiscuous mode [ 229.851434][ T3604] hsr_slave_1: left promiscuous mode [ 229.859281][ T3604] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.867139][ T3604] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.936594][ T3604] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.944408][ T3604] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 230.137113][ T3604] veth1_macvtap: left promiscuous mode [ 230.142935][ T3604] veth0_macvtap: left promiscuous mode [ 230.148977][ T3604] veth1_vlan: left promiscuous mode [ 230.154623][ T3604] veth0_vlan: left promiscuous mode [ 230.196687][ T6572] loop1: detected capacity change from 0 to 2048 [ 230.274723][ T5811] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 230.393170][ T5811] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 230.403418][ T5811] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 230.418218][ T5811] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 230.430588][ T5811] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 230.692321][ T6581] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 230.993872][ T6572] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 231.513843][ T3604] team0 (unregistering): Port device team_slave_1 removed [ 231.583272][ T3604] team0 (unregistering): Port device team_slave_0 removed [ 232.643975][ T5811] Bluetooth: hci1: command tx timeout [ 233.550977][ T6576] chnl_net:caif_netlink_parms(): no params data found [ 233.603252][ T5810] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.724692][ T5811] Bluetooth: hci1: command tx timeout [ 234.735424][ T6622] loop1: detected capacity change from 0 to 1024 [ 234.817259][ T6622] EXT4-fs: Ignoring removed nobh option [ 234.903736][ T6622] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.223588][ T6633] program syz.2.261 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 235.252764][ T6576] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.260334][ T6576] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.269758][ T6576] bridge_slave_0: entered allmulticast mode [ 235.325054][ T6576] bridge_slave_0: entered promiscuous mode [ 235.413261][ T6576] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.423720][ T6576] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.432064][ T6576] bridge_slave_1: entered allmulticast mode [ 235.441469][ T6576] bridge_slave_1: entered promiscuous mode [ 235.445831][ T5810] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.706465][ T6576] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 235.821923][ T6576] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 235.898029][ T6641] loop2: detected capacity change from 0 to 512 [ 235.921839][ T6641] EXT4-fs: Ignoring removed nomblk_io_submit option [ 235.974576][ T6641] EXT4-fs error (device loop2): ext4_iget_extra_inode:5075: inode #15: comm syz.2.264: corrupted in-inode xattr: e_value size too large [ 236.102114][ T6641] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.264: couldn't read orphan inode 15 (err -117) [ 236.198485][ T6641] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 236.325911][ T6576] team0: Port device team_slave_0 added [ 236.402945][ T6576] team0: Port device team_slave_1 added [ 236.576457][ T5801] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.691188][ T6576] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 236.698422][ T6576] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 236.728486][ T6576] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 236.801522][ T5811] Bluetooth: hci1: command tx timeout [ 236.918502][ T6576] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 236.925910][ T6576] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 236.952546][ T6576] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 237.680118][ T6576] hsr_slave_0: entered promiscuous mode [ 237.690080][ T6576] hsr_slave_1: entered promiscuous mode [ 237.901118][ T6662] loop2: detected capacity change from 0 to 1024 [ 237.975716][ T6662] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 238.082882][ T5859] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 238.267615][ T5859] usb 4-1: config 0 has an invalid interface number: 52 but max is 0 [ 238.276136][ T5859] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.286780][ T5859] usb 4-1: config 0 has no interface number 0 [ 238.297372][ T5859] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 238.312763][ T5859] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 238.328399][ T5859] usb 4-1: config 0 interface 52 has no altsetting 0 [ 238.357051][ T5801] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.363691][ T5859] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 238.376042][ T5859] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 238.384414][ T5859] usb 4-1: Manufacturer: syz [ 238.532177][ T5859] usb 4-1: config 0 descriptor?? [ 238.556222][ T6672] loop1: detected capacity change from 0 to 256 [ 238.639911][ T6672] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 238.693310][ T5859] hub 4-1:0.52: bad descriptor, ignoring hub [ 238.705828][ T5859] hub 4-1:0.52: probe with driver hub failed with error -5 [ 238.783389][ T5859] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input7 [ 238.884064][ T5811] Bluetooth: hci1: command tx timeout [ 239.148926][ T5859] usb 4-1: Failed to suspend device, error -71 [ 239.159235][ T5859] usb 4-1: USB disconnect, device number 4 [ 239.541037][ T5859] IPVS: starting estimator thread 0... [ 239.731622][ T6678] IPVS: using max 240 ests per chain, 12000 per kthread [ 239.886602][ T6576] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 240.012766][ T6576] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 240.134300][ T6576] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 240.250431][ T6576] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 240.296904][ T6681] loop2: detected capacity change from 0 to 4096 [ 240.506730][ T6690] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 240.618549][ T30] audit: type=1800 audit(1763646210.523:9): pid=6681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.276" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 240.943699][ T6695] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 241.644383][ T6576] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.809809][ T6576] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.908381][ T4040] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.915918][ T4040] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.056583][ T4040] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.064142][ T4040] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.951451][ T6715] loop2: detected capacity change from 0 to 2048 [ 243.067231][ T6715] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 244.145898][ T6576] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 245.167388][ T6745] loop3: detected capacity change from 0 to 1024 [ 245.265855][ T6745] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 246.330221][ T6760] loop1: detected capacity change from 0 to 512 [ 246.465915][ T6576] veth0_vlan: entered promiscuous mode [ 246.574971][ T6576] veth1_vlan: entered promiscuous mode [ 246.614746][ T6757] loop3: detected capacity change from 0 to 4096 [ 246.708399][ T6757] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 246.782540][ T6757] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [ 246.876107][ T6576] veth0_macvtap: entered promiscuous mode [ 246.916339][ T6763] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 246.957564][ T6576] veth1_macvtap: entered promiscuous mode [ 247.065079][ T6755] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 524288 [ 247.073754][ T6755] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 247.124428][ T6576] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 247.202301][ T6755] Remounting filesystem read-only [ 247.207503][ T6755] NILFS (loop3): error -5 truncating bmap (ino=15) [ 247.229352][ T6576] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 247.343147][ T3604] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.415315][ T3604] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.500128][ T3604] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.606160][ T3520] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.682895][ T5818] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 248.771203][ T5859] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 249.063452][ T5859] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 249.074930][ T5859] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 249.085216][ T5859] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 249.094614][ T5859] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.182939][ T6786] IPVS: stopping backup sync thread 6788 ... [ 249.233017][ T6782] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 249.260001][ T5859] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 249.493930][ T5815] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 249.536656][ T5815] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 249.555409][ T5815] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 249.601506][ T5815] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 249.622060][ T5815] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 249.716219][ T5855] usb 2-1: USB disconnect, device number 4 [ 251.681307][ T5811] Bluetooth: hci5: command tx timeout [ 251.755397][ T6792] chnl_net:caif_netlink_parms(): no params data found [ 252.089722][ T6824] loop2: detected capacity change from 0 to 4096 [ 252.101133][ T6830] loop3: detected capacity change from 0 to 1024 [ 252.105833][ T6827] loop1: detected capacity change from 0 to 1024 [ 252.363751][ T6827] hfsplus: bad catalog entry type [ 252.381476][ T2967] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.493949][ T6824] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 252.566514][ T2967] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.663728][ T4040] hfsplus: b-tree write err: -5, ino 4 [ 252.685500][ T2967] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.833120][ T6824] ntfs3(loop2): Failed to load $Extend (-22). [ 252.841339][ T6824] ntfs3(loop2): Failed to initialize $Extend. [ 252.852565][ T2967] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.145859][ T30] audit: type=1800 audit(1763646223.043:10): pid=6824 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.312" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop2" ino=33 res=0 errno=0 [ 253.329771][ T6792] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.338919][ T6792] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.348994][ T6792] bridge_slave_0: entered allmulticast mode [ 253.358397][ T6792] bridge_slave_0: entered promiscuous mode [ 253.480443][ T6792] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.488253][ T6792] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.496109][ T6792] bridge_slave_1: entered allmulticast mode [ 253.505748][ T6792] bridge_slave_1: entered promiscuous mode [ 253.761235][ T5811] Bluetooth: hci5: command tx timeout [ 253.993391][ T2967] bridge_slave_1: left allmulticast mode [ 253.999242][ T2967] bridge_slave_1: left promiscuous mode [ 254.005936][ T2967] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.045794][ T2967] bridge_slave_0: left allmulticast mode [ 254.053699][ T2967] bridge_slave_0: left promiscuous mode [ 254.066418][ T2967] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.358150][ T2967] erspan0 (unregistering): left promiscuous mode [ 254.423374][ T2967] gretap0 (unregistering): left promiscuous mode [ 254.582283][ T2967] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 254.627144][ T2967] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 254.636419][ T6852] loop1: detected capacity change from 0 to 512 [ 254.647787][ T6852] EXT4-fs: Ignoring removed bh option [ 254.651172][ T2967] bond0 (unregistering): Released all slaves [ 254.663306][ T6852] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 254.726621][ T6852] EXT4-fs (loop1): 1 truncate cleaned up [ 254.814821][ T6852] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 254.903487][ T6852] EXT4-fs warning (device loop1): verify_group_input:137: Cannot add at group 25 (only 1 groups) [ 255.033970][ T6792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 255.169830][ T6792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 255.419386][ T5810] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.783835][ T6792] team0: Port device team_slave_0 added [ 255.861606][ T5811] Bluetooth: hci5: command tx timeout [ 255.892637][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 255.900649][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.970257][ T2967] hsr_slave_0: left promiscuous mode [ 256.011134][ T2967] hsr_slave_1: left promiscuous mode [ 256.018789][ T2967] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 256.026761][ T2967] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 256.105094][ T2967] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 256.116649][ T2967] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 256.222719][ T2967] veth1_macvtap: left promiscuous mode [ 256.228440][ T2967] veth0_macvtap: left promiscuous mode [ 256.234468][ T2967] veth1_vlan: left promiscuous mode [ 256.239970][ T2967] veth0_vlan: left promiscuous mode [ 256.277918][ T6868] loop1: detected capacity change from 0 to 64 [ 257.205511][ T2967] team0 (unregistering): Port device team_slave_1 removed [ 257.284366][ T2967] team0 (unregistering): Port device team_slave_0 removed [ 257.830945][ T6874] loop2: detected capacity change from 0 to 32768 [ 257.852172][ T6874] gfs2: fsid=data=writeback: Trying to join cluster "lock_nolock", "data=writeback" [ 257.861874][ T6874] gfs2: fsid=data=writeback: Now mounting FS (format 1801)... [ 257.922991][ T5811] Bluetooth: hci5: command tx timeout [ 257.977823][ T6874] gfs2: fsid=data=writeback.s: journal 0 mapped with 5 extents in 0ms [ 258.017345][ T6792] team0: Port device team_slave_1 added [ 258.194556][ T6874] gfs2: fsid=data=writeback.s: first mount done, others may mount [ 258.429445][ T6792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 258.436982][ T6792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 258.465819][ T6792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 258.547508][ T2963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 258.555755][ T2963] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 258.795123][ T6792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 258.804207][ T6792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 258.830852][ T6792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 259.509333][ T6792] hsr_slave_0: entered promiscuous mode [ 259.519092][ T6792] hsr_slave_1: entered promiscuous mode [ 259.530156][ T6792] debugfs: 'hsr0' already exists in 'hsr' [ 259.536267][ T6792] Cannot create hsr debugfs directory [ 259.579538][ T6893] loop1: detected capacity change from 0 to 4096 [ 259.761967][ T6893] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 259.975898][ T6905] EXT4-fs (loop1): shut down requested (2) [ 260.242669][ T6907] netlink: 24 bytes leftover after parsing attributes in process `syz.5.339'. [ 260.560005][ T5810] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.583585][ T3604] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 260.594564][ T3604] Quota error (device loop1): write_blk: dquota write failed [ 260.602467][ T3604] Quota error (device loop1): free_dqentry: Can't write quota data block 5 [ 260.986620][ T6917] loop5: detected capacity change from 0 to 1024 [ 261.142103][ T6792] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 261.235376][ T6917] hfsplus: request for non-existent node 33554434 in B*Tree [ 261.243181][ T6917] hfsplus: request for non-existent node 33554434 in B*Tree [ 261.283353][ T6792] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 261.359310][ T6792] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 261.443153][ T6924] loop1: detected capacity change from 0 to 256 [ 261.448874][ T6792] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 261.477080][ T6909] loop3: detected capacity change from 0 to 8192 [ 262.172702][ C1] hrtimer: interrupt took 73873 ns [ 262.609696][ T6933] loop1: detected capacity change from 0 to 256 [ 262.929001][ T5859] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 262.954118][ T6933] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 263.047708][ T6792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 263.151376][ T5859] usb 4-1: Using ep0 maxpacket: 8 [ 263.204478][ T5859] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 263.213130][ T5859] usb 4-1: config 179 has no interface number 0 [ 263.219573][ T5859] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 263.231053][ T5859] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 263.232957][ T6792] 8021q: adding VLAN 0 to HW filter on device team0 [ 263.242965][ T5859] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 263.260543][ T5859] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 263.272603][ T5859] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 263.289045][ T5859] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 263.299524][ T5859] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.355507][ T3778] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.363091][ T3778] bridge0: port 1(bridge_slave_0) entered forwarding state [ 263.382603][ T3778] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.390076][ T3778] bridge0: port 2(bridge_slave_1) entered forwarding state [ 263.599469][ T6936] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 264.007306][ T6792] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 264.089527][ T5859] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input8 [ 264.382950][ T6944] netlink: 20 bytes leftover after parsing attributes in process `syz.1.351'. [ 264.394220][ T5855] usb 4-1: USB disconnect, device number 5 [ 264.394279][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 264.394453][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 265.306207][ T6956] sctp: [Deprecated]: syz.1.354 (pid 6956) Use of int in maxseg socket option. [ 265.306207][ T6956] Use struct sctp_assoc_value instead [ 266.110097][ T6792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 266.171933][ T6975] netlink: 40 bytes leftover after parsing attributes in process `syz.3.360'. [ 266.849186][ T6985] ptrace attach of "./syz-executor exec"[6986] was attempted by "./syz-executor exec"[6985] [ 267.279710][ T30] audit: type=1326 audit(1763646237.163:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6994 comm="syz.2.365" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f629218f749 code=0x0 [ 268.437994][ T6792] veth0_vlan: entered promiscuous mode [ 268.566821][ T6792] veth1_vlan: entered promiscuous mode [ 268.925840][ T7015] loop3: detected capacity change from 0 to 8 [ 268.940556][ T6792] veth0_macvtap: entered promiscuous mode [ 269.033825][ T6792] veth1_macvtap: entered promiscuous mode [ 269.066886][ T7015] SQUASHFS error: zlib decompression failed, data probably corrupt [ 269.075711][ T7015] SQUASHFS error: Failed to read block 0x13e: -5 [ 269.082439][ T7015] SQUASHFS error: Unable to read metadata cache entry [13c] [ 269.089876][ T7015] SQUASHFS error: Unable to read directory block [13c:26] [ 269.206133][ T6792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 269.334537][ T6792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 269.453219][ T3647] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.488963][ T3647] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.572612][ T3647] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.621935][ T3647] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.951348][ T7042] loop3: detected capacity change from 0 to 1024 [ 271.608550][ T35] hfsplus: b-tree write err: -5, ino 4 [ 271.661145][ T5855] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 271.851040][ T5855] usb 2-1: Using ep0 maxpacket: 16 [ 271.908266][ T5855] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 271.919396][ T5855] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 271.930972][ T5855] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 271.941009][ T5855] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 271.951012][ T5855] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 272.181838][ T5855] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 272.194175][ T5855] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 272.203693][ T5855] usb 2-1: Manufacturer: syz [ 272.293877][ T5855] usb 2-1: config 0 descriptor?? [ 272.871299][ T5855] rc_core: IR keymap rc-hauppauge not found [ 272.877384][ T5855] Registered IR keymap rc-empty [ 272.887180][ T5855] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 272.976209][ T5855] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 273.008426][ T5855] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 273.024176][ T5855] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input9 [ 273.132394][ T5855] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 273.143250][ C1] mceusb 2-1:0.0: long-range (0x81) receiver active [ 273.205699][ T5855] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 273.241422][ T5855] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 273.272815][ T5855] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 273.294117][ T7078] tun0: tun_chr_ioctl cmd 1074025677 [ 273.300229][ T7078] tun0: linktype set to 774 [ 273.327956][ T5855] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 273.359317][ T5855] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 273.402428][ T5855] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 273.471471][ T5855] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 273.513387][ T5855] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 273.551838][ T5855] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 273.625207][ T5855] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 273.634710][ T5855] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x81 active) [ 273.773268][ T5855] usb 2-1: USB disconnect, device number 5 [ 274.928714][ T7098] netlink: 128 bytes leftover after parsing attributes in process `syz.3.395'. [ 274.938360][ T7098] netlink: 8 bytes leftover after parsing attributes in process `syz.3.395'. [ 275.433262][ T5855] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 275.615648][ T5855] usb 2-1: Using ep0 maxpacket: 16 [ 275.640451][ T5855] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 275.651370][ T5855] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 275.798068][ T5855] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 275.807692][ T5855] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.816131][ T5855] usb 2-1: Product: syz [ 275.820465][ T5855] usb 2-1: Manufacturer: syz [ 275.825391][ T5855] usb 2-1: SerialNumber: syz [ 276.184958][ T5855] usb 2-1: 0:2 : does not exist [ 276.231401][ T5855] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 276.347313][ T2963] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 276.356170][ T2963] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.462246][ T5855] usb 2-1: USB disconnect, device number 6 [ 276.648367][ T143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 276.656731][ T143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.878616][ T6149] udevd[6149]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 277.105717][ T7128] program syz.3.404 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 277.342150][ T7134] CUSE: unknown device info "" [ 277.347192][ T7134] CUSE: zero length info key specified [ 277.950648][ T7143] loop1: detected capacity change from 0 to 64 [ 278.038580][ T7143] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 279.269786][ T7159] netem: incorrect ge model size [ 279.275211][ T7159] netem: change failed [ 280.635364][ T7172] loop5: detected capacity change from 0 to 32768 [ 280.660444][ T7172] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.419 (7172) [ 280.703703][ T7172] BTRFS info (device loop5): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 280.714307][ T7172] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 280.912644][ T7172] BTRFS info (device loop5): rebuilding free space tree [ 280.997918][ T7172] BTRFS info (device loop5): enabling ssd optimizations [ 281.006831][ T7172] BTRFS info (device loop5): turning on async discard [ 281.017466][ T7172] BTRFS info (device loop5): enabling free space tree [ 281.024546][ T7172] BTRFS info (device loop5): force clearing of disk cache [ 281.156519][ T7172] BTRFS error (device loop5): balance: mixed groups data and metadata options must be the same [ 281.265394][ T6576] BTRFS info (device loop5): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 281.961628][ T5855] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 282.294607][ T5855] usb 7-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 282.304931][ T5855] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.313415][ T5855] usb 7-1: Product: syz [ 282.317748][ T5855] usb 7-1: Manufacturer: syz [ 282.326693][ T5855] usb 7-1: SerialNumber: syz [ 282.856644][ T5855] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 282.869483][ T5855] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 282.880373][ T5855] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 282.949431][ T7201] loop3: detected capacity change from 0 to 65536 [ 283.100281][ T7201] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 283.113656][ T5855] lan78xx 7-1:1.0: probe with driver lan78xx failed with error -71 [ 283.155498][ T5855] usb 7-1: USB disconnect, device number 2 [ 283.434013][ T7201] XFS (loop3): Ending clean mount [ 283.452162][ T7201] XFS (loop3): Quotacheck needed: Please wait. [ 283.500313][ T7201] XFS (loop3): Quotacheck: Done. [ 283.599588][ T5818] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 284.065718][ T7225] CUSE: unknown device info "KJ H+ۤ2LhnL1`Ccn80(3նi>f_ٮ,<_eF" [ 284.077984][ T7225] CUSE: unknown device info "3ܟ,̘" [ 284.084225][ T7225] CUSE: unknown device info "J2S Z !e/J+-na4D|G$5O~q [ 284.084225][ T7225] fzXSAxjTǔw xRɐQ(hҏj pVdY0|M?2JIv^R@" [ 284.103429][ T7225] CUSE: unknown device info "!To}ݝ&|L+Uoϲ"FstV:׌E gJ<@c4TMM|" [ 284.114955][ T7225] CUSE: DEVNAME unspecified [ 284.665031][ T7229] loop1: detected capacity change from 0 to 8 [ 284.992701][ T7229] SQUASHFS error: Unable to read directory block [6a2:8] [ 285.965055][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 285.971904][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 286.664475][ T7259] input: syz0 as /devices/virtual/input/input10 [ 288.001275][ T5807] Bluetooth: hci0: command 0x0406 tx timeout [ 288.081100][ T5815] Bluetooth: hci2: command 0x0406 tx timeout [ 288.081700][ T5811] Bluetooth: hci4: command 0x0406 tx timeout [ 288.194773][ T30] audit: type=1326 audit(1763646258.103:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7274 comm="syz.2.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629218f749 code=0x7fc00000 [ 288.911005][ T7279] syz.1.449 (7279): drop_caches: 2 [ 288.911063][ T30] audit: type=1326 audit(1763646258.773:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7274 comm="syz.2.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f629218f749 code=0x7fc00000 [ 289.342034][ T5855] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 289.523028][ T5855] usb 7-1: Using ep0 maxpacket: 16 [ 289.584066][ T5855] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 289.599532][ T5855] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 289.610964][ T5855] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 289.620231][ T5855] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.893840][ T5855] usb 7-1: config 0 descriptor?? [ 289.933049][ T24] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 290.155172][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 290.175866][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.187529][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 290.197993][ T24] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 290.210946][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.245159][ T24] usb 2-1: config 0 descriptor?? [ 290.387792][ T5855] savu 0003:1E7D:2D5A.0003: unknown main item tag 0x0 [ 290.395230][ T5855] savu 0003:1E7D:2D5A.0003: unknown main item tag 0x0 [ 290.406866][ T5855] savu 0003:1E7D:2D5A.0003: unknown main item tag 0x0 [ 290.419873][ T5855] savu 0003:1E7D:2D5A.0003: unknown main item tag 0x0 [ 290.428761][ T5855] savu 0003:1E7D:2D5A.0003: unknown main item tag 0x0 [ 290.524904][ T5855] savu 0003:1E7D:2D5A.0003: hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.6-1/input0 [ 290.655960][ T3087] usb 7-1: USB disconnect, device number 3 [ 290.778499][ T24] koneplus 0003:1E7D:2D51.0004: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.1-1/input0 [ 291.084568][ T7312] fido_id[7312]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 291.165746][ T3087] usb 2-1: USB disconnect, device number 7 [ 291.703471][ T7321] loop2: detected capacity change from 0 to 64 [ 292.068294][ T7320] fido_id[7320]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 292.891937][ T24] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 293.146370][ T24] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 293.156795][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.165138][ T24] usb 3-1: Product: syz [ 293.169451][ T24] usb 3-1: Manufacturer: syz [ 293.174448][ T24] usb 3-1: SerialNumber: syz [ 293.273185][ T24] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 293.426965][ T5855] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 294.047394][ T7348] loop3: detected capacity change from 0 to 1024 [ 294.422420][ T24] usb 3-1: USB disconnect, device number 3 [ 294.466392][ C1] vkms_vblank_simulate: vblank timer overrun [ 294.805768][ T5855] usb 3-1: Service connection timeout for: 256 [ 294.812398][ T5855] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services [ 294.826699][ T5855] ath9k_htc: Failed to initialize the device [ 294.928711][ T24] usb 3-1: ath9k_htc: USB layer deinitialized [ 295.143649][ T3778] hfsplus: b-tree write err: -5, ino 4 [ 295.162320][ T7354] loop6: detected capacity change from 0 to 16 [ 295.216430][ T7354] erofs (device loop6): mounted with root inode @ nid 36. [ 295.255086][ T7354] erofs (device loop6): readahead error at folio 6 @ nid 36 [ 295.263161][ T7354] erofs (device loop6): readahead error at folio 4 @ nid 36 [ 295.272969][ T7354] erofs (device loop6): bogus lookback distance 1 @ lcn 0 of nid 36 [ 295.281633][ T7354] erofs (device loop6): readahead error at folio 0 @ nid 36 [ 295.289391][ T7354] syz.6.479: attempt to access beyond end of device [ 295.289391][ T7354] loop6: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 295.304176][ T7354] syz.6.479: attempt to access beyond end of device [ 295.304176][ T7354] loop6: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 295.318134][ T7354] syz.6.479: attempt to access beyond end of device [ 295.318134][ T7354] loop6: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 295.336940][ T7354] erofs (device loop6): bogus lookback distance 1 @ lcn 0 of nid 36 [ 295.561665][ T7354] erofs (device loop6): read error -117 @ 0 of nid 36 [ 295.568673][ T7354] erofs (device loop6): failed to readdir of logical block 0 of nid 36 [ 295.580964][ T7361] erofs (device loop6): bogus lookback distance 1 @ lcn 0 of nid 36 [ 295.589200][ T7361] erofs (device loop6): read error -117 @ 0 of nid 36 [ 295.596973][ T7361] erofs (device loop6): failed to readdir of logical block 0 of nid 36 [ 296.344016][ T7360] loop3: detected capacity change from 0 to 8192 [ 296.426166][ T7371] loop6: detected capacity change from 0 to 512 [ 296.482111][ T7360] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 296.503132][ T7365] loop1: detected capacity change from 0 to 4096 [ 296.568658][ T7371] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #11: comm syz.6.486: invalid indirect mapped block 256 (level 2) [ 296.591378][ T7365] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 296.655519][ T7371] EXT4-fs (loop6): 2 truncates cleaned up [ 296.667539][ T7371] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 296.818996][ T7371] EXT4-fs error (device loop6): ext4_validate_block_bitmap:432: comm syz.6.486: bg 0: block 5: invalid block bitmap [ 296.924743][ T7371] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 296.938010][ T7371] EXT4-fs (loop6): This should not happen!! Data will be lost [ 296.938010][ T7371] [ 296.948087][ T7371] EXT4-fs (loop6): Total free blocks count 0 [ 296.954885][ T7371] EXT4-fs (loop6): Free/Dirty block details [ 296.962741][ T7371] EXT4-fs (loop6): free_blocks=0 [ 296.972406][ T7371] EXT4-fs (loop6): dirty_blocks=66 [ 296.979192][ T7371] EXT4-fs (loop6): Block reservation details [ 296.985616][ T7371] EXT4-fs (loop6): i_reserved_data_blocks=66 [ 297.181445][ T6792] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.214751][ T7365] ntfs3(loop1): ino=1a, mi_enum_attr [ 297.220281][ T7365] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 297.312533][ T7365] ntfs3(loop1): ino=1a, mi_enum_attr [ 297.318042][ T7365] ntfs3(loop1): Failed to initialize $Extend/$Reparse. [ 297.416511][ T7378] loop3: detected capacity change from 0 to 512 [ 297.604743][ T7378] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #11: comm syz.3.489: iget: bad extra_isize 90 (inode size 256) [ 297.655757][ T7378] EXT4-fs (loop3): Remounting filesystem read-only [ 297.663351][ T7378] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 297.676973][ T7378] EXT4-fs (loop3): 1 orphan inode deleted [ 297.688907][ T7378] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 297.779261][ T7384] erspan0: entered promiscuous mode [ 298.353119][ T5818] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 298.901654][ T7395] loop1: detected capacity change from 0 to 1024 [ 298.978189][ T7395] EXT4-fs: Ignoring removed i_version option [ 299.135262][ T7395] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 299.152521][ T7393] loop5: detected capacity change from 0 to 4096 [ 299.375975][ T7402] program syz.6.500 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 299.476967][ T7393] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 299.493084][ T7393] ntfs3(loop5): Failed to load $Extend (-2). [ 299.499391][ T7393] ntfs3(loop5): Failed to initialize $Extend. [ 299.661834][ T7393] ntfs3(loop5): ino=1b, "file0" ntfs_readdir [ 299.755960][ T5810] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 299.909547][ T7410] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 300.377701][ T7416] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 301.271430][ T7431] fuse: Unknown parameter 'erPid: 0 [ 301.271430][ T7431] Uid: 0 0 0 0 [ 301.271430][ T7431] Gid: 0 0 0 0 [ 301.271430][ T7431] FDSize: 256 [ 301.271430][ T7431] Groups: 0 10 [ 301.271430][ T7431] NStgid: 83 [ 301.271430][ T7431] NSpid: 84 [ 301.271430][ T7431] NSpgid: 83 [ 301.271430][ T7431] NSsid: 0 [ 301.271430][ T7431] Kthread: 0 [ 301.271430][ T7431] VmPeak: 102032 kB [ 301.271430][ T7431] VmSize: 102032 kB [ 301.271430][ T7431] VmLck: 0 kB [ 301.271430][ T7431] VmPin: 0 kB [ 301.271430][ T7431] VmHWM: 24336 kB [ 301.271430][ T7431] VmRSS: 24336 kB [ 301.271430][ T7431] RssAnon: 1320 kB [ 301.271430][ T7431] RssFile: 23016 kB [ 301.271430][ T7431] RssShmem: 0 kB [ 301.271430][ T7431] VmData: 36588 kB [ 301.271430][ T7431] VmStk: 132 kB [ 301.271430][ T7431] VmExe: 1684 kB [ 301.271430][ T7431] VmLib: 8 kB [ 301.271430][ T7431] VmPTE: 136 kB [ 301.271430][ T7431] VmSwap: 0 kB [ 301.271430][ T7431] HugetlbPages: 0 kB [ 301.271430][ T7431] CoreDumping: 0 [ 301.271430][ T7431] THP_enabled: 1 [ 301.271430][ T7431] untag_mask: 0xffffffffffffffff [ 301.271430][ T7431] Threads: 2 [ 301.271430][ T7431] SigQ: 0/26066 [ 301.271430][ T7431] SigPnd: 0000000000000000 [ 301.271430][ T7431] ShdPnd: 0000000000000000 [ 301.271430][ T7431] SigBlk: 0000000000000000 [ 301.271430][ T7431] SigIgn: fffffffefffaba35 [ 301.271430][ T7431] SigCgt: 0000000100010440 [ 301.271430][ T7431] CapInh: 0000000000000000 [ 301.271430][ T7431] CapPrm: 000001ffff77ffff [ 301.271430][ T7431] CapEff: 000001ffff77ffff [ 301.271430][ T7431] CapBnd: 000001ffffffffff [ 301.271430][ T7431] CapAmb: 0000000000000000 [ 301.271430][ T7431] NoNewPrivs: 0 [ 301.271430][ T7431] Seccomp: 0 [ 301.271430][ T7431] Seccomp_filters: 0 [ 301.271430][ T7431] Speculation_Store_Bypass: thread vulnerable [ 301.271430][ T7431] SpeculationIndirectBranch: conditional enabled [ 301.271430][ T7431] Cpus_allowed: 3 [ 301.858302][ T7435] loop6: detected capacity change from 0 to 128 [ 301.988538][ T7435] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 302.083366][ T7435] ext4 filesystem being mounted at /23/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 302.593599][ T6792] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 302.820639][ T7449] loop3: detected capacity change from 0 to 1024 [ 302.892389][ T7449] EXT4-fs: inline encryption not supported [ 302.898430][ T7449] EXT4-fs: Ignoring removed orlov option [ 302.990281][ T7449] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 303.083148][ T7449] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a840c019, mo2=0002] [ 303.122548][ T7453] loop5: detected capacity change from 0 to 2048 [ 303.139847][ T7449] System zones: 0-1, 3-12 [ 303.183614][ T7449] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 303.223954][ T7453] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 303.292671][ T7453] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 303.581089][ T5855] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 303.756573][ T5818] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 303.777112][ T5855] usb 7-1: Using ep0 maxpacket: 32 [ 303.821365][ T5855] usb 7-1: unable to get BOS descriptor or descriptor too short [ 303.864477][ T5855] usb 7-1: config 1 interface 0 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 32 [ 303.874734][ T5855] usb 7-1: config 1 interface 0 has no altsetting 0 [ 303.994342][ T5855] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 304.003901][ T5855] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.012499][ T5855] usb 7-1: Product: syz [ 304.016844][ T5855] usb 7-1: Manufacturer: syz [ 304.021702][ T5855] usb 7-1: SerialNumber: syz [ 304.116270][ T7458] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 304.422321][ T5855] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -71 [ 304.489976][ T5855] usb 7-1: USB disconnect, device number 4 [ 305.686315][ T7491] loop3: detected capacity change from 0 to 256 [ 305.746465][ T7491] exfat: Deprecated parameter 'utf8' [ 305.905704][ T7491] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 305.939614][ T7483] loop2: detected capacity change from 0 to 4096 [ 306.096373][ T7495] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 306.207722][ T7483] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 524288 [ 306.216360][ T7483] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [ 306.239096][ T7483] Remounting filesystem read-only [ 306.244512][ T7483] NILFS (loop2): error -5 truncating bmap (ino=15) [ 306.371894][ T5801] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 306.950104][ T7505] IPVS: nq: SCTP 172.20.20.187:0 - no destination available [ 306.961338][ T5855] IPVS: starting estimator thread 0... [ 307.071149][ T7509] IPVS: using max 240 ests per chain, 12000 per kthread [ 307.133906][ T7500] loop2: detected capacity change from 0 to 2048 [ 307.214459][ T7500] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 307.322850][ T7500] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 307.713530][ T7517] af_packet: tpacket_rcv: packet too big, clamped from 122 to 4294967286. macoff=82 [ 307.841176][ T5859] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 308.020875][ T5859] usb 2-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 308.036194][ T5859] usb 2-1: config 0 interface 0 has no altsetting 0 [ 308.044457][ T5859] usb 2-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 308.054613][ T5859] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.160431][ T5859] usb 2-1: config 0 descriptor?? [ 308.411010][ T7523] comedi comedi0: das16m1: I/O port conflict (0x501,8) [ 308.531162][ T7526] loop2: detected capacity change from 0 to 512 [ 308.661602][ T7526] EXT4-fs (loop2): Test dummy encryption mode enabled [ 308.745248][ T7526] EXT4-fs (loop2): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 309.147835][ T7530] netlink: 4 bytes leftover after parsing attributes in process `syz.3.554'. [ 309.361529][ T5801] EXT4-fs (loop2): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 309.396440][ T5859] playstation 0003:054C:05C4.0005: unknown main item tag 0x0 [ 309.404178][ T5859] playstation 0003:054C:05C4.0005: unknown main item tag 0x0 [ 309.411933][ T5859] playstation 0003:054C:05C4.0005: unknown main item tag 0x0 [ 309.419555][ T5859] playstation 0003:054C:05C4.0005: unknown main item tag 0x0 [ 309.427323][ T5859] playstation 0003:054C:05C4.0005: unknown main item tag 0x0 [ 309.435116][ T5859] playstation 0003:054C:05C4.0005: unknown main item tag 0x0 [ 309.442915][ T5859] playstation 0003:054C:05C4.0005: unknown main item tag 0x0 [ 309.503693][ T7524] loop6: detected capacity change from 0 to 32768 [ 309.524244][ T5859] playstation 0003:054C:05C4.0005: hidraw0: USB HID v40.00 Device [HID 054c:05c4] on usb-dummy_hcd.1-1/input0 [ 309.609197][ T5859] playstation 0003:054C:05C4.0005: Invalid byte count transferred, expected 16 got 0 [ 309.625639][ T5859] playstation 0003:054C:05C4.0005: Failed to retrieve DualShock4 pairing info: -22 [ 309.639109][ T5859] playstation 0003:054C:05C4.0005: Failed to get MAC address from DualShock4 [ 309.649688][ T5859] playstation 0003:054C:05C4.0005: Failed to create dualshock4. [ 309.671601][ T7524] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 309.679949][ T7524] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 309.719807][ T5859] playstation 0003:054C:05C4.0005: probe with driver playstation failed with error -22 [ 309.780233][ T7524] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 309.794262][ T5859] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 309.801751][ T5859] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 309.823285][ T5855] usb 2-1: USB disconnect, device number 8 [ 310.137312][ T5859] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 335ms [ 310.145922][ T5859] gfs2: fsid=syz:syz.0: jid=0: Done [ 310.151514][ T7524] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 310.527792][ T7539] fido_id[7539]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 310.581668][ T7524] gfs2: fsid=syz:syz.0: found 1 quota changes [ 310.936204][ T7551] loop1: detected capacity change from 0 to 128 [ 311.004905][ T7551] EXT4-fs: Ignoring removed nomblk_io_submit option [ 311.027636][ T6792] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 11 2339, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 404 [ 311.036582][ T7551] EXT4-fs (loop1): Test dummy encryption mode enabled [ 311.047571][ T6792] gfs2: fsid=syz:syz.0: G: s:EX n:2/923 f:aqonN t:EX d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 311.058907][ T6792] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:6792 [syz-executor] gfs2_quota_sync+0x660/0xae0 [ 311.069534][ T6792] gfs2: fsid=syz:syz.0: I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0 [ 311.078198][ T6792] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 311.145600][ T7554] loop5: detected capacity change from 0 to 64 [ 311.156804][ T7554] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 311.157471][ T7551] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 311.178826][ T7551] ext4 filesystem being mounted at /121/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 311.181071][ T5855] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 311.279725][ T7557] netlink: 8 bytes leftover after parsing attributes in process `syz.2.565'. [ 311.330390][ T5810] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 311.418010][ T5855] usb 4-1: Using ep0 maxpacket: 8 [ 311.436062][ T5855] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 311.469659][ T5855] usb 4-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 311.479159][ T5855] usb 4-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 311.487716][ T5855] usb 4-1: Product: syz [ 311.492367][ T5855] usb 4-1: Manufacturer: syz [ 311.497137][ T5855] usb 4-1: SerialNumber: syz [ 311.775096][ T7560] loop1: detected capacity change from 0 to 1024 [ 311.803974][ T5855] usb 4-1: Handspring Visor / Palm OS: No valid connect info available [ 311.818203][ T5855] usb 4-1: Handspring Visor / Palm OS: port 79, is for unknown use [ 311.827881][ T5855] usb 4-1: Handspring Visor / Palm OS: port 0, is for Debugger use [ 311.836207][ T5855] usb 4-1: Handspring Visor / Palm OS: Number of ports: 2 [ 312.000076][ T5855] usb 4-1: palm_os_3_probe - error -71 getting bytes available request [ 312.009422][ T5855] visor 4-1:1.0: Handspring Visor / Palm OS converter detected [ 312.139461][ T5855] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 312.216168][ T5855] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 312.332604][ T5855] usb 4-1: USB disconnect, device number 6 [ 312.385255][ T5855] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 312.458282][ T5855] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 312.470670][ T5855] visor 4-1:1.0: device disconnected [ 313.065987][ T7574] loop2: detected capacity change from 0 to 128 [ 313.139056][ T7574] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 313.212665][ T7574] ext4 filesystem being mounted at /131/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 313.381514][ T5859] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 313.567515][ T5859] usb 2-1: Using ep0 maxpacket: 32 [ 313.671422][ T5859] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 313.681158][ T5859] usb 2-1: config 0 has no interface number 0 [ 313.789924][ T5859] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 313.799630][ T5859] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.808016][ T5859] usb 2-1: Product: syz [ 313.812568][ T5859] usb 2-1: Manufacturer: syz [ 313.817326][ T5859] usb 2-1: SerialNumber: syz [ 314.028650][ T5859] usb 2-1: config 0 descriptor?? [ 314.049306][ T5801] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 314.107236][ T5859] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 314.254730][ T7581] loop5: detected capacity change from 0 to 40427 [ 314.267902][ T7581] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x1f52010) [ 314.281773][ T7581] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 314.290142][ T7581] F2FS-fs (loop5): Image doesn't support compression [ 314.297257][ T7581] F2FS-fs (loop5): build fault injection type: 0x4 [ 314.335998][ T7581] F2FS-fs (loop5): invalid crc value [ 314.447855][ T5859] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 314.598714][ T7581] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 314.612834][ T7581] F2FS-fs (loop5): Start checkpoint disabled! [ 314.626962][ T7581] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0 [ 314.673926][ T5859] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 314.741649][ T7581] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 314.748896][ T7581] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 314.824195][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 314.831684][ T5855] usb 2-1: USB disconnect, device number 9 [ 314.930661][ T5855] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 315.023038][ T5855] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 315.037516][ T5855] quatech2 2-1:0.51: device disconnected [ 315.331340][ T7589] loop3: detected capacity change from 0 to 512 [ 315.379750][ T7589] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 315.487849][ T7589] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ce01c, mo2=0002] [ 315.537685][ T7591] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 315.635996][ T7589] System zones: 1-12 [ 315.682939][ T7589] EXT4-fs (loop3): orphan cleanup on readonly fs [ 315.690032][ T7589] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.579: invalid indirect mapped block 12 (level 1) [ 315.804210][ T7589] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.579: invalid indirect mapped block 2 (level 2) [ 315.867374][ T7589] EXT4-fs (loop3): 1 truncate cleaned up [ 315.875616][ T7589] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: writeback. [ 316.203010][ T5818] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 316.239671][ T6792] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 316.249219][ T6792] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 316.257380][ T6792] gfs2: fsid=syz:syz.0: File system withdrawn [ 316.263754][ T6792] CPU: 1 UID: 0 PID: 6792 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 316.263883][ T6792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 316.263969][ T6792] Call Trace: [ 316.264018][ T6792] [ 316.264063][ T6792] __dump_stack+0x26/0x30 [ 316.264214][ T6792] dump_stack_lvl+0x1df/0x270 [ 316.264374][ T6792] dump_stack+0x1e/0x25 [ 316.264508][ T6792] gfs2_withdraw+0x1ec1/0x2020 [ 316.264640][ T6792] ? __pfx_autoremove_wake_function+0x10/0x10 [ 316.264851][ T6792] gfs2_consist_inode_i+0x1a9/0x240 [ 316.265005][ T6792] inode_go_instantiate+0x12f9/0x1e90 [ 316.265157][ T6792] ? kmsan_get_metadata+0xfb/0x160 [ 316.265297][ T6792] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 316.265506][ T6792] ? __pfx_inode_go_instantiate+0x10/0x10 [ 316.265639][ T6792] gfs2_instantiate+0x24f/0x4b0 [ 316.265798][ T6792] gfs2_glock_wait+0x26a/0x3b0 [ 316.265958][ T6792] gfs2_glock_nq+0x16ba/0x2f40 [ 316.266100][ T6792] ? kmsan_get_metadata+0xfb/0x160 [ 316.266243][ T6792] ? kmsan_get_metadata+0xfb/0x160 [ 316.266416][ T6792] do_sync+0x6c4/0x1610 [ 316.266579][ T6792] ? gfs2_quota_sync+0x660/0xae0 [ 316.266775][ T6792] ? kmsan_get_metadata+0xfb/0x160 [ 316.266904][ T6792] ? gfs2_quota_sync+0x660/0xae0 [ 316.267078][ T6792] gfs2_quota_sync+0x660/0xae0 [ 316.267278][ T6792] gfs2_sync_fs+0x57/0x100 [ 316.267429][ T6792] ? __pfx_gfs2_sync_fs+0x10/0x10 [ 316.267582][ T6792] sync_filesystem+0x131/0x3c0 [ 316.267701][ T6792] ? shrink_dcache_for_umount+0xf9/0x210 [ 316.267858][ T6792] generic_shutdown_super+0x8d/0x4b0 [ 316.268034][ T6792] kill_block_super+0x42/0xd0 [ 316.268157][ T6792] gfs2_kill_sb+0x4aa/0x580 [ 316.268305][ T6792] ? __pfx_gfs2_kill_sb+0x10/0x10 [ 316.268441][ T6792] deactivate_locked_super+0xcb/0x3c0 [ 316.268618][ T6792] deactivate_super+0x12f/0x140 [ 316.268780][ T6792] cleanup_mnt+0x6fb/0x780 [ 316.268907][ T6792] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 316.269103][ T6792] ? __pfx___cleanup_mnt+0x10/0x10 [ 316.269238][ T6792] __cleanup_mnt+0x22/0x30 [ 316.269371][ T6792] task_work_run+0x209/0x2b0 [ 316.269514][ T6792] exit_to_user_mode_loop+0x2d1/0x370 [ 316.269658][ T6792] do_syscall_64+0x1e3/0xfa0 [ 316.269818][ T6792] ? irqentry_exit+0x16/0x60 [ 316.269966][ T6792] ? clear_bhb_loop+0x40/0x90 [ 316.270103][ T6792] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.270236][ T6792] RIP: 0033:0x7f9789b90a77 [ 316.270345][ T6792] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 316.270448][ T6792] RSP: 002b:00007ffd1e93f868 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 316.270568][ T6792] RAX: 0000000000000000 RBX: 00007f9789c13d7d RCX: 00007f9789b90a77 [ 316.270653][ T6792] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd1e93f920 [ 316.270730][ T6792] RBP: 00007ffd1e93f920 R08: 0000000000000000 R09: 0000000000000000 [ 316.270803][ T6792] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd1e9409b0 [ 316.270884][ T6792] R13: 00007f9789c13d7d R14: 000000000004bde2 R15: 00007ffd1e9409f0 [ 316.271000][ T6792] [ 317.684242][ T7611] netlink: 8 bytes leftover after parsing attributes in process `syz.2.589'. [ 318.375229][ T7623] loop5: detected capacity change from 0 to 256 [ 318.614100][ T7623] exFAT-fs (loop5): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d) [ 318.854216][ T7627] loop2: detected capacity change from 0 to 256 [ 318.909625][ T7627] exfat: Deprecated parameter 'utf8' [ 319.154748][ T7627] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 319.413065][ T7634] input: syz1 as /devices/virtual/input/input11 [ 319.568576][ T7638] loop3: detected capacity change from 0 to 128 [ 320.871533][ T5859] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 321.082828][ T5859] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 321.092386][ T5859] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.161840][ T5859] usb 3-1: config 0 descriptor?? [ 321.182454][ T7662] netlink: 12 bytes leftover after parsing attributes in process `syz.5.613'. [ 321.225987][ T5859] cp210x 3-1:0.0: cp210x converter detected [ 321.475529][ T7666] loop6: detected capacity change from 0 to 16 [ 321.496045][ T7665] netlink: 8 bytes leftover after parsing attributes in process `syz.3.615'. [ 321.505569][ T7665] netlink: 'syz.3.615': attribute type 18 has an invalid length. [ 321.513774][ T7665] netlink: 4 bytes leftover after parsing attributes in process `syz.3.615'. [ 321.565338][ T7666] erofs (device loop6): mounted with root inode @ nid 36. [ 321.611937][ T7666] erofs (device loop6): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 321.663614][ T5859] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 321.699359][ T7666] erofs (device loop6): failed to decompress -24 in[64, 4032] out[1851] [ 321.708363][ T7666] erofs (device loop6): read error -117 @ 43 of nid 36 [ 321.727776][ T5859] usb 3-1: cp210x converter now attached to ttyUSB0 [ 321.919215][ T5859] usb 3-1: USB disconnect, device number 4 [ 321.986534][ T5859] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 322.041281][ T5859] cp210x 3-1:0.0: device disconnected [ 323.298162][ T7690] input: syz0 as /devices/virtual/input/input12 [ 323.401697][ T5859] kernel write not supported for file /bluetooth/6lowpan_control (pid: 5859 comm: kworker/0:4) [ 323.908936][ T7706] loop2: detected capacity change from 0 to 16 [ 323.976475][ T7706] erofs (device loop2): mounted with root inode @ nid 36. [ 323.982715][ T7704] loop1: detected capacity change from 0 to 764 [ 324.035829][ T30] audit: type=1800 audit(2000000023.910:14): pid=7702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.632" name="file1" dev="loop2" ino=86 res=0 errno=0 [ 324.179826][ T7704] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 324.840992][ T5859] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 324.859127][ T7708] loop3: detected capacity change from 0 to 40427 [ 324.897147][ T7708] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 324.906555][ T7708] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 324.937536][ T7708] F2FS-fs (loop3): invalid crc value [ 325.113205][ T5859] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 325.123624][ T5859] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 325.139797][ T5859] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 325.150139][ T5859] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.217639][ T7708] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 325.253797][ T7708] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 325.261273][ T7708] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 325.336999][ T5859] usb 6-1: config 0 descriptor?? [ 325.815140][ T7723] sctp: [Deprecated]: syz.6.639 (pid 7723) Use of int in maxseg socket option. [ 325.815140][ T7723] Use struct sctp_assoc_value instead [ 326.017084][ T5859] kovaplus 0003:1E7D:2D50.0006: unknown main item tag 0x0 [ 326.024663][ T5859] kovaplus 0003:1E7D:2D50.0006: unknown main item tag 0x0 [ 326.032185][ T5859] kovaplus 0003:1E7D:2D50.0006: unknown main item tag 0x0 [ 326.039572][ T5859] kovaplus 0003:1E7D:2D50.0006: unknown main item tag 0x0 [ 326.052447][ T5859] kovaplus 0003:1E7D:2D50.0006: unknown main item tag 0x0 [ 326.124739][ T5859] kovaplus 0003:1E7D:2D50.0006: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.5-1/input0 [ 326.449809][ T5859] kovaplus 0003:1E7D:2D50.0006: couldn't init struct kovaplus_device [ 326.468366][ T5859] kovaplus 0003:1E7D:2D50.0006: couldn't install mouse [ 326.585677][ T5859] kovaplus 0003:1E7D:2D50.0006: probe with driver kovaplus failed with error -71 [ 326.596307][ T7729] loop6: detected capacity change from 0 to 256 [ 326.698357][ T5859] usb 6-1: USB disconnect, device number 2 [ 327.007978][ T7728] fido_id[7728]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 327.041483][ T5101] Bluetooth: hci5: command tx timeout [ 327.639321][ T7740] program syz.5.646 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 328.105001][ T7738] loop3: detected capacity change from 0 to 32768 [ 328.164867][ T7738] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.645 (7738) [ 328.594044][ T7743] loop1: detected capacity change from 0 to 32768 [ 328.617832][ T7738] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 328.618056][ T7743] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.648 (7743) [ 328.628534][ T7738] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 328.628753][ T7738] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 328.688118][ T7743] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 328.700913][ T7743] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 329.012866][ T7743] BTRFS info (device loop1): enabling ssd optimizations [ 329.023840][ T7743] BTRFS info (device loop1): turning on async discard [ 329.032312][ T7743] BTRFS info (device loop1): enabling free space tree [ 329.044395][ T7738] BTRFS info (device loop3): rebuilding free space tree [ 329.095218][ T7738] BTRFS info (device loop3): disabling free space tree [ 329.103213][ T7738] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 329.113673][ T7738] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 329.150141][ T7738] BTRFS info (device loop3): checking UUID tree [ 329.171896][ T7738] BTRFS info (device loop3): enabling ssd optimizations [ 329.179063][ T7738] BTRFS info (device loop3): turning off barriers [ 329.185945][ T7738] BTRFS info (device loop3): disabling tree log [ 329.193204][ T7738] BTRFS info (device loop3): enabling disk space caching [ 329.200513][ T7738] BTRFS info (device loop3): force clearing of disk cache [ 329.208156][ T7738] BTRFS info (device loop3): force lzo compression, level 1 [ 329.215979][ T7738] BTRFS info (device loop3): max_inline set to 0 [ 329.246782][ T7743] BTRFS info (device loop1): balance: start -susage=6,limit=138..6 [ 329.255590][ T7743] BTRFS info (device loop1): balance: ended with status: 0 [ 329.482593][ T5810] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 329.565712][ T5818] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 329.852078][ T7785] loop5: detected capacity change from 0 to 512 [ 330.041709][ T7794] program syz.3.654 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 330.054127][ T7785] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 330.067346][ T7785] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 330.753792][ T6576] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 330.823978][ T7802] ALSA: mixer_oss: invalid OSS volume 'qQ \\j|ɰstXj`p' [ 330.832574][ T7802] ALSA: mixer_oss: invalid OSS volume '.~DY45, priority 10 [ 357.541517][ T6792] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 358.218203][ T8201] autofs4:pid:8201:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(0.0), cmd(0xc0189379) [ 358.232021][ T8201] autofs4:pid:8201:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189379) [ 358.256410][ T5855] tipc: Node number set to 2886997007 [ 358.991813][ T4244] ===================================================== [ 358.999575][ T4244] BUG: KMSAN: uninit-value in n_tty_lookahead_flow_ctrl+0x240/0x2b0 [ 359.008612][ T4244] n_tty_lookahead_flow_ctrl+0x240/0x2b0 [ 359.015125][ T4244] tty_port_default_lookahead_buf+0x146/0x200 [ 359.026955][ T4244] flush_to_ldisc+0x806/0xe30 [ 359.033834][ T4244] process_scheduled_works+0xb91/0x1d80 [ 359.040129][ T4244] worker_thread+0xedf/0x1590 [ 359.045790][ T4244] kthread+0xd5c/0xf00 [ 359.051003][ T4244] ret_from_fork+0x1f5/0x4c0 [ 359.056425][ T4244] ret_from_fork_asm+0x1a/0x30 [ 359.062111][ T4244] [ 359.065069][ T4244] Uninit was stored to memory at: [ 359.070904][ T4244] n_tty_lookahead_flow_ctrl+0x239/0x2b0 [ 359.077180][ T4244] tty_port_default_lookahead_buf+0x146/0x200 [ 359.084004][ T4244] flush_to_ldisc+0x806/0xe30 [ 359.090337][ T4244] process_scheduled_works+0xb91/0x1d80 [ 359.096775][ T4244] worker_thread+0xedf/0x1590 [ 359.102678][ T4244] kthread+0xd5c/0xf00 [ 359.107472][ T4244] ret_from_fork+0x1f5/0x4c0 [ 359.112842][ T4244] ret_from_fork_asm+0x1a/0x30 [ 359.118226][ T4244] [ 359.125228][ T4244] Uninit was created at: [ 359.132432][ T4244] __kmalloc_noprof+0xabb/0x1b40 [ 359.138160][ T4244] __tty_buffer_request_room+0x3d4/0x7a0 [ 359.144592][ T4244] __tty_insert_flip_string_flags+0x157/0x6f0 [ 359.151521][ T4244] uart_insert_char+0x368/0x930 [ 359.157016][ T4244] serial8250_read_char+0x1ba/0x670 [ 359.163114][ T4244] serial8250_handle_irq+0x930/0x1110 [ 359.169186][ T4244] serial8250_default_handle_irq+0x116/0x370 [ 359.175963][ T4244] serial8250_interrupt+0xcb/0x430 [ 359.181883][ T4244] __handle_irq_event_percpu+0x11e/0xf80 [ 359.189299][ T4244] handle_irq_event+0xe0/0x2a0 [ 359.194924][ T4244] handle_edge_irq+0x2a9/0xb50 [ 359.200348][ T4244] __common_interrupt+0x9d/0x180 [ 359.206111][ T4244] common_interrupt+0x94/0xb0 [ 359.211525][ T4244] asm_common_interrupt+0x2b/0x40 [ 359.217196][ T4244] [ 359.220136][ T4244] CPU: 0 UID: 0 PID: 4244 Comm: kworker/u8:26 Not tainted syzkaller #0 PREEMPT(none) [ 359.235232][ T4244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 359.247191][ T4244] Workqueue: events_unbound flush_to_ldisc [ 359.254087][ T4244] ===================================================== [ 359.261680][ T4244] Disabling lock debugging due to kernel taint [ 359.268449][ T4244] Kernel panic - not syncing: kmsan.panic set ... [ 359.274981][ T4244] CPU: 0 UID: 0 PID: 4244 Comm: kworker/u8:26 Tainted: G B syzkaller #0 PREEMPT(none) [ 359.286248][ T4244] Tainted: [B]=BAD_PAGE [ 359.290473][ T4244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 359.300645][ T4244] Workqueue: events_unbound flush_to_ldisc [ 359.306627][ T4244] Call Trace: [ 359.309975][ T4244] [ 359.312970][ T4244] __dump_stack+0x26/0x30 [ 359.317441][ T4244] dump_stack_lvl+0x53/0x270 [ 359.322161][ T4244] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 359.328120][ T4244] dump_stack+0x1e/0x25 [ 359.332419][ T4244] vpanic+0x435/0xd30 [ 359.336550][ T4244] panic+0x15d/0x160 [ 359.340633][ T4244] kmsan_report+0x31c/0x320 [ 359.345278][ T4244] ? __msan_warning+0x1b/0x30 [ 359.350084][ T4244] ? n_tty_lookahead_flow_ctrl+0x240/0x2b0 [ 359.356073][ T4244] ? tty_port_default_lookahead_buf+0x146/0x200 [ 359.362485][ T4244] ? flush_to_ldisc+0x806/0xe30 [ 359.367475][ T4244] ? process_scheduled_works+0xb91/0x1d80 [ 359.373343][ T4244] ? worker_thread+0xedf/0x1590 [ 359.378331][ T4244] ? kthread+0xd5c/0xf00 [ 359.382673][ T4244] ? ret_from_fork+0x1f5/0x4c0 [ 359.387574][ T4244] ? ret_from_fork_asm+0x1a/0x30 [ 359.392662][ T4244] ? ret_from_fork_asm+0x1a/0x30 [ 359.397735][ T4244] ? n_tty_receive_buf_common+0x234d/0x2540 [ 359.403821][ T4244] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 359.409794][ T4244] ? sched_clock_cpu+0x59/0xa80 [ 359.414777][ T4244] ? kmsan_get_metadata+0xfb/0x160 [ 359.420024][ T4244] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 359.426527][ T4244] ? kmsan_get_metadata+0xfb/0x160 [ 359.431773][ T4244] __msan_warning+0x1b/0x30 [ 359.436394][ T4244] n_tty_lookahead_flow_ctrl+0x240/0x2b0 [ 359.442213][ T4244] ? __pfx_n_tty_lookahead_flow_ctrl+0x10/0x10 [ 359.448534][ T4244] tty_port_default_lookahead_buf+0x146/0x200 [ 359.454787][ T4244] flush_to_ldisc+0x806/0xe30 [ 359.459610][ T4244] ? __pfx_tty_port_default_lookahead_buf+0x10/0x10 [ 359.466362][ T4244] ? __pfx_flush_to_ldisc+0x10/0x10 [ 359.471779][ T4244] process_scheduled_works+0xb91/0x1d80 [ 359.477537][ T4244] worker_thread+0xedf/0x1590 [ 359.482386][ T4244] kthread+0xd5c/0xf00 [ 359.486562][ T4244] ? __pfx_worker_thread+0x10/0x10 [ 359.491844][ T4244] ? __pfx_kthread+0x10/0x10 [ 359.496542][ T4244] ret_from_fork+0x1f5/0x4c0 [ 359.501277][ T4244] ? __pfx_kthread+0x10/0x10 [ 359.505973][ T4244] ret_from_fork_asm+0x1a/0x30 [ 359.510915][ T4244] [ 359.514413][ T4244] Kernel Offset: disabled [ 359.518797][ T4244] Rebooting in 86400 seconds..