last executing test programs: 1.172069363s ago: executing program 1 (id=391): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0x17da, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x40, 0x0, r0, 0x0, 0x0, 0x0, 0x12141}) io_uring_enter(r1, 0x75fa, 0xe475, 0x0, 0x0, 0x0) 1.00754633s ago: executing program 0 (id=394): setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1800, 0x3a, 0x1000, 0xfffffff8, 0x8}, 0x8) r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010000100"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000300012800b00010065727370616e0000200002800400120005001600020000000600180040000000050017"], 0x50}}, 0x0) 986.164952ms ago: executing program 1 (id=395): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='sys_enter\x00', r2}, 0x10) sendmsg$unix(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="8f", 0x1}], 0x1, &(0x7f0000002900)=ANY=[@ANYBLOB="14"], 0x18}, 0x0) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffffffffed1}, 0x0) 872.098053ms ago: executing program 0 (id=396): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4000, &(0x7f0000000a80)=ANY=[@ANYBLOB="2c000100000000000030303030003030303030303030303030303030352c00d745dcab34ff634099d402406184d688f81f99d01ce1164bfd68777e4bdfe2e9fae18a6c91c70bc34f974b265a58d1889c9c38e7e32895b1921f8e4b4b41f3ef0debac34b19aa687221a6b942eb396159ef6de9645e4b33865d6b62e564277ed35923544b6379822861ec79f423c1b0372e2b26bdba81fcea8c4d1eb657869c87c4d7cf2b187c387d632e58f44956d2d7b16ba93153514087b38676f72cab9f62f53f331bb7f952ef5ab05e9403afa22e65743c583ba30683ac5e30173cdb5c216d879ead8b3ee56d602a39e33c63ba2754ccfe231c2e1b660f2a68cc14a9186ee2e834be5f10b09", @ANYBLOB="d6d84c0df937ed4a0cd30000f2e9ea9568eab74a46c525dc386983eade0b0ce5f1dd911706cf7d32d7d508d1823b8871e001000000eb4ce0a008f5cdea622fc6675e5486860a752ed0298a948efa72b2c8d8525181644a3124f3544a50f192b98f055ad125fd4674534413c6044136ea5aefac5267e43739626ea9391d8f346c4694f70400000000000000cee1f628d1cec3462830606bb612bfed91181cdc107bb91a2e86de2ad5", @ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000102,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000011,fileset=00000000000000000011,uid=', @ANYBLOB="c54c201d84a2dff948fba4b2a54ab8657d4a581728292d2a77587e9f67560753b4eb13646d39bed439b2860bbd59de64b0e2281ef337f080219d1ab4368c1b9b5df78bc765c9ed947940b83bf0ecee6fc988b703ded4346d31bd8e8e"], 0x12, 0xc49, &(0x7f0000001cc0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThq3m6ZIZcVy9S+mYhXuqqbZBpBlIRRzC8CVuFIXpkiCpBrZSAumlx56CFAUPeREoDUKpGhgNEWQI9O6QHLxocipJ6KFjaDogW0D+BQwmNm34pKiIloUJUr+fGzquzv73ux7M6s3FME3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiD945dzxE2m7pT9Y293WAAAPwoWxrxw/ue3rPwDwOLj0of79DwAAAAAAAAAAAAAAPAQpingyUsxeWE0T1fOu+vnOwI2b4yOjW1c7kKqa+6ry5Vf9xMlTp7/4wvCZXp7vTK/XH9ztbnw6Xhu7dK7x8sz12bn2/Hx7sjE+3bkyM9ne9h52Wn+zo9UBaFx//cbk1avzjZPPn9rw8s2h9wefODx0dvjZY8/0yo6PjI6OrRep95ev3XNDuu40w2N/FHEsUjz33Z+mVkQUsfNjUd9w7h+4A1UnjladGB8ZrToy1WlNL5QvXuwdiCKi0Vep2TtGW5+LqA080D7cWTNisWx+2eCjZffGZltzrctT7cbF1txCZ6EzM30xdVtb9qcRRZxJEUsRsbLFX8OBKKIWKb59aDVdjoh9vePwhWpi8J3bUexiH7ehbGdjIGKpeATO2R42GEW8Gil+9s6RuJLHmWqs+XzEq2V+P+KtMl+KSOUH43TEe7s+nPOg1KKIvyzP/9nVNFmNB71x5fxXG1+evjrTV7Y3rnzI68NtI8VDuj4c2JQPxh4fm+pRRKsa8VfTvX+zAwAAAAAAAAAAAAAAAMD9diCK+FSkeOXf/6SaVxzVvPRDZ4f/cOhX++eMP32X/ZRln4+IxWJ7c3L354mBF9PFlB7yXOKPsnoU8ad5/t83H3ZjAAAAAAAAAAAAAAAAAAAAPtKK+EmkePHdI2kp+tcU70xfa1xqXZ7qrgrbW/u3t2b62traWiN1s5lzIudizqWcyzlXckaR6+ds5pzIuZhzKedyzpWcsS/Xz9nMOZFzMedSzuWcKzmjluvnbOacyLmYcykvur+cn6/kjD2ydi8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOOkiCJ+Him+9fXVFCkimhET0c3lwYfdOgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNJiK+F6kaPxR89a2WkSk6v+uI+Ufp6O5v8yPR3O4zJeieS5nq8pa85sPof3szEAq4seRYrD+9q0Tns//QPfZrY9BvPWN9WefrnVzX+/FofcHnzh86Ozw6G88fafHaasGHD3fmb5xszE+Mjo61re5lt/9433bhvL7Fven60TE/Btvvt6ammrP3fuD8iOwg+qP0INU+6j09NF+8Jv3a4dR2wvdeTgP7j52/P+DGKDYVeX1/71I8bvv/kfvgt+9/tfjV7rPbl3h44M/W7/+v7h5R9u8/tc218vX//KavtX1/8m+bS/m70YGahH1heuzA4cj6vNvvHmsc711rX2tPX36+PEvDQ9/6dTxgf0R9audqXb3UYqp9vH7crgAAAAAAAAAAAAAAAAAHpxUxO9HitaPV1MjIm5W87WGzg4/e+yZfbGvmm+1Yd72a2OXzjVenrk+O9een29PNsanO1dmJtvbfbt6Nd1rfGR0VzpzVwd2uf0H6i/PzL4x17n2xwtbvn6wfu7y/MJc68rWL8eBKCKa/VuOVg0eHxmtGj3VaU1XVS9uOZn+wxtIRfxnpLhyupE+m7fl+f+bZ/hvmP+/uHlHuzT//2N928r3TKmIDyLF7/zV0/HZqp0H47Zjlsv9XaQ4euYzuVzsL8v12tC9r0B3jmBZ9n8jxT/9fGPZ3nzIJ9fLntj2gX1ElOf/UKT43l98J34rb9t4/4etz//BzTvapfP/VN+2gxvuV7DjrpPP/7FI8dKTb8fn8rZfdv+P3r03juTCt+7PsUvn/xN924by+/72/ek6AAAAAAAAAADAI20gFfH3keKHo7X0Qt62nd//m9y8o136/a9P9m2bvD/rFd31wY4PKgAAAADsEQOpiJ9EimsLb9+aQ71x/nff/M/fW5//OZI2vVr9nO/XqvsG3M+f//Ubyu87sfNuAwAAAAAAAAAAAAAAAAAAwJ6SUhEv5PXUJ6r5/JN3XE99OVK88t/P5XLpcFmutw78UPVn/cLM9LFzU1MzV1oLrctT7cbYbOtKu6z7VKRY/dvP5LpFtb56b7357hrv62uxz0WK0X/ole2uxd5bm/yp9bInyrIfixT/9Y8by34ul/vEetmTZdm/iRRf+8HtZUuH18ueKst+J1L86GuNXtmDZdne/VE/uV72+R/cuiMCAAAAAAAAAAAAAAAAAAAA3LuBVMSfR4r/ub50ay5/Xv9/oO9p5a1v9K33v8nNap3/oWr9/zs9vpf1/6v7Cize6V0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODxlKKINyPF7IXVtDxYPu+qn+9M37g5PjK6dbUDqaq5rypfftVPnDx1+osvDJ/p5S+vf799Kl4bu3Su8fLM9dm59vx8e7IxPt25MjPZ3vYedlp/s6PVAWhcf/3G5NWr842Tz5/a8PLNofcHnzg8dHb42WPP9MqOj4yOjvWVqQ3c87vfJt1h+/4o4q8jxXPf/Wn64WBEETs/Fnf57Oy2A1UnjladGB8ZrToy1WlNL5QvXuwdiCKi0Vep2TtGD+Bc7EgzYrFsftngo2X3xmZbc63LU+3GxdbcQmehMzN9MXVbW/anEUWcSRFLEbEyePvuBqKI1yPFtw+tpn8ZjNjXOw5fuDD2leMn79yOYhf7uA1lOxsDEUvFI3DO9rDBKOKfI8XP3jkS/zoYUYvuV3w+4tUyvx/xVnTPdyo/GKcj3tvic8SjqRZF/F95/s+upncGy/GgN66c/2rjy9NXZ/rK9saVR/768CDt8bGpHkX8qBrxV9O/+XsNAAAAAAAAAAAAAAAAsIcU8euR4sV3j6RqfvCtOcWd6WuNS63LU91pfb25f70502tra2uN1M1mzomcizmXci7nXMkZRa6fs1lmfW1tIj9fzLmUcznnSs7Yl+vnbOacyLmYcynncs6VnFHL9XM2c07kXMy5lHM550rO2CNz9wAAAAAAAAAAAAAAAAAAgMdLUf2X4ltfX01rg931pSeim8vWA33s/SIAAP//YnX2fg==") setfsuid(0xee00) setresuid(0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0xc0086c43, 0x0) 862.050094ms ago: executing program 2 (id=398): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x2}, 0x10) bind$tipc(r0, 0x0, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r1, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10, 0x0}, 0x0) 822.328598ms ago: executing program 1 (id=399): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00', 0x4}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000000c0)={0x372, @time={0x2, 0x6}, 0x0, {}, 0x1, 0x1, 0x70}) 753.171315ms ago: executing program 2 (id=400): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000024000000080000000b"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)=r0}, 0x20) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2}, &(0x7f0000000300), &(0x7f0000000380)=r3}, 0x20) 673.427133ms ago: executing program 3 (id=401): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800000, &(0x7f0000000080)={[{@debug}, {@delalloc}, {@resuid}, {@test_dummy_encryption_v1}, {@nodiscard}, {@data_err_ignore}, {@acl}, {@delalloc}]}, 0x1, 0xbb4, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnHy2zb2TXi6X27tpLpdLC+I0raTYIthKxY0LQbdCQzopIdMPkkhNmsVE/wFR14IbQS1KF3bdjYJbN1q3FhdCkdgoiGjkzEeSJjNJ2k5yYvL7wZvzvvOcOe/z5DBzzgszE8CeNZD9SSMORcT5JKJQfzyNiO5qrzeiUttvYX525Jf52ZEkFhdf/jGJJCLuz8+ONI6V1LcH6oPeiPjquST+8ebaeSenZ8aHy+XSRH18bOrS1WOT0zNPjl0avli6WLp8/OTTQyeGTg6eGmpbrb9+d+bWz/994fvKbx/9fuOndz5I4kz01WMr66hX/dgGYmDpf7JSZ0QMt+H4O0FHvZ6VdSadGzwp3eKkAABoKV1xD/evKERHLN+8FeLzr3NNDgAAAGiLxY6IRQAAAGCXS6z/AQAAYJdrfA7g/vzsSKPl+4mE7XXvbET01+pfqLdapDMq1W1vdEXE/vtJrPxaa1J72mMbiIi73576NGvR5HvIW60yFxH/bnb+k2r9/fVvQq+uP42IwTbMP7Bq/Feq/0wb5s+7fgD2pttnaxeytde/dOn+J5pc/zqbXLseRd7Xv8b938Ka+7/l+jta3P+9tMk5rn/43rVWsaz+Z249/0mjZfNn28cq6iHcm4v4T2ez+pOl+pMW9Z/f5ByFP66VWsXyrn/x/Ygj0bz+hmT93yc6NjpWLg3W/jadY+7LoY9bzZ93/dn539+i/o3O/9UHjtT6R31ePXfuZqvYxvWnP3Qnr1R73fVHXh+empo4HtGdvLj28RPr19vYp3GMrP6j/1v/9d+s/uw9oVL/P2SVz9W32fiNVXM+e+P6Z+vVn6398jz/Fx7x/L+1yTn+/8XbR1vFVq5/s5bNfzeprYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiL5I0mJEJNV+mhaLEQci4p+xPy1fmZx6YvTKa5cvZLGI/uhKR8fKpcGIKNTGSTY+Xu0vj0+sGj8VEQcj4t3Cvuq4OHKlfCHv4gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhyICL6IkmLEZFGxEIhTYvFvLMCAAAA2q4/7wQAAACALWf9DwAAALuf9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABb7ODh23eSiKic3ldtme56rCvXzICtluadAJCbjrwTAHLTmXcCQG4eco3vdgF2oWSDeG/LSE/bcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg5zpy6PadJCIqp/dVW6a7Hutq+ozD25gdsJXSvBMActOxXrBz+/IAtp+XOOxdzdf4wF6SbBDvXd6n8mCkZ8tyAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDn6au2JC1GRFrtp2mxGPG3iOiPrmR0rFwajIi/R8Q3ha6ebNyTd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC03eT0zPhwuVya0NHRybeT7Iw0ap2835kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMjD5PTM+HC5XJqYzDsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIG+T0zPjw+VyaWITnZsPs/OKTt41AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQnz8DAAD//9b4DfQ=") syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x20020c0, 0x0, 0x1, 0x0, &(0x7f0000001a00)) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x121c80, 0x47) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x40000000) 672.756113ms ago: executing program 0 (id=402): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0x3, &(0x7f0000000d80)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4000000}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="75746638006d61703d6f983c756661703d6e6f726d616c2c6909000000f2ff00003dda5de4d586f0df206d65656b416d6f64653d3078303030303010303071303030303030302c73657373696f6e3d307830faffffff30303030303030f4e4b4f82c6d61736b3d4d4159574b50be30c8486470722677b93165cfe6f62127553b2017754598752d977369672c7063723d303030303030303030303030303030303030332c64566e745f6d6561737572652c00000000000000006bbf4d6406b59dbc529c00000000000000fada265ab14119997600a2299d2c35a2efc1bf037787a0d801f26d335ef2ba9ac2423a358ccbb776b21e1d3b", @ANYRESDEC=0x0, @ANYRESHEX], 0xfe, 0x677, &(0x7f0000000c00)="$eJzs3UtvG9fdx/HfUNT1AYwHbREYhmOd2A0goy5NUrECwV2UHQ6lSUkOMUMV0ipwYykwTDmt7QK1Nqk2vQDtG+gumyz6Igp0nXXfQJcFgnZXoBsWc+NFnBFp3ew234+Q8HDOf+b85+I5GpFzRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJZdL5crlppue2fX5LPrvtc6pT5e2rzuxoW7U9uVrPA/LS3pejzp+neG1e+E/7utm/G7m1oKX5Z09H/v/P/DbxcL6fynJHQWet0Fvnh19PRRr7f//Gyt9a2zzHcpJjJRYYa5tpy2G3huq7blGDfwzObGRvn+diMwDbfpBHtB12kZ23cKXc83a/ZdU9ncXDdOac/baW/Va00nnfjh96vl8ob5aDHZ/fc/KgX2tttsuu2tKCasDmMWB0eIU2sZc/Ckt78+LckwqDJLUHVaULVcrVYq1Wpl48Hmgw/L5eLEhPIJmogYHrRvz87HVbqgMzdwfoWw//+bJTW1pLZ2tCuT+WOrLl+eWjn1ibT/f/++c2q7o/1/2stfH1bfUNT/34rf3crr/3NyMTLRDFk1Vs70s/280Csd6akeqaee9vX8Ypa7enEZXu7PllSUXAXy5KqlmrbkyCRTjDa1oQ2V9bG21VAgo4ZcNeUo0J4CdeWoFe0TX45q6sqTL6M12boro4o2tal1GTkqaU+edtTWluqq6V/9fv9AT6Ltvn5KjkqDKrMEFQfH4GRQXv//08/jOV6v/8f/nsGxM0MM8Mb1k+v/fHNZE1cvLyMAAAAAAHDRrOiv71b02f27kvpquE2n/KbTAgAAAAAAFyj65P9m+DIflt6VlXP937/63AAAAAAAwMWwonvsLEkr0Zf6reGdULN8CSDz5gAAAAAAAPB2iT7/v7Ug9aOh1VZlvdb1PwAAAAAA+C/w25Ex9ovpGLv99GP9gqSgs2j9+R+L8uet487ud63DWlhTO0xiJr4B0G3csIqKB+qNxutdkBS9s52bVjI+cDIIphUP7Ct9fTBtrH/LP5HAwlz654uMBK4djSSwUUze6fd6L455L2n38VFBUU3cykrDbTol22s+rKhWu1boOrvdXzx78kvJH6znwZPefumTz3qPo1yOw0nHh2Een4+lU5iWy8tovIXonousNV5WI23yd+3WihW1W07Xf061w8JoQ7Ot/691O465vRK/rhyle0DWr5JCpRTtsuHaR6NDWMMsKifXPGtH5GSxFGVxJ465s3Ynfknzi/fC0vfmpGppch/4o1lUR7OYvi2sf05siylZhMfCepjFX8IF5WSx/npZTOwRAHhTDoa9UDSI+eQY+yf73Yyz3HLymnuWm967/3C8lZd/7Mc3HM5JRfUXk+6ln9+vKDyjr8VhC/Eo7sUbGWf0ctKvLCnnjF4+R+8WtvWn4TOQkqfVJDXFQRb/7vf7DytRu3840at+Ec7wRW67QbM6F27C+y8PfxYNgB/6dP/T/WfV6vpG+YNy+UFV89FqJC/0PQCADNOfsTMesTTszwZ99weDq+rHf38/Lo31u98afKWgpE/0mXp6rHvpIwRWs9tdGfkawr3Jq9YwNvqtYzy2onu5V3VRXzoSWx3EziudZfz3hWHs+mXvBgAArtTtKf3wyf4/69r9XnrdvXYj87p7vC8/+YTgvNjKFW8JAAC+ORz/a2ul+xvL993Ox5XNzUqtu+0Y37N/bHy3vuUYt911fHu71t5yTMf3up7tNU3H16JbdwIT7HQ6nt81Dc83HS9wd6Mnv5vk0e+B06q1u64ddJpOLXCM7bW7Nbtr6m5gm87Oj5pusO340cxBx7HdhmvXuq7XNoG3LNspGRM4zkigW3faXbfhhsW26fhuq+bvmZ94zZ2WY+pOYPtup+vFC0zbctsNz29Fiy2pf9qDDgEA+MZ48ero6aNeb//5KYVjxYX0+2hJ1VcZwQtZC3zDqwgAAE6glwYAAAAAAAAAAAAAAAAAAAAA4O03y/1/pxbSmwLTKfPKCJYGU35+baYlWxpO+fKv58rwDIXCySnJSLv96bN/FReKWTHLYWFBUi/d/KMxx1MTm8uYK6+wOtOaKi4UL34bLktZR8KlFX5wMH4cTsSElZlVi4OtWjz/P4eswrMvc6qmH1GL49tw4bQVHC8UJT1fOMcuuNrzEICr958AAAD//7gMOck=") open_by_handle_at(0xffffffffffffff9c, &(0x7f0000000180)=ANY=[@ANYBLOB="2000000002"], 0x0) 592.029442ms ago: executing program 2 (id=403): r0 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x70bd26, 0x0, {0x2, 0x0, 0x80, 0x0, 0xff, 0x0, 0x0, 0x6, 0x2900}}, 0x1c}}, 0x8c0) 521.021448ms ago: executing program 2 (id=404): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) ioctl$int_in(r0, 0x5421, &(0x7f0000000100)=0x9) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10) close(r0) 502.17873ms ago: executing program 1 (id=405): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000) openat$incfs(0xffffffffffffff9c, &(0x7f00000a0040)='.pending_reads\x00', 0x80102, 0x10) 480.895592ms ago: executing program 0 (id=406): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000000)={0x13, 0x10, 0x7, {0x0, r2}}, 0x18) 371.299044ms ago: executing program 1 (id=407): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) lsetxattr$system_posix_acl(&(0x7f0000002540)='./file0\x00', &(0x7f0000002580)='system.posix_acl_default\x00', &(0x7f0000002640)={{}, {0x1, 0x2}, [], {0x4, 0x2}, [], {0x10, 0x1}}, 0x24, 0x3) lgetxattr(&(0x7f0000002840)='./file0\x00', &(0x7f0000002880)=@known='system.posix_acl_default\x00', 0x0, 0x0) 371.121934ms ago: executing program 2 (id=408): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000040)={@val={0x2000}, @void, @eth={@broadcast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x5, 0x29, 0x0, @initdev={0xac, 0x1e, 0xfc, 0x0}, @multicast1}, {0x300, 0x7000, 0x29, 0x0, @gue={{0x2, 0x0, 0x0, 0x0, 0xce1300d54c3818a3, @val=0xe0000001}, "ebc7a1e0ff5befe1fdbc66e400d7e83306de422b4a81099bcc"}}}}}}}, 0x4f) 314.275219ms ago: executing program 0 (id=409): r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000200)={r0}) close(r1) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000001000)) 303.24711ms ago: executing program 3 (id=410): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001040)={0x40, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "1e1c"}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) 202.9675ms ago: executing program 1 (id=411): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0xd0, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) write$sndseq(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000740)={0x18, &(0x7f0000000000)={0x40, 0x2, 0x4, {0x4, 0x0, "34d0"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) 201.37079ms ago: executing program 0 (id=412): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a8f4dd086d0492082a6d0000000109021b0001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000006c0)={0x2c, &(0x7f0000000700), 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 136.449637ms ago: executing program 3 (id=413): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001500)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01061800000000a8390a97"], 0x0, 0x26}, 0x28) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180900000020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x18) r1 = io_uring_setup(0x456, &(0x7f00000000c0)={0x0, 0x3, 0x1000, 0x1004003, 0x3c}) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x18, &(0x7f0000000000), 0x1) 113.173929ms ago: executing program 2 (id=414): r0 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x8000}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x0, 0x0, 0x0, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0xffffffffffffff09, {0x10, 0x10, 0x4, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x6, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 74.882513ms ago: executing program 3 (id=415): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={0xffffffffffffffff}, 0x106, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000140)={0x15, 0x110, 0xfa00, {r1, 0xef7, 0x30, 0x30, 0x0, @in6={0x1b, 0x4e20, 0x7, @empty, 0xbff}, @ib={0x1b, 0xf, 0xffa, {"50916300000000000000000700"}, 0x8000000000000001, 0x8, 0x3}}}, 0x118) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r1, 0x2000000a}}, 0x10) close_range(r0, r0, 0x0) 180.52µs ago: executing program 3 (id=416): r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='./cgroup.net/cgroup.procs\x00', 0x0, 0x82) close(0x3) open_by_handle_at(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="10000000020000000b"], 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) 0s ago: executing program 3 (id=417): syz_mount_image$reiserfs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x8488, &(0x7f0000000780), 0xfe, 0x10fd, &(0x7f0000001140)="$eJzs2T9rFEEYBvBnds8/3cqmXwQtLCQknF8ghcK1ttqIpDJVrlL8OH4cTWUf0msRsF9Zb/dO5UTwTm1+PzjmvYd9Z2fKmQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZsmnkhxUSTtlVZKSdN3F4ipJN+V33tdVSp6eLpaPz+dPlknqb4+XZ0kZuoa2tMf3brfzdt4et48OTu5/WL5+8+rF2dnp+ThNSZfL6/1vpYzrAQAAAH7U76z5z+8HAAAAfmdvFwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf6hvNnU7FVWSknTdxeIqSbel78Y/Wh8AAACwu5Iqz5tt+eoaYONhPjZlnQ/jlzLUR3m3pR8AAAD4pf7WWHz/fb3c3JzHH2S2PpcP2d3Mcni4+j8O+XyS1EmOfpr88vrty+lX+vpv7wUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAAAAAPYKAAD///F61s8=") mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1/file3\x00', 0x0) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x202183b, 0x0, 0x5, 0x0, &(0x7f0000000000)) renameat2(0xffffffffffffff9c, &(0x7f0000001100)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.114' (ED25519) to the list of known hosts. syzkaller login: [ 56.101462][ T5769] cgroup: Unknown subsys name 'net' [ 56.238063][ T5769] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 57.611382][ T5769] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 58.912479][ T5781] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 58.922274][ T5781] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 58.932324][ T5781] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 58.943067][ T5781] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 58.952717][ T5781] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 58.962364][ T5781] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.009548][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 59.018256][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 59.026261][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 59.057100][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 59.070352][ T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 59.091921][ T5785] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 59.099207][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 59.111340][ T5102] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 59.118930][ T5102] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 59.127489][ T5102] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 59.138724][ T5102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 59.146207][ T5102] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 59.158723][ T5781] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 59.166808][ T5781] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 59.174366][ T5781] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 59.182706][ T5781] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 59.195751][ T5781] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 59.204476][ T5781] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 59.297815][ T5779] chnl_net:caif_netlink_parms(): no params data found [ 59.447182][ T5779] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.454615][ T5779] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.461833][ T5779] bridge_slave_0: entered allmulticast mode [ 59.469972][ T5779] bridge_slave_0: entered promiscuous mode [ 59.487052][ T5779] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.494397][ T5779] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.501577][ T5779] bridge_slave_1: entered allmulticast mode [ 59.508578][ T5779] bridge_slave_1: entered promiscuous mode [ 59.541583][ T5779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.553557][ T5779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.625173][ T5779] team0: Port device team_slave_0 added [ 59.649740][ T5779] team0: Port device team_slave_1 added [ 59.724173][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.731126][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.757529][ T5779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.772602][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.779546][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.805907][ T5779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.845094][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 59.912280][ T5782] chnl_net:caif_netlink_parms(): no params data found [ 59.954917][ T5779] hsr_slave_0: entered promiscuous mode [ 59.961291][ T5779] hsr_slave_1: entered promiscuous mode [ 60.014583][ T5783] chnl_net:caif_netlink_parms(): no params data found [ 60.083967][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.091137][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.099349][ T5782] bridge_slave_0: entered allmulticast mode [ 60.106183][ T5782] bridge_slave_0: entered promiscuous mode [ 60.114840][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.121944][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.129130][ T5782] bridge_slave_1: entered allmulticast mode [ 60.136538][ T5782] bridge_slave_1: entered promiscuous mode [ 60.155223][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.162362][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.169657][ T5791] bridge_slave_0: entered allmulticast mode [ 60.176917][ T5791] bridge_slave_0: entered promiscuous mode [ 60.221378][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.228876][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.236148][ T5791] bridge_slave_1: entered allmulticast mode [ 60.243147][ T5791] bridge_slave_1: entered promiscuous mode [ 60.286910][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.319977][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.335698][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.347509][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.401781][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.409077][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.416899][ T5783] bridge_slave_0: entered allmulticast mode [ 60.428382][ T5783] bridge_slave_0: entered promiscuous mode [ 60.463464][ T5791] team0: Port device team_slave_0 added [ 60.469559][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.477177][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.484586][ T5783] bridge_slave_1: entered allmulticast mode [ 60.491170][ T5783] bridge_slave_1: entered promiscuous mode [ 60.500782][ T5782] team0: Port device team_slave_0 added [ 60.509354][ T5782] team0: Port device team_slave_1 added [ 60.527958][ T5791] team0: Port device team_slave_1 added [ 60.608253][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.615545][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.641907][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.654689][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.661637][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.687573][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.704012][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.710953][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.737238][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.750562][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.770531][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.782185][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.808628][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.821486][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.868813][ T5782] hsr_slave_0: entered promiscuous mode [ 60.875437][ T5782] hsr_slave_1: entered promiscuous mode [ 60.881533][ T5782] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.890086][ T5782] Cannot create hsr debugfs directory [ 60.910246][ T5783] team0: Port device team_slave_0 added [ 60.932299][ T5783] team0: Port device team_slave_1 added [ 60.982973][ T5102] Bluetooth: hci0: command tx timeout [ 60.992552][ T5791] hsr_slave_0: entered promiscuous mode [ 60.998692][ T5791] hsr_slave_1: entered promiscuous mode [ 61.005256][ T5791] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.013748][ T5791] Cannot create hsr debugfs directory [ 61.047481][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.054699][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.080849][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.097177][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.104169][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.130136][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.143615][ T5102] Bluetooth: hci1: command tx timeout [ 61.200871][ T5779] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 61.222834][ T5102] Bluetooth: hci3: command tx timeout [ 61.222889][ T5781] Bluetooth: hci2: command tx timeout [ 61.236857][ T5779] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 61.287000][ T5779] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 61.297333][ T5779] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 61.311769][ T5783] hsr_slave_0: entered promiscuous mode [ 61.318375][ T5783] hsr_slave_1: entered promiscuous mode [ 61.325809][ T5783] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.333531][ T5783] Cannot create hsr debugfs directory [ 61.550143][ T5782] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 61.559692][ T5782] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 61.587379][ T5782] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 61.601382][ T5782] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 61.670416][ T5791] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 61.694112][ T5791] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 61.708608][ T5791] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 61.745819][ T5791] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 61.787870][ T5783] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 61.797016][ T5783] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 61.807349][ T5783] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 61.818517][ T5783] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 61.840339][ T5779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.905858][ T5779] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.956825][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.979523][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.986769][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.016033][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.023133][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.057202][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.097560][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.108718][ T5782] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.140781][ T5783] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.151222][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.176744][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.183896][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.195315][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.202458][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.219892][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.227297][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.248366][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.255497][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.280734][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.287891][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.298751][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.305882][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.552749][ T5779] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.666458][ T5779] veth0_vlan: entered promiscuous mode [ 62.699551][ T5779] veth1_vlan: entered promiscuous mode [ 62.787589][ T5779] veth0_macvtap: entered promiscuous mode [ 62.814595][ T5779] veth1_macvtap: entered promiscuous mode [ 62.849253][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.876434][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.896982][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.938761][ T5783] veth0_vlan: entered promiscuous mode [ 62.952062][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.967858][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.983629][ T5779] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.993318][ T5779] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.002015][ T5779] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.011048][ T5779] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.032239][ T5783] veth1_vlan: entered promiscuous mode [ 63.062608][ T5781] Bluetooth: hci0: command tx timeout [ 63.106586][ T5782] veth0_vlan: entered promiscuous mode [ 63.127594][ T5782] veth1_vlan: entered promiscuous mode [ 63.158729][ T5783] veth0_macvtap: entered promiscuous mode [ 63.181014][ T5791] veth0_vlan: entered promiscuous mode [ 63.216339][ T5783] veth1_macvtap: entered promiscuous mode [ 63.224470][ T5781] Bluetooth: hci1: command tx timeout [ 63.231284][ T5791] veth1_vlan: entered promiscuous mode [ 63.241842][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.258865][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.302958][ T5781] Bluetooth: hci2: command tx timeout [ 63.305138][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.319133][ T5781] Bluetooth: hci3: command tx timeout [ 63.324975][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.336618][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.349167][ T5791] veth0_macvtap: entered promiscuous mode [ 63.358883][ T5782] veth0_macvtap: entered promiscuous mode [ 63.371677][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.382623][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.395442][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.406126][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.408489][ T5791] veth1_macvtap: entered promiscuous mode [ 63.422112][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.427119][ T5782] veth1_macvtap: entered promiscuous mode [ 63.448172][ T5783] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.457259][ T5783] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.467533][ T5783] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.476344][ T5783] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.517637][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.531425][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.541765][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.552936][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.564850][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.607702][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.620617][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.631654][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.643597][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.654858][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.667288][ T5782] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.676728][ T5782] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.685493][ T5782] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.694249][ T5782] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.711047][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.722029][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.731927][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.743410][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.753280][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.763715][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.775509][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.801577][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.812845][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.823371][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.834051][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.844789][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.855482][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.867639][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.916843][ T5791] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.927004][ T5791] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.935785][ T5791] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.945423][ T5791] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.971342][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.988288][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.041954][ T1110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.050602][ T1110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.142918][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.150973][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.172749][ T1313] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.180578][ T1313] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.194386][ T5841] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 64.285179][ T1110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.302941][ T1110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.315391][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.334854][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.406640][ T5841] usb 2-1: config 0 has an invalid interface number: 128 but max is 0 [ 64.422360][ T5841] usb 2-1: config 0 has no interface number 0 [ 64.460576][ T5841] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 64.495456][ T5841] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 64.533485][ T5841] usb 2-1: Product: syz [ 64.537789][ T5841] usb 2-1: Manufacturer: syz [ 64.548155][ T5868] syz.0.1[5868]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 64.558379][ T5841] usb 2-1: SerialNumber: syz [ 64.587254][ T5841] usb 2-1: config 0 descriptor?? [ 65.046973][ T5841] usb 2-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (2) [ 65.078940][ T5841] usb 2-1: Firmware version (0.0) predates our first public release. [ 65.103580][ T5841] usb 2-1: Please update to version 0.2 or newer [ 65.144093][ T5781] Bluetooth: hci0: command tx timeout [ 65.302830][ T5781] Bluetooth: hci1: command tx timeout [ 65.383830][ T5781] Bluetooth: hci3: command tx timeout [ 65.386006][ T5102] Bluetooth: hci2: command tx timeout [ 65.427591][ T5841] usb 2-1: USB disconnect, device number 2 [ 65.894186][ T5877] loop2: detected capacity change from 0 to 128 [ 65.964992][ T5879] loop3: detected capacity change from 0 to 128 [ 66.122313][ T5879] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 66.160820][ T5879] ext4 filesystem being mounted at /2/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 66.378859][ T5783] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 67.059708][ T5887] loop1: detected capacity change from 0 to 32768 [ 67.081325][ T5887] ======================================================= [ 67.081325][ T5887] WARNING: The mand mount option has been deprecated and [ 67.081325][ T5887] and is ignored by this kernel. Remove the mand [ 67.081325][ T5887] option from the mount to silence this warning. [ 67.081325][ T5887] ======================================================= [ 67.224617][ T5102] Bluetooth: hci0: command tx timeout [ 67.356494][ T5887] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 67.382440][ T5102] Bluetooth: hci1: command tx timeout [ 67.463835][ T5102] Bluetooth: hci3: command tx timeout [ 67.463857][ T5781] Bluetooth: hci2: command tx timeout [ 67.638793][ T5887] XFS (loop1): Ending clean mount [ 67.644360][ T8] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 67.801901][ T5779] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 67.885862][ T8] usb 4-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64 [ 67.922572][ T8] usb 4-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32 [ 67.953872][ T8] usb 4-1: config 1 interface 0 has no altsetting 0 [ 68.003200][ T8] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 68.013304][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.021317][ T8] usb 4-1: Product: syz [ 68.051522][ T5899] loop2: detected capacity change from 0 to 40427 [ 68.062719][ T8] usb 4-1: Manufacturer: syz [ 68.067336][ T8] usb 4-1: SerialNumber: syz [ 68.112394][ T5899] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 68.129191][ T5899] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 68.141502][ T5911] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 68.162875][ T5911] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 68.190392][ T5899] F2FS-fs (loop2): invalid crc value [ 68.251886][ T5899] F2FS-fs (loop2): Found nat_bits in checkpoint [ 68.487973][ T5899] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 68.531381][ T5899] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 68.842188][ T5841] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 69.042492][ T5841] usb 2-1: Using ep0 maxpacket: 32 [ 69.067202][ T5841] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 69.085704][ T5841] usb 2-1: config 0 has no interface number 0 [ 69.104269][ T5841] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 69.139512][ T5841] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.163604][ T5841] usb 2-1: Product: syz [ 69.175566][ T5841] usb 2-1: Manufacturer: syz [ 69.180278][ T5841] usb 2-1: SerialNumber: syz [ 69.199098][ T5841] usb 2-1: config 0 descriptor?? [ 69.236034][ T5841] smsc95xx v2.0.0 [ 69.252299][ T8] (unnamed net_device) (uninitialized): Assigned a random MAC address: ae:30:43:dc:ea:49 [ 69.307459][ T8] rtl8150 4-1:1.0: eth1: rtl8150 is detected [ 69.338420][ T8] usb 4-1: USB disconnect, device number 2 [ 69.677941][ T5841] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 69.688827][ T5841] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 69.912286][ T786] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 70.101420][ T5841] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 70.103641][ T786] usb 3-1: Using ep0 maxpacket: 8 [ 70.117855][ T5841] smsc95xx: probe of 2-1:0.67 failed with error -71 [ 70.127469][ T786] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 70.131566][ T5841] usb 2-1: USB disconnect, device number 3 [ 70.156103][ T786] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 70.172262][ T786] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 70.182018][ T786] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 70.214386][ T786] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 70.249494][ T786] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 70.258901][ T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.381411][ T5975] loop3: detected capacity change from 0 to 32768 [ 70.411524][ T5975] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 70.420977][ T5771] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 70.453073][ T5975] XFS (loop3): Ending clean mount [ 70.481435][ T5975] XFS (loop3): Quotacheck needed: Please wait. [ 70.492394][ T786] usb 3-1: usb_control_msg returned -32 [ 70.498965][ T786] usbtmc 3-1:16.0: can't read capabilities [ 70.576482][ T5975] XFS (loop3): Quotacheck: Done. [ 70.618350][ T5771] usb 1-1: Using ep0 maxpacket: 16 [ 70.626942][ T5771] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 70.646780][ T5771] usb 1-1: config 0 has no interface number 0 [ 70.661087][ T5771] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 70.673961][ T5771] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 70.674819][ T5783] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 70.687468][ T5771] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 70.707439][ T5771] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 70.715691][ T5771] usb 1-1: Product: syz [ 70.719870][ T5771] usb 1-1: SerialNumber: syz [ 70.733065][ T5771] usb 1-1: config 0 descriptor?? [ 70.762302][ T5771] cm109 1-1:0.8: invalid payload size 0, expected 4 [ 70.792533][ T5771] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input5 [ 70.982416][ T5988] usbtmc 3-1:16.0: control status returned 0 [ 71.062930][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 71.160322][ T5994] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 71.193294][ T786] usb 3-1: USB disconnect, device number 2 [ 71.304597][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 71.304803][ T5821] usb 1-1: USB disconnect, device number 2 [ 71.311570][ C1] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 71.347612][ T5821] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 71.468698][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.475552][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.568731][ T6003] loop1: detected capacity change from 0 to 512 [ 71.664216][ T6003] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.821452][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.839130][ T5999] loop3: detected capacity change from 0 to 32768 [ 71.908973][ T5999] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 72.111062][ T6027] loop2: detected capacity change from 0 to 764 [ 72.147814][ T5156] udevd[5156]: worker [5871] terminated by signal 33 (Unknown signal 33) [ 72.168989][ T5999] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 72.223827][ T6027] Symlink component flag not implemented [ 72.233319][ T6027] Symlink component flag not implemented [ 72.250060][ T6027] Symlink component flag not implemented (129) [ 72.258159][ T6027] Symlink component flag not implemented (6) [ 72.282183][ T5771] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 72.293013][ T5999] XFS (loop3): Starting recovery (logdev: internal) [ 72.332889][ T5821] [U]  [ 72.344816][ T5999] XFS (loop3): Ending recovery (logdev: internal) [ 72.362062][ T6031] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 72.412797][ T27] audit: type=1800 audit(1763278508.094:2): pid=5999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.36" name="file1" dev="loop3" ino=4422 res=0 errno=0 [ 72.483256][ T5771] usb 1-1: Using ep0 maxpacket: 16 [ 72.491100][ T5771] usb 1-1: config 105 has too many interfaces: 47, using maximum allowed: 32 [ 72.507643][ T5771] usb 1-1: config 105 has an invalid descriptor of length 0, skipping remainder of the config [ 72.528521][ T5783] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 72.537570][ T5771] usb 1-1: config 105 has 0 interfaces, different from the descriptor's value: 47 [ 72.564011][ T5771] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 72.578542][ T5771] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 72.596797][ T5771] usb 1-1: Manufacturer: syz [ 72.840929][ T6023] warning: `syz.0.42' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 72.865930][ T6045] loop2: detected capacity change from 0 to 8 [ 72.869897][ T5771] usb 1-1: USB disconnect, device number 3 [ 73.058391][ T6054] Bluetooth: MGMT ver 1.22 [ 73.516032][ T6055] loop1: detected capacity change from 0 to 40427 [ 73.548351][ T6055] F2FS-fs (loop1): invalid crc value [ 73.563568][ T6055] F2FS-fs (loop1): Found nat_bits in checkpoint [ 73.588657][ T6064] Illegal XDP return value 92 on prog (id 11) dev syz_tun, expect packet loss! [ 73.638751][ T6055] F2FS-fs (loop1): Start checkpoint disabled! [ 73.672629][ T6055] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 73.730691][ T6070] 9pnet: p9_errstr2errno: server reported unknown error 00000000000000000000003 [ 73.869019][ T6062] loop3: detected capacity change from 0 to 32768 [ 73.879526][ T6074] loop0: detected capacity change from 0 to 128 [ 73.958448][ T78] kworker/u4:4: attempt to access beyond end of device [ 73.958448][ T78] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 73.973541][ T6062] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 74.002971][ T78] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 74.038589][ T78] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 74.046608][ T78] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 74.117431][ T6062] XFS (loop3): Ending clean mount [ 74.134461][ T6062] XFS (loop3): Quotacheck needed: Please wait. [ 74.190171][ T6062] XFS (loop3): Quotacheck: Done. [ 74.271598][ T27] audit: type=1800 audit(1763278509.944:3): pid=6062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.60" name="file1" dev="loop3" ino=4422 res=0 errno=0 [ 74.685664][ T5783] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 74.788297][ T6088] loop0: detected capacity change from 0 to 32768 [ 74.812449][ T6088] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.68 (6088) [ 74.847761][ T6088] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 74.858580][ T6088] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 74.871867][ T6088] BTRFS info (device loop0): doing ref verification [ 74.878636][ T6088] BTRFS info (device loop0): max_inline at 0 [ 74.914520][ T6088] BTRFS info (device loop0): force clearing of disk cache [ 74.929179][ T6086] loop2: detected capacity change from 0 to 40427 [ 74.935824][ T6088] BTRFS info (device loop0): turning on sync discard [ 74.948247][ T6088] BTRFS info (device loop0): using free space tree [ 74.956995][ T6086] F2FS-fs (loop2): invalid crc value [ 74.967055][ T6088] workqueue: max_active 4096 requested for btrfs-worker is out of range, clamping between 1 and 512 [ 74.998684][ T6086] F2FS-fs (loop2): Found nat_bits in checkpoint [ 75.006418][ T6088] workqueue: max_active 4096 requested for btrfs-delalloc is out of range, clamping between 1 and 512 [ 75.039397][ T6088] workqueue: max_active 4096 requested for btrfs-endio is out of range, clamping between 1 and 512 [ 75.065971][ T6088] workqueue: max_active 4096 requested for btrfs-endio-meta is out of range, clamping between 1 and 512 [ 75.092225][ T6088] workqueue: max_active 4096 requested for btrfs-rmw is out of range, clamping between 1 and 512 [ 75.096101][ T6104] Zero length message leads to an empty skb [ 75.118836][ T6088] workqueue: max_active 4096 requested for btrfs-endio-write is out of range, clamping between 1 and 512 [ 75.142224][ T5781] Bluetooth: hci0: command 0x0401 tx timeout [ 75.143476][ T5102] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 75.154689][ T6086] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 75.173722][ T6088] workqueue: max_active 4096 requested for btrfs-compressed-write is out of range, clamping between 1 and 512 [ 75.257330][ T6088] BTRFS info (device loop0): enabling ssd optimizations [ 75.287185][ T6088] BTRFS info (device loop0): rebuilding free space tree [ 75.343256][ T5791] syz-executor: attempt to access beyond end of device [ 75.343256][ T5791] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 75.359898][ T5791] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 75.369403][ T5791] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 75.567394][ T6130] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.576191][ T6130] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.620971][ T6130] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.628332][ T6130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.636736][ T6130] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.644040][ T6130] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.671862][ T6130] team0: Port device bridge0 added [ 75.826371][ T5782] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 76.281849][ T6149] loop2: detected capacity change from 0 to 512 [ 76.303427][ T6149] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 76.321070][ T6149] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 76.354810][ T6149] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 76.402478][ T6149] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2872: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 76.437478][ T6149] EXT4-fs (loop2): 1 truncate cleaned up [ 76.463387][ T6149] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.524281][ T27] audit: type=1800 audit(1763278512.214:4): pid=6149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.89" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 76.569224][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.596216][ T28] cfg80211: failed to load regulatory.db [ 76.684469][ T6160] input: syz0 as /devices/virtual/input/input6 [ 77.659735][ T6190] netlink: 4 bytes leftover after parsing attributes in process `syz.1.106'. [ 77.992321][ T8] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 78.152030][ T6215] loop3: detected capacity change from 0 to 4096 [ 78.182634][ T5821] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 78.192386][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 78.201305][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 78.213605][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 78.223778][ T8] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 78.247461][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.260487][ T8] usb 2-1: config 0 descriptor?? [ 78.289174][ T27] audit: type=1804 audit(1763278513.974:5): pid=6215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.116" name="/newroot/32/file0/file0" dev="loop3" ino=0 res=1 errno=0 [ 78.404505][ T5821] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 78.413195][ T5821] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 78.421587][ T6223] loop3: detected capacity change from 0 to 128 [ 78.432431][ T5821] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 78.444506][ T5821] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 78.457705][ T5821] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 78.474015][ T6221] loop0: detected capacity change from 0 to 4096 [ 78.480256][ T5821] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.481666][ T6223] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 78.495708][ T6221] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 78.503529][ T6223] ext4 filesystem being mounted at /33/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 78.519140][ T5821] usb 3-1: config 0 descriptor?? [ 78.573250][ T6203] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 78.593616][ T6223] EXT4-fs error (device loop3): ext4_check_dx_root:2266: inode #2: comm syz.3.120: Corrupt dir, invalid name for '.', running e2fsck is recommended [ 78.649551][ T5783] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 78.707907][ T8] savu 0003:1E7D:2D5A.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 78.999156][ T28] usb 2-1: USB disconnect, device number 4 [ 79.012661][ T5821] plantronics 0003:047F:FFFF.0002: unknown main item tag 0xd [ 79.021355][ T5821] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 79.035321][ T5821] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 79.112209][ T5863] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 79.312156][ T5863] usb 4-1: Using ep0 maxpacket: 8 [ 79.316154][ T5821] usb 3-1: USB disconnect, device number 3 [ 79.319914][ T5863] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 79.331321][ T5863] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 79.341087][ T5863] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 79.350838][ T5863] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 79.360975][ T5863] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 79.373955][ T5863] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 79.383083][ T5863] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.895111][ T6246] syz.2.129 uses obsolete (PF_INET,SOCK_PACKET) [ 80.238071][ T6248] loop0: detected capacity change from 0 to 32768 [ 80.256852][ T6248] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 80.267471][ T6248] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 80.298752][ T6264] loop2: detected capacity change from 0 to 512 [ 80.308959][ T6264] EXT4-fs: Ignoring removed mblk_io_submit option [ 80.315695][ T6264] EXT4-fs: Ignoring removed mblk_io_submit option [ 80.324391][ T6264] EXT4-fs: Ignoring removed mblk_io_submit option [ 80.330171][ T6248] XFS (loop0): Ending clean mount [ 80.332727][ T6264] EXT4-fs (loop2): Test dummy encryption mode enabled [ 80.340656][ T6248] XFS (loop0): Quotacheck needed: Please wait. [ 80.345906][ T6264] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 80.369604][ T6264] EXT4-fs (loop2): 1 truncate cleaned up [ 80.375177][ T6248] XFS (loop0): Quotacheck: Done. [ 80.381394][ T6264] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.474329][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.518987][ T5782] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 80.663138][ T6273] netlink: 80 bytes leftover after parsing attributes in process `syz.1.138'. [ 80.787175][ T6277] loop1: detected capacity change from 0 to 1024 [ 80.867957][ T6277] hfsplus: xattr searching failed [ 80.880767][ T6277] hfsplus: xattr searching failed [ 80.937510][ T5779] hfsplus: node 4:3 still has 1 user(s)! [ 80.977921][ T6284] loop1: detected capacity change from 0 to 1024 [ 81.007816][ T6284] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 81.020142][ T8] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 81.028151][ T6284] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 81.079086][ T6284] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #15: block 3: comm syz.1.142: lblock 3 mapped to illegal pblock 3 (length 3) [ 81.097694][ T6284] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 81.110157][ T6284] EXT4-fs (loop1): This should not happen!! Data will be lost [ 81.110157][ T6284] [ 81.133101][ T6284] EXT4-fs error (device loop1): ext4_free_blocks:6676: comm syz.1.142: Freeing blocks not in datazone - block = 3, count = 3 [ 81.149124][ T6284] EXT4-fs error (device loop1): ext4_free_blocks:6676: comm syz.1.142: Freeing blocks not in datazone - block = 0, count = 16 [ 81.187294][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 81.212393][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 81.229115][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 81.249051][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 81.258874][ T8] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 81.272327][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.291291][ T8] usb 3-1: config 0 descriptor?? [ 81.701416][ T6307] sctp: [Deprecated]: syz.0.152 (pid 6307) Use of int in max_burst socket option deprecated. [ 81.701416][ T6307] Use struct sctp_assoc_value instead [ 81.739307][ T6309] netlink: 'syz.1.153': attribute type 9 has an invalid length. [ 81.747843][ T6309] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.153'. [ 81.752624][ T8] savu 0003:1E7D:2D5A.0003: hiddev1,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 81.882707][ T5863] usb 4-1: USB disconnect, device number 3 [ 81.995162][ T28] usb 3-1: USB disconnect, device number 4 [ 82.391838][ T6335] loop1: detected capacity change from 0 to 4096 [ 82.580472][ T6335] EXT4-fs (loop1): Test dummy encryption mode enabled [ 82.615825][ T6335] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 82.621177][ T6341] loop3: detected capacity change from 0 to 8192 [ 82.635569][ T6335] System zones: 0-5 [ 82.648455][ T6341] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 82.668872][ T6335] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.693274][ T6341] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 82.706794][ T6333] loop0: detected capacity change from 0 to 32768 [ 82.719929][ T6341] REISERFS (device loop3): using ordered data mode [ 82.726983][ T6341] reiserfs: using flush barriers [ 82.736335][ T6341] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 82.757730][ T6341] REISERFS (device loop3): checking transaction log (loop3) [ 82.782269][ T6335] EXT4-fs (loop1): shut down requested (2) [ 82.789463][ T6341] REISERFS (device loop3): Using rupasov hash to sort names [ 82.797729][ T6341] REISERFS (device loop3): using 3.5.x disk format [ 82.805741][ T6341] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 82.817580][ T6341] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 82.828980][ T6341] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 82.852313][ T6341] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 82.884888][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.953812][ T6333] read_mapping_page failed! [ 82.958628][ T6333] ERROR: (device loop0): txCommit: [ 82.958628][ T6333] [ 83.312353][ T5821] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 83.429698][ T6347] loop2: detected capacity change from 0 to 32768 [ 83.479292][ T6347] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 83.512480][ T5821] usb 2-1: Using ep0 maxpacket: 32 [ 83.527515][ T5821] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 83.554167][ T5821] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 83.580575][ T6376] netlink: 'syz.3.177': attribute type 13 has an invalid length. [ 83.581476][ T5821] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 83.588464][ T6376] netlink: 24859 bytes leftover after parsing attributes in process `syz.3.177'. [ 83.608067][ T5821] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.619608][ T6347] XFS (loop2): Ending clean mount [ 83.638204][ T6347] XFS (loop2): Quotacheck needed: Please wait. [ 83.649224][ T5821] usb 2-1: config 0 descriptor?? [ 83.676439][ T6378] input: syz1 as /devices/virtual/input/input8 [ 83.690490][ T6347] XFS (loop2): Quotacheck: Done. [ 83.766161][ T6380] loop3: detected capacity change from 0 to 64 [ 83.788518][ T5791] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 84.089894][ T5821] ft260 0003:0403:6030.0004: unknown main item tag 0x0 [ 84.284074][ T5821] ft260 0003:0403:6030.0004: chip code: 6424 8183 [ 84.485465][ T5821] ft260 0003:0403:6030.0004: failed to retrieve system status [ 84.512670][ T5821] ft260: probe of 0003:0403:6030.0004 failed with error -71 [ 84.535849][ T5821] usb 2-1: USB disconnect, device number 5 [ 85.742268][ T786] usb 2-1: new low-speed USB device number 6 using dummy_hcd [ 85.924582][ T786] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 85.933755][ T786] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.944151][ T786] usb 2-1: config 0 descriptor?? [ 86.012065][ T6441] loop3: detected capacity change from 0 to 128 [ 86.033685][ T6441] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 86.046368][ T6441] ext4 filesystem being mounted at /56/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 86.131204][ T5783] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 86.140321][ T27] audit: type=1326 audit(1763278521.824:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6444 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 86.177253][ T27] audit: type=1326 audit(1763278521.824:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6444 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 86.201965][ T27] audit: type=1326 audit(1763278521.824:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6444 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 86.224166][ T27] audit: type=1326 audit(1763278521.824:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6444 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 86.252751][ T27] audit: type=1326 audit(1763278521.854:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6444 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 86.277508][ T27] audit: type=1326 audit(1763278521.854:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6444 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 86.300008][ T27] audit: type=1326 audit(1763278521.854:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6444 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 86.322408][ T27] audit: type=1326 audit(1763278521.854:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6444 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 86.344921][ T27] audit: type=1326 audit(1763278521.854:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6444 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 86.367614][ T27] audit: type=1326 audit(1763278521.854:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6444 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 86.732040][ T6465] random: crng reseeded on system resumption [ 86.802170][ T28] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 86.852157][ T5771] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 87.006712][ T28] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 87.015860][ T786] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 87.016523][ T28] usb 1-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 0.00 [ 87.032380][ T786] asix: probe of 2-1:0.0 failed with error -71 [ 87.035631][ T28] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.055567][ T786] usb 2-1: USB disconnect, device number 6 [ 87.057086][ T28] usb 1-1: config 0 descriptor?? [ 87.092445][ T5771] usb 4-1: Using ep0 maxpacket: 8 [ 87.099314][ T5771] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 87.109532][ T5771] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 87.118652][ T5771] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.129841][ T5771] usb 4-1: config 0 descriptor?? [ 87.144875][ T5771] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 87.237157][ T5821] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 87.422167][ T5821] usb 3-1: Using ep0 maxpacket: 32 [ 87.428862][ T5821] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 87.436966][ T5821] usb 3-1: config 0 has no interface number 0 [ 87.446191][ T5821] usb 3-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 87.455330][ T5821] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.464717][ T5821] usb 3-1: Product: syz [ 87.468899][ T5821] usb 3-1: Manufacturer: syz [ 87.473567][ T5821] usb 3-1: SerialNumber: syz [ 87.481569][ T5821] usb 3-1: config 0 descriptor?? [ 87.488523][ T5821] etas_es58x 3-1:0.2: Starting syz syz (Serial Number syz) [ 87.494260][ T28] wacom 0003:056A:00D0.0005: unknown main item tag 0x0 [ 87.505472][ T28] wacom 0003:056A:00D0.0005: Unknown device_type for 'HID 056a:00d0'. Assuming pen. [ 87.516526][ T28] wacom 0003:056A:00D0.0005: hidraw0: USB HID v0.00 Device [HID 056a:00d0] on usb-dummy_hcd.0-1/input0 [ 87.529093][ T28] input: Wacom Bamboo 2FG Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:056A:00D0.0005/input/input9 [ 87.647544][ T6470] netlink: 4 bytes leftover after parsing attributes in process `syz.1.221'. [ 87.730896][ T28] usb 1-1: USB disconnect, device number 4 [ 87.810452][ T6474] mmap: syz.1.223 (6474) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 88.150865][ T5771] gspca_vc032x: reg_r err -71 [ 88.160824][ T5771] vc032x: probe of 4-1:0.0 failed with error -71 [ 88.177545][ T5771] usb 4-1: USB disconnect, device number 4 [ 88.667218][ T6492] loop0: detected capacity change from 0 to 32768 [ 88.679565][ T6492] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 88.738253][ T6492] XFS (loop0): Ending clean mount [ 88.750591][ T6492] XFS (loop0): Quotacheck needed: Please wait. [ 88.776152][ T6492] XFS (loop0): Quotacheck: Done. [ 88.876881][ T5782] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 89.078422][ T6516] IPv6: sit1: Disabled Multicast RS [ 89.084660][ T6516] sit1: entered allmulticast mode [ 89.387740][ T6530] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 89.573220][ T8] IPVS: starting estimator thread 0... [ 89.672276][ T6538] IPVS: using max 17 ests per chain, 40800 per kthread [ 89.778708][ T6548] loop3: detected capacity change from 0 to 2048 [ 89.780274][ T28] usb 3-1: USB disconnect, device number 5 [ 89.851214][ T6548] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.924577][ T6551] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 89.968371][ T5771] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 90.038035][ T5771] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 90.070761][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.177780][ T6544] loop1: detected capacity change from 0 to 32768 [ 90.206367][ T6560] capability: warning: `syz.0.256' uses 32-bit capabilities (legacy support in use) [ 90.236230][ T6544] (syz.1.251,6544,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 90.280355][ T6544] (syz.1.251,6544,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 90.364525][ T6544] JBD2: Ignoring recovery information on journal [ 90.442719][ T6544] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 90.458743][ T6566] netlink: 80 bytes leftover after parsing attributes in process `syz.3.259'. [ 90.651006][ T6572] loop0: detected capacity change from 0 to 2048 [ 90.684833][ T6572] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 90.818327][ T6578] hsr0: entered promiscuous mode [ 90.824493][ T6578] netlink: 4 bytes leftover after parsing attributes in process `syz.2.264'. [ 90.832771][ T6544] syz.1.251 (6544) used greatest stack depth: 18992 bytes left [ 90.840900][ T6578] hsr_slave_0: left promiscuous mode [ 90.860520][ T6578] hsr_slave_1: left promiscuous mode [ 90.932973][ T6578] hsr0 (unregistering): left promiscuous mode [ 90.933313][ T5779] ocfs2: Unmounting device (7,1) on (node local) [ 90.958465][ T6576] syzkaller1: entered promiscuous mode [ 90.965750][ T6576] syzkaller1: entered allmulticast mode [ 91.142446][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 91.142459][ T27] audit: type=1326 audit(1763278526.824:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6582 comm="syz.0.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 91.215954][ T27] audit: type=1326 audit(1763278526.824:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6582 comm="syz.0.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 91.264556][ T27] audit: type=1326 audit(1763278526.824:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6582 comm="syz.0.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 91.332252][ T27] audit: type=1326 audit(1763278526.824:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6582 comm="syz.0.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 91.368339][ T6593] loop7: detected capacity change from 0 to 7 [ 91.392178][ T27] audit: type=1326 audit(1763278526.824:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6582 comm="syz.0.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73a678f6c9 code=0x7ffc0000 [ 91.416182][ T6593] Dev loop7: unable to read RDB block 7 [ 91.432205][ T6593] loop7: unable to read partition table [ 91.438045][ T6593] loop7: partition table beyond EOD, truncated [ 91.461340][ T6593] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 91.665644][ T6603] vivid-001: disconnect [ 91.688507][ T6602] vivid-001: reconnect [ 91.901979][ T6587] loop1: detected capacity change from 0 to 40427 [ 91.909832][ T6587] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 91.921629][ T6587] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 91.937936][ T6587] F2FS-fs (loop1): build fault injection attr: rate: 17008, type: 0x7ffff [ 91.951309][ T6587] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x5 [ 91.965790][ T6587] F2FS-fs (loop1): invalid crc value [ 91.974594][ T6587] F2FS-fs (loop1): Found nat_bits in checkpoint [ 91.982989][ T28] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 92.052737][ T6587] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 92.059819][ T6587] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 92.116274][ T8] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 92.117123][ T6587] capability: warning: `syz.1.266' uses deprecated v2 capabilities in a way that may be insecure [ 92.133307][ T6609] loop0: detected capacity change from 0 to 32768 [ 92.146730][ T6609] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.278 (6609) [ 92.164433][ T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 92.176030][ T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 92.177035][ T5779] syz-executor: attempt to access beyond end of device [ 92.177035][ T5779] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 92.186217][ T28] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 92.200201][ T6609] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 92.224349][ T6609] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 92.233093][ T5779] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 92.240978][ T6609] BTRFS info (device loop0): force zlib compression, level 3 [ 92.248507][ T6609] BTRFS info (device loop0): enabling ssd optimizations [ 92.255723][ T6609] BTRFS info (device loop0): allowing degraded mounts [ 92.265116][ T28] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 92.274340][ T28] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.275942][ T6609] BTRFS info (device loop0): force clearing of disk cache [ 92.284533][ T28] usb 4-1: config 0 descriptor?? [ 92.294929][ T6609] BTRFS info (device loop0): using free space tree [ 92.324255][ T8] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 92.340155][ T8] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 92.350563][ T8] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 92.360101][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.374133][ T6611] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 92.391096][ T8] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 92.404623][ T6609] BTRFS info (device loop0): rebuilding free space tree [ 92.435319][ T6609] BTRFS info (device loop0): checking UUID tree [ 92.576577][ T5782] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 92.752438][ T28] plantronics 0003:047F:FFFF.0007: unknown main item tag 0xe [ 92.759900][ T28] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 92.775209][ T6633] loop1: detected capacity change from 0 to 64 [ 92.797192][ T28] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 92.825809][ T28] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 92.882854][ T8] usb 3-1: USB disconnect, device number 6 [ 93.071194][ T6640] netlink: 'syz.1.283': attribute type 4 has an invalid length. [ 93.078886][ T6640] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.283'. [ 93.096340][ T5821] usb 4-1: USB disconnect, device number 5 [ 93.396076][ T6654] netlink: 56 bytes leftover after parsing attributes in process `syz.1.290'. [ 93.481507][ T6656] loop1: detected capacity change from 0 to 2048 [ 93.494594][ T6656] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 93.528965][ T6656] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 93.552172][ T6658] process 'syz.2.292' launched './file0' with NULL argv: empty string added [ 93.713553][ T6660] loop2: detected capacity change from 0 to 4096 [ 93.778560][ T6665] loop8: detected capacity change from 0 to 7 [ 93.802494][ T6666] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 93.819143][ T6665] Dev loop8: unable to read RDB block 7 [ 93.837736][ T6665] loop8: unable to read partition table [ 93.854248][ T6665] loop8: partition table beyond EOD, truncated [ 93.872119][ T6665] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 93.959078][ T27] audit: type=1800 audit(1763278529.644:23): pid=6660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.293" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 94.422618][ T27] audit: type=1800 audit(1763278530.114:24): pid=6656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.291" name="file1" dev="loop1" ino=1346 res=0 errno=0 [ 94.451626][ T6664] loop3: detected capacity change from 0 to 40427 [ 94.463876][ T6664] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x35f7 [ 94.492492][ T6664] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x7ffff [ 94.525303][ T6664] F2FS-fs (loop3): invalid crc value [ 94.552877][ T6664] F2FS-fs (loop3): Found nat_bits in checkpoint [ 94.560675][ T6679] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 94.666635][ T6664] F2FS-fs (loop3): Start checkpoint disabled! [ 94.702409][ T6664] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 94.766376][ T6664] F2FS-fs (loop3): inject checkpoint error in f2fs_balance_fs of f2fs_create+0x452/0x550 [ 94.779033][ T6664] F2FS-fs (loop3): Stopped filesystem due to reason: 1 [ 94.890577][ T6691] netlink: 72 bytes leftover after parsing attributes in process `syz.1.305'. [ 94.901899][ T6691] netlink: 12 bytes leftover after parsing attributes in process `syz.1.305'. [ 94.912564][ T6691] netlink: 8 bytes leftover after parsing attributes in process `syz.1.305'. [ 95.091845][ T6699] loop1: detected capacity change from 0 to 16 [ 95.146736][ T6699] erofs: (device loop1): mounted with root inode @ nid 36. [ 95.206180][ T27] audit: type=1800 audit(1763278530.894:25): pid=6699 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.310" name="file1" dev="loop1" ino=86 res=0 errno=0 [ 95.402328][ T8] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 95.602231][ T8] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 95.633104][ T6715] loop1: detected capacity change from 0 to 1024 [ 95.641167][ T6715] EXT4-fs: Ignoring removed nobh option [ 95.649514][ T8] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 95.659167][ T6715] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 95.664297][ T8] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 95.686888][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.695559][ T8] usb 1-1: Product: syz [ 95.699743][ T8] usb 1-1: Manufacturer: syz [ 95.704639][ T8] usb 1-1: SerialNumber: syz [ 95.713804][ T6715] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 95.751009][ T6715] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4031: comm syz.1.318: Allocating blocks 497-513 which overlap fs metadata [ 95.776814][ T6715] EXT4-fs (loop1): pa ffff8880779ee9f8: logic 16, phys. 129, len 24 [ 95.786740][ T6715] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 1 [ 95.828416][ T6703] loop2: detected capacity change from 0 to 32768 [ 95.853877][ T6703] gfs2: fsid=localflocks: Trying to join cluster "lock_nolock", "localflocks" [ 95.890015][ T6703] gfs2: fsid=localflocks: Now mounting FS (format 1801)... [ 95.903380][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.980344][ T6703] gfs2: fsid=localflocks.s: journal 0 mapped with 5 extents in 0ms [ 96.040163][ T6725] loop1: detected capacity change from 0 to 4096 [ 96.057020][ T6725] EXT4-fs (loop1): Test dummy encryption mode enabled [ 96.070427][ T6725] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 96.083741][ T6703] gfs2: fsid=localflocks.s: first mount done, others may mount [ 96.092382][ T6725] System zones: 0-5 [ 96.102743][ T6725] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.145760][ T8] usb 1-1: 0:2 : does not exist [ 96.466128][ T6725] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 96.534366][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.589829][ T786] usb 1-1: USB disconnect, device number 5 [ 97.148976][ T6752] netlink: 16 bytes leftover after parsing attributes in process `syz.2.330'. [ 97.494815][ T6748] loop3: detected capacity change from 0 to 32768 [ 97.511163][ T6748] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 97.550860][ T6748] XFS (loop3): Ending clean mount [ 97.601765][ T5783] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 97.762235][ T786] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 97.870775][ T6773] loop1: detected capacity change from 0 to 1024 [ 97.954176][ T786] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 97.970395][ T786] usb 1-1: config 0 has no interface number 0 [ 97.982767][ T786] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 98.003441][ T786] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.021665][ T786] usb 1-1: config 0 descriptor?? [ 98.035661][ T786] usb 1-1: selecting invalid altsetting 1 [ 98.053241][ T786] dvb_ttusb_budget: ttusb_init_controller: error [ 98.069509][ T786] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 98.188923][ T786] DVB: Unable to find symbol cx22700_attach() [ 98.304384][ T786] DVB: Unable to find symbol tda10046_attach() [ 98.310586][ T786] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 98.342737][ T786] usb 1-1: USB disconnect, device number 6 [ 98.499808][ T6801] loop2: detected capacity change from 0 to 128 [ 98.516725][ T6801] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 98.530086][ T6801] hpfs: filesystem error: improperly stopped [ 98.537489][ T6801] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 98.549243][ T6801] hpfs: You really don't want any checks? You are crazy... [ 98.561921][ T6801] hpfs: hpfs_map_sector(): read error [ 98.570772][ T6801] hpfs: code page support is disabled [ 98.577467][ T6801] hpfs: hpfs_map_4sectors(): unaligned read [ 98.588393][ T6801] hpfs: hpfs_map_4sectors(): unaligned read [ 98.594438][ T6801] hpfs: filesystem error: unable to find root dir [ 98.707637][ T6809] loop2: detected capacity change from 0 to 64 [ 98.749163][ T6809] Trying to free block not in datazone [ 98.757067][ T6809] Trying to free block not in datazone [ 98.763868][ T6809] Trying to free block not in datazone [ 98.769478][ T6809] Trying to free block not in datazone [ 98.776121][ T6809] Trying to free block not in datazone [ 98.781860][ T6809] Trying to free block not in datazone [ 98.788312][ T6809] Trying to free block not in datazone [ 98.794740][ T6809] Trying to free block not in datazone [ 98.800289][ T6809] Trying to free block not in datazone [ 98.806012][ T6809] Trying to free block not in datazone [ 98.811551][ T6809] Trying to free block not in datazone [ 98.817201][ T6809] Trying to free block not in datazone [ 98.819571][ T6811] syz.2.351: attempt to access beyond end of device [ 98.819571][ T6811] loop2: rw=0, sector=8192, nr_sectors = 2 limit=64 [ 98.822800][ T6809] Trying to free block not in datazone [ 98.822810][ T6809] Trying to free block not in datazone [ 98.822816][ T6809] Trying to free block not in datazone [ 98.822824][ T6809] Trying to free block not in datazone [ 98.822830][ T6809] Trying to free block not in datazone [ 98.822836][ T6809] Trying to free block not in datazone [ 98.822841][ T6809] Trying to free block not in datazone [ 98.822847][ T6809] Trying to free block not in datazone [ 98.822853][ T6809] Trying to free block not in datazone [ 98.822860][ T6809] Trying to free block not in datazone [ 98.822866][ T6809] Trying to free block not in datazone [ 98.822873][ T6809] Trying to free block not in datazone [ 98.822880][ T6809] Trying to free block not in datazone [ 98.822886][ T6809] Trying to free block not in datazone [ 98.822893][ T6809] Trying to free block not in datazone [ 98.822899][ T6809] Trying to free block not in datazone [ 98.822906][ T6809] Trying to free block not in datazone [ 98.822912][ T6809] Trying to free block not in datazone [ 98.822919][ T6809] Trying to free block not in datazone [ 98.822926][ T6809] Trying to free block not in datazone [ 98.822932][ T6809] Trying to free block not in datazone [ 98.822938][ T6809] Trying to free block not in datazone [ 98.822944][ T6809] Trying to free block not in datazone [ 98.822950][ T6809] Trying to free block not in datazone [ 98.822956][ T6809] Trying to free block not in datazone [ 98.955519][ T6811] Trying to free block not in datazone [ 98.974872][ T6813] loop0: detected capacity change from 0 to 128 [ 98.981815][ T6811] Trying to free block not in datazone [ 98.992239][ T6809] Trying to free block not in datazone [ 99.003299][ T6809] Trying to free block not in datazone [ 99.004884][ T6811] Trying to free block not in datazone [ 99.013678][ T6813] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 99.017312][ T6809] Trying to free block not in datazone [ 99.046783][ T6809] Trying to free block not in datazone [ 99.052380][ T6813] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 99.062027][ T6809] Trying to free block not in datazone [ 99.068742][ T6809] Trying to free block not in datazone [ 99.076837][ T6809] Trying to free block not in datazone [ 99.105168][ T6809] Trying to free block not in datazone [ 99.119270][ T6809] Trying to free block not in datazone [ 99.128559][ T6809] Trying to free block not in datazone [ 99.138289][ T6809] Trying to free block not in datazone [ 99.144192][ T6809] Trying to free block not in datazone [ 99.149777][ T6809] Trying to free block not in datazone [ 99.157778][ T6809] Trying to free block not in datazone [ 99.170002][ T6809] Trying to free block not in datazone [ 99.190771][ T6809] Trying to free block not in datazone [ 99.212421][ T6809] Trying to free block not in datazone [ 99.217939][ T6809] Trying to free block not in datazone [ 99.223865][ T6809] Trying to free block not in datazone [ 99.232243][ T6809] Trying to free block not in datazone [ 99.252247][ T6809] Trying to free block not in datazone [ 99.262781][ T6809] Trying to free block not in datazone [ 99.279326][ T6809] Trying to free block not in datazone [ 99.299387][ T6822] loop1: detected capacity change from 0 to 164 [ 99.301299][ T6809] Trying to free block not in datazone [ 99.312952][ T6809] Trying to free block not in datazone [ 99.318455][ T6809] Trying to free block not in datazone [ 99.330193][ T6809] Trying to free block not in datazone [ 99.340727][ T6809] Trying to free block not in datazone [ 99.347400][ T6822] rock: directory entry would overflow storage [ 99.358907][ T6822] rock: sig=0x66, size=4, remaining=3 [ 99.360914][ T6809] Trying to free block not in datazone [ 99.385319][ T6809] Trying to free block not in datazone [ 99.402210][ T6809] Trying to free block not in datazone [ 99.417300][ T6822] rock: directory entry would overflow storage [ 99.417882][ T6809] Trying to free block not in datazone [ 99.433175][ T6822] rock: sig=0x66, size=4, remaining=3 [ 99.442217][ T6809] Trying to free block not in datazone [ 99.450192][ T6809] Trying to free block not in datazone [ 99.464332][ T6809] Trying to free block not in datazone [ 99.480007][ T6809] Trying to free block not in datazone [ 99.497824][ T6809] Trying to free block not in datazone [ 99.505608][ T6809] Trying to free block not in datazone [ 99.511087][ T6809] Trying to free block not in datazone [ 99.518953][ T6809] Trying to free block not in datazone [ 99.526673][ T6809] Trying to free block not in datazone [ 99.534494][ T6809] Trying to free block not in datazone [ 99.539966][ T6809] Trying to free block not in datazone [ 99.550384][ T6809] Trying to free block not in datazone [ 99.570465][ T6809] Trying to free block not in datazone [ 99.579583][ T6827] netlink: 8 bytes leftover after parsing attributes in process `syz.1.358'. [ 99.581685][ T6809] Trying to free block not in datazone [ 99.599215][ T6809] Trying to free block not in datazone [ 99.604785][ T6809] Trying to free block not in datazone [ 99.610420][ T6809] Trying to free block not in datazone [ 99.620352][ T6809] Trying to free block not in datazone [ 99.628742][ T6809] Trying to free block not in datazone [ 99.657660][ T6809] Trying to free block not in datazone [ 99.674125][ T6809] Trying to free block not in datazone [ 99.690434][ T6809] Trying to free block not in datazone [ 99.702670][ T6809] Trying to free block not in datazone [ 99.708217][ T6809] Trying to free block not in datazone [ 99.724272][ T6809] Trying to free block not in datazone [ 99.729753][ T6809] Trying to free block not in datazone [ 99.740370][ T6809] Trying to free block not in datazone [ 99.749504][ T6809] Trying to free block not in datazone [ 99.774276][ T6809] Trying to free block not in datazone [ 99.782833][ T6809] Trying to free block not in datazone [ 99.788334][ T6809] Trying to free block not in datazone [ 99.804414][ T6809] Trying to free block not in datazone [ 99.809891][ T6809] Trying to free block not in datazone [ 99.835807][ T6809] Trying to free block not in datazone [ 99.841287][ T6809] Trying to free block not in datazone [ 99.870022][ T6809] Trying to free block not in datazone [ 99.885259][ T6809] Trying to free block not in datazone [ 99.900948][ T6809] Trying to free block not in datazone [ 99.911057][ T6809] Trying to free block not in datazone [ 99.921167][ T6809] Trying to free block not in datazone [ 99.941355][ T6809] Trying to free block not in datazone [ 99.947232][ T6809] Trying to free block not in datazone [ 99.962448][ T6809] Trying to free block not in datazone [ 99.973399][ T6809] Trying to free block not in datazone [ 99.982522][ T6809] Trying to free block not in datazone [ 99.988588][ T6809] Trying to free block not in datazone [ 100.010853][ T6836] loop0: detected capacity change from 0 to 1024 [ 100.021702][ T6809] Trying to free block not in datazone [ 100.027558][ T6809] Trying to free block not in datazone [ 100.037672][ T6809] Trying to free block not in datazone [ 100.045229][ T6836] EXT4-fs: Ignoring removed nobh option [ 100.050874][ T6809] Trying to free block not in datazone [ 100.060340][ T6836] EXT4-fs: Ignoring removed bh option [ 100.065833][ T6809] Trying to free block not in datazone [ 100.072038][ T6836] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 100.083580][ T6809] Trying to free block not in datazone [ 100.089628][ T6809] Trying to free block not in datazone [ 100.100563][ T6809] Trying to free block not in datazone [ 100.106311][ T6809] Trying to free block not in datazone [ 100.113114][ T6809] Trying to free block not in datazone [ 100.127810][ T6820] loop3: detected capacity change from 0 to 40427 [ 100.128489][ T6836] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.136882][ T6809] Trying to free block not in datazone [ 100.153020][ T6809] Trying to free block not in datazone [ 100.158502][ T6809] Trying to free block not in datazone [ 100.164111][ T6809] Trying to free block not in datazone [ 100.169572][ T6809] Trying to free block not in datazone [ 100.176530][ T6809] Trying to free block not in datazone [ 100.182235][ T6809] Trying to free block not in datazone [ 100.187700][ T6809] Trying to free block not in datazone [ 100.187908][ T6820] F2FS-fs (loop3): invalid crc value [ 100.193978][ T6809] Trying to free block not in datazone [ 100.204615][ T6809] Trying to free block not in datazone [ 100.210078][ T6809] Trying to free block not in datazone [ 100.215682][ T6809] Trying to free block not in datazone [ 100.221194][ T6809] Trying to free block not in datazone [ 100.226003][ T6820] F2FS-fs (loop3): Found nat_bits in checkpoint [ 100.226752][ T6809] Trying to free block not in datazone [ 100.238379][ T6809] Trying to free block not in datazone [ 100.243883][ T6809] Trying to free block not in datazone [ 100.249726][ T6809] Trying to free block not in datazone [ 100.255543][ T6809] Trying to free block not in datazone [ 100.261007][ T6809] Trying to free block not in datazone [ 100.268798][ T6809] Trying to free block not in datazone [ 100.274332][ T6809] Trying to free block not in datazone [ 100.279791][ T6809] Trying to free block not in datazone [ 100.285375][ T6809] Trying to free block not in datazone [ 100.290835][ T6809] Trying to free block not in datazone [ 100.297111][ T6809] Trying to free block not in datazone [ 100.307085][ T6809] Trying to free block not in datazone [ 100.312641][ T6809] Trying to free block not in datazone [ 100.318100][ T6809] Trying to free block not in datazone [ 100.323618][ T6809] Trying to free block not in datazone [ 100.329082][ T6809] Trying to free block not in datazone [ 100.334597][ T6809] Trying to free block not in datazone [ 100.340451][ T6809] Trying to free block not in datazone [ 100.346260][ T6809] Trying to free block not in datazone [ 100.348842][ T5782] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.351703][ T6809] Trying to free block not in datazone [ 100.351712][ T6809] Trying to free block not in datazone [ 100.371738][ T6809] Trying to free block not in datazone [ 100.377889][ T6809] Trying to free block not in datazone [ 100.383461][ T6809] Trying to free block not in datazone [ 100.388921][ T6809] Trying to free block not in datazone [ 100.393705][ T6820] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 100.394501][ T6809] Trying to free block not in datazone [ 100.408172][ T6809] Trying to free block not in datazone [ 100.413759][ T6809] Trying to free block not in datazone [ 100.419303][ T6809] Trying to free block not in datazone [ 100.424922][ T6809] Trying to free block not in datazone [ 100.431796][ T6809] Trying to free block not in datazone [ 100.452210][ T6809] Trying to free block not in datazone [ 100.457687][ T6809] Trying to free block not in datazone [ 100.482120][ T6809] Trying to free block not in datazone [ 100.496124][ T6809] Trying to free block not in datazone [ 100.504673][ T6820] F2FS-fs (loop3): Stopped filesystem due to reason: 0 [ 100.522478][ T6809] Trying to free block not in datazone [ 100.527955][ T6809] Trying to free block not in datazone [ 100.542147][ T6809] Trying to free block not in datazone [ 100.557801][ T6809] Trying to free block not in datazone [ 100.577375][ T6809] Trying to free block not in datazone [ 100.586086][ T6809] Trying to free block not in datazone [ 100.591570][ T6809] Trying to free block not in datazone [ 100.612154][ T6809] Trying to free block not in datazone [ 100.617629][ T6809] Trying to free block not in datazone [ 100.644474][ T6809] Trying to free block not in datazone [ 100.645841][ T6850] loop0: detected capacity change from 0 to 8192 [ 100.649943][ T6809] Trying to free block not in datazone [ 100.649951][ T6809] Trying to free block not in datazone [ 100.649957][ T6809] Trying to free block not in datazone [ 100.649963][ T6809] Trying to free block not in datazone [ 100.649969][ T6809] Trying to free block not in datazone [ 100.649975][ T6809] Trying to free block not in datazone [ 100.649981][ T6809] Trying to free block not in datazone [ 100.681142][ T6850] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 100.728473][ T6850] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 100.733058][ T6809] Trying to free block not in datazone [ 100.742177][ T6850] REISERFS (device loop0): using ordered data mode [ 100.743208][ T6809] Trying to free block not in datazone [ 100.751426][ T6850] reiserfs: using flush barriers [ 100.782353][ T6850] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 100.813235][ T6809] Trying to free block not in datazone [ 100.818714][ T6809] Trying to free block not in datazone [ 100.847036][ T6850] REISERFS (device loop0): checking transaction log (loop0) [ 100.858846][ T6809] Trying to free block not in datazone [ 100.882146][ T6809] Trying to free block not in datazone [ 100.908677][ T6809] Trying to free block not in datazone [ 100.923078][ T6809] Trying to free block not in datazone [ 100.928560][ T6809] Trying to free block not in datazone [ 100.952193][ T6809] Trying to free block not in datazone [ 100.957676][ T6809] Trying to free block not in datazone [ 100.972357][ T6809] Trying to free block not in datazone [ 100.977835][ T6809] Trying to free block not in datazone [ 100.992312][ T6809] Trying to free block not in datazone [ 101.002224][ T6809] Trying to free block not in datazone [ 101.007702][ T6809] Trying to free block not in datazone [ 101.034061][ T6809] Trying to free block not in datazone [ 101.046856][ T6809] Trying to free block not in datazone [ 101.066903][ T6850] REISERFS (device loop0): Using tea hash to sort names [ 101.070043][ T6809] Trying to free block not in datazone [ 101.086986][ T6850] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 101.089718][ T6809] Trying to free block not in datazone [ 101.116799][ T6809] Trying to free block not in datazone [ 101.122167][ T6850] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 101.138154][ T6809] Trying to free block not in datazone [ 101.150271][ T6809] Trying to free block not in datazone [ 101.163702][ T6809] Trying to free block not in datazone [ 101.169179][ T6809] Trying to free block not in datazone [ 101.191161][ T6809] Trying to free block not in datazone [ 101.202209][ T6809] Trying to free block not in datazone [ 101.216551][ T6856] loop3: detected capacity change from 0 to 512 [ 101.221756][ T6850] overlayfs: upper fs needs to support d_type. [ 101.222975][ T6809] Trying to free block not in datazone [ 101.229299][ T6850] overlayfs: upper fs does not support tmpfile. [ 101.241345][ T6809] Trying to free block not in datazone [ 101.247020][ T6809] Trying to free block not in datazone [ 101.258019][ T6809] Trying to free block not in datazone [ 101.261306][ T6850] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 101.263833][ T6809] Trying to free block not in datazone [ 101.276684][ T6809] Trying to free block not in datazone [ 101.287976][ T6809] Trying to free block not in datazone [ 101.295478][ T6856] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.307671][ T6809] Trying to free block not in datazone [ 101.313252][ T6809] Trying to free block not in datazone [ 101.319503][ T6809] Trying to free block not in datazone [ 101.325079][ T6809] Trying to free block not in datazone [ 101.335677][ T6809] Trying to free block not in datazone [ 101.341182][ T6809] Trying to free block not in datazone [ 101.361683][ T27] audit: type=1800 audit(1763278537.044:26): pid=6856 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.367" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 101.382359][ T6809] Trying to free block not in datazone [ 101.387839][ T6809] Trying to free block not in datazone [ 101.401485][ T6809] Trying to free block not in datazone [ 101.407404][ T6809] Trying to free block not in datazone [ 101.417433][ T6809] Trying to free block not in datazone [ 101.424549][ T6809] Trying to free block not in datazone [ 101.430897][ T6809] Trying to free block not in datazone [ 101.467197][ T6809] Trying to free block not in datazone [ 101.491072][ T6809] Trying to free block not in datazone [ 101.515587][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.530167][ T6809] Trying to free block not in datazone [ 101.544095][ T6809] Trying to free block not in datazone [ 101.550823][ T6809] Trying to free block not in datazone [ 101.590031][ T5782] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 101.596461][ T6809] Trying to free block not in datazone [ 101.609748][ T6809] Trying to free block not in datazone [ 101.615564][ T6809] Trying to free block not in datazone [ 101.635246][ T6809] Trying to free block not in datazone [ 101.640726][ T6809] Trying to free block not in datazone [ 101.658708][ T6809] Trying to free block not in datazone [ 101.672409][ T6809] Trying to free block not in datazone [ 101.677890][ T6809] Trying to free block not in datazone [ 101.709432][ T6809] Trying to free block not in datazone [ 101.728300][ T6809] Trying to free block not in datazone [ 101.752130][ T6809] Trying to free block not in datazone [ 101.757655][ T6809] Trying to free block not in datazone [ 101.775761][ T6809] Trying to free block not in datazone [ 101.801567][ T6809] Trying to free block not in datazone [ 101.987624][ T6881] loop1: detected capacity change from 0 to 128 [ 102.017009][ T6881] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 102.030234][ T6881] hpfs: filesystem error: improperly stopped [ 102.038160][ T6881] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 102.046257][ T6881] hpfs: You really don't want any checks? You are crazy... [ 102.056238][ T6881] hpfs: hpfs_map_sector(): read error [ 102.059032][ T6885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.379'. [ 102.066371][ T6881] hpfs: code page support is disabled [ 102.081669][ T6889] loop2: detected capacity change from 0 to 64 [ 102.094577][ T6881] hpfs: hpfs_map_4sectors(): unaligned read [ 102.112268][ T6881] hpfs: hpfs_map_4sectors(): unaligned read [ 102.118185][ T6881] hpfs: filesystem error: unable to find root dir [ 102.272744][ T6891] loop0: detected capacity change from 0 to 4096 [ 102.322758][ T6891] EXT4-fs (loop0): Test dummy encryption mode enabled [ 102.351259][ T6891] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 102.367925][ T6891] System zones: 0-5 [ 102.388667][ T6891] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.579487][ T5782] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.908764][ T6921] loop0: detected capacity change from 0 to 2048 [ 102.921783][ T6921] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 102.940429][ T6921] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 103.120774][ T6934] loop0: detected capacity change from 0 to 164 [ 103.154916][ T6934] Unable to read rock-ridge attributes [ 103.173872][ T6932] loop3: detected capacity change from 0 to 4096 [ 103.186293][ T6934] ISOFS: unable to read i-node block [ 103.203330][ T6932] EXT4-fs (loop3): Test dummy encryption mode enabled [ 103.239844][ T6932] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 103.252455][ T6932] System zones: 0-5 [ 103.277352][ T6932] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.406502][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.758969][ T6967] loop3: detected capacity change from 0 to 8192 [ 103.768255][ T6967] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 103.782429][ T6967] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 103.791600][ T6967] REISERFS (device loop3): using ordered data mode [ 103.798118][ T6967] reiserfs: using flush barriers [ 103.804935][ T6967] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 103.821335][ T6967] REISERFS (device loop3): checking transaction log (loop3) [ 103.829716][ T6967] REISERFS (device loop3): Using r5 hash to sort names [ 103.837179][ T6967] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 103.839561][ T786] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 103.853699][ T5863] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 103.873468][ T6967] [ 103.875789][ T6967] ====================================================== [ 103.882783][ T6967] WARNING: possible circular locking dependency detected [ 103.889783][ T6967] syzkaller #0 Not tainted [ 103.894172][ T6967] ------------------------------------------------------ [ 103.901161][ T6967] syz.3.417/6967 is trying to acquire lock: [ 103.907024][ T6967] ffff888054a22410 (&type->i_mutex_dir_key#13){++++}-{3:3}, at: vfs_rename+0x6d3/0xec0 [ 103.916655][ T6967] [ 103.916655][ T6967] but task is already holding lock: [ 103.923995][ T6967] ffff888054a21d70 (&type->i_mutex_dir_key#13/2){+.+.}-{3:3}, at: vfs_rename+0x652/0xec0 [ 103.933802][ T6967] [ 103.933802][ T6967] which lock already depends on the new lock. [ 103.933802][ T6967] [ 103.944179][ T6967] [ 103.944179][ T6967] the existing dependency chain (in reverse order) is: [ 103.953170][ T6967] [ 103.953170][ T6967] -> #2 (&type->i_mutex_dir_key#13/2){+.+.}-{3:3}: [ 103.961838][ T6967] down_write_nested+0x9e/0x1f0 [ 103.967191][ T6967] delete_one_xattr+0xfa/0x300 [ 103.972453][ T6967] reiserfs_for_each_xattr+0x800/0x960 [ 103.978410][ T6967] reiserfs_delete_xattrs+0x20/0x90 [ 103.984120][ T6967] reiserfs_evict_inode+0x232/0x490 [ 103.989835][ T6967] evict+0x486/0x870 [ 103.994237][ T6967] vfs_rmdir+0x39b/0x4d0 [ 103.998987][ T6967] do_rmdir+0x29e/0x5c0 [ 104.003640][ T6967] __x64_sys_unlinkat+0xc4/0xe0 [ 104.008990][ T6967] do_syscall_64+0x55/0xb0 [ 104.013911][ T6967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 104.020306][ T6967] [ 104.020306][ T6967] -> #1 (&type->i_mutex_dir_key#13/3){+.+.}-{3:3}: [ 104.028976][ T6967] down_write_nested+0x9e/0x1f0 [ 104.034332][ T6967] open_xa_dir+0x122/0x6f0 [ 104.039256][ T6967] xattr_lookup+0x22/0x2a0 [ 104.044173][ T6967] reiserfs_xattr_set_handle+0xf9/0xd40 [ 104.050221][ T6967] reiserfs_xattr_set+0x439/0x550 [ 104.055749][ T6967] __vfs_setxattr+0x431/0x470 [ 104.060929][ T6967] __vfs_setxattr_noperm+0x12d/0x5e0 [ 104.066726][ T6967] vfs_setxattr+0x16c/0x2f0 [ 104.071741][ T6967] path_setxattr+0x362/0x550 [ 104.076836][ T6967] __x64_sys_setxattr+0xbb/0xd0 [ 104.082195][ T6967] do_syscall_64+0x55/0xb0 [ 104.087138][ T6967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 104.093535][ T6967] [ 104.093535][ T6967] -> #0 (&type->i_mutex_dir_key#13){++++}-{3:3}: [ 104.102028][ T6967] __lock_acquire+0x2ddb/0x7c80 [ 104.107383][ T6967] lock_acquire+0x197/0x410 [ 104.112387][ T6967] down_write+0x97/0x1f0 [ 104.117135][ T6967] vfs_rename+0x6d3/0xec0 [ 104.121964][ T6967] do_renameat2+0x8a1/0xc70 [ 104.126979][ T6967] __x64_sys_renameat2+0xd2/0xe0 [ 104.132270][ T786] usb 1-1: Using ep0 maxpacket: 8 [ 104.132411][ T6967] do_syscall_64+0x55/0xb0 [ 104.139110][ T786] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 104.142319][ T6967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 104.142341][ T6967] [ 104.142341][ T6967] other info that might help us debug this: [ 104.142341][ T6967] [ 104.142346][ T6967] Chain exists of: [ 104.142346][ T6967] &type->i_mutex_dir_key#13 [ 104.152542][ T786] usb 1-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 104.158778][ T6967] --> &type->i_mutex_dir_key#13/3 --> &type->i_mutex_dir_key#13 [ 104.169113][ T786] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.177213][ T6967] /2 [ 104.177213][ T6967] [ 104.177223][ T6967] Possible unsafe locking scenario: [ 104.177223][ T6967] [ 104.177228][ T6967] CPU0 CPU1 [ 104.177231][ T6967] ---- ---- [ 104.177235][ T6967] lock(&type->i_mutex_dir_key#13/2); [ 104.189335][ T786] usb 1-1: config 0 descriptor?? [ 104.193928][ T6967] lock(&type->i_mutex_dir_key#13/3); [ 104.193952][ T6967] lock(&type->i_mutex_dir_key#13 [ 104.204383][ T786] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 104.206555][ T6967] /2); [ 104.206566][ T6967] lock(&type->i_mutex_dir_key#13); [ 104.264645][ T6967] [ 104.264645][ T6967] *** DEADLOCK *** [ 104.264645][ T6967] [ 104.272784][ T6967] 5 locks held by syz.3.417/6967: [ 104.277792][ T6967] #0: ffff88807a9e4418 (sb_writers#25){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 104.287037][ T6967] #1: ffff88807a9e4700 (&type->s_vfs_rename_key#3){+.+.}-{3:3}, at: do_renameat2+0x35f/0xc70 [ 104.297326][ T6967] #2: ffff8880549b6cf0 (&type->i_mutex_dir_key#13/1){+.+.}-{3:3}, at: do_renameat2+0x3f1/0xc70 [ 104.307778][ T6967] #3: ffff888054a216d0 (&type->i_mutex_dir_key#13/5){+.+.}-{3:3}, at: do_renameat2+0x427/0xc70 [ 104.318203][ T6967] #4: ffff888054a21d70 (&type->i_mutex_dir_key#13/2){+.+.}-{3:3}, at: vfs_rename+0x652/0xec0 [ 104.328491][ T6967] [ 104.328491][ T6967] stack backtrace: [ 104.334389][ T6967] CPU: 1 PID: 6967 Comm: syz.3.417 Not tainted syzkaller #0 [ 104.341660][ T6967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 104.351703][ T6967] Call Trace: [ 104.354966][ T6967] [ 104.357908][ T6967] dump_stack_lvl+0x16c/0x230 [ 104.362593][ T6967] ? load_image+0x3b0/0x3b0 [ 104.367095][ T6967] ? show_regs_print_info+0x20/0x20 [ 104.372304][ T6967] ? print_circular_bug+0x12b/0x1a0 [ 104.377511][ T6967] check_noncircular+0x2bd/0x3c0 [ 104.382458][ T6967] ? look_up_lock_class+0x75/0x140 [ 104.387554][ T6967] ? print_deadlock_bug+0x5d0/0x5d0 [ 104.392744][ T6967] ? lockdep_lock+0xe0/0x220 [ 104.397328][ T6967] ? lockdep_unlock+0x137/0x2d0 [ 104.402174][ T6967] ? _find_first_zero_bit+0xd3/0x100 [ 104.407484][ T6967] __lock_acquire+0x2ddb/0x7c80 [ 104.412354][ T6967] ? verify_lock_unused+0x140/0x140 [ 104.417546][ T6967] ? aa_get_newest_label+0xf8/0x5c0 [ 104.422756][ T6967] lock_acquire+0x197/0x410 [ 104.427257][ T6967] ? vfs_rename+0x6d3/0xec0 [ 104.431751][ T6967] ? __might_sleep+0xe0/0xe0 [ 104.436337][ T6967] ? read_lock_is_recursive+0x20/0x20 [ 104.441699][ T6967] ? vfs_rename+0x5f3/0xec0 [ 104.446202][ T6967] down_write+0x97/0x1f0 [ 104.450463][ T6967] ? vfs_rename+0x6d3/0xec0 [ 104.454964][ T6967] ? down_read_killable+0x340/0x340 [ 104.460155][ T6967] ? do_raw_spin_unlock+0x121/0x230 [ 104.465366][ T6967] vfs_rename+0x6d3/0xec0 [ 104.469705][ T6967] ? __ia32_sys_link+0x90/0x90 [ 104.474467][ T6967] ? bpf_lsm_path_rename+0x9/0x10 [ 104.479484][ T6967] ? security_path_rename+0x17c/0x200 [ 104.484860][ T6967] do_renameat2+0x8a1/0xc70 [ 104.489363][ T6967] ? fsnotify_move+0x4e0/0x4e0 [ 104.494120][ T6967] ? __check_object_size+0x506/0xa30 [ 104.499404][ T6967] ? getname_flags+0x20a/0x500 [ 104.504165][ T6967] __x64_sys_renameat2+0xd2/0xe0 [ 104.509085][ T6967] do_syscall_64+0x55/0xb0 [ 104.513500][ T6967] ? clear_bhb_loop+0x40/0x90 [ 104.518169][ T6967] ? clear_bhb_loop+0x40/0x90 [ 104.522836][ T6967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 104.528725][ T6967] RIP: 0033:0x7f054118f6c9 [ 104.533146][ T6967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.552744][ T6967] RSP: 002b:00007f0542037038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 104.561166][ T6967] RAX: ffffffffffffffda RBX: 00007f05413e5fa0 RCX: 00007f054118f6c9 [ 104.569139][ T6967] RDX: ffffffffffffff9c RSI: 0000200000001100 RDI: ffffffffffffff9c [ 104.577104][ T6967] RBP: 00007f0541211f91 R08: 0000000000000000 R09: 0000000000000000 [ 104.585061][ T6967] R10: 0000200000000600 R11: 0000000000000246 R12: 0000000000000000 [ 104.593024][ T6967] R13: 00007f05413e6038 R14: 00007f05413e5fa0 R15: 00007fff06d9fc08 [ 104.601008][ T6967] [ 104.608925][ T5771] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 104.713446][ T5863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.723248][ T5863] usb 2-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 0.00 [ 104.732341][ T5863] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.741596][ T5863] usb 2-1: config 0 descriptor?? [ 104.803915][ T5771] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 104.814938][ T5771] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 104.825753][ T5771] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 104.835507][ T5771] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 104.849181][ T5771] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 104.858284][ T5771] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.866290][ T5771] usb 3-1: Product: syz [ 104.870453][ T5771] usb 3-1: Manufacturer: syz [ 104.875066][ T5771] usb 3-1: SerialNumber: syz [ 104.881771][ T6961] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 105.092930][ T6961] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 105.158399][ T5863] wacom 0003:056A:00D0.0008: unknown main item tag 0x0 [ 105.166239][ T5863] wacom 0003:056A:00D0.0008: Unknown device_type for 'HID 056a:00d0'. Assuming pen. [ 105.177201][ T5863] wacom 0003:056A:00D0.0008: hidraw0: USB HID v0.00 Device [HID 056a:00d0] on usb-dummy_hcd.1-1/input0 [ 105.189830][ T5863] input: Wacom Bamboo 2FG Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:00D0.0008/input/input12 [ 105.214448][ T786] gspca_vc032x: reg_r err -71 [ 105.219198][ T786] vc032x: probe of 1-1:0.0 failed with error -71 [ 105.228266][ T786] usb 1-1: USB disconnect, device number 7 [ 105.389662][ T8] usb 2-1: USB disconnect, device number 7 [ 105.701863][ T6961] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 105.909955][ T5771] cdc_ncm 3-1:1.0: bind() failure [ 105.916839][ T5771] cdc_ncm: probe of 3-1:1.1 failed with error -71 [ 105.923706][ T5771] cdc_mbim: probe of 3-1:1.1 failed with error -71 [ 105.931302][ T5771] usbtest: probe of 3-1:1.1 failed with error -71 [ 105.939737][ T5771] usb 3-1: USB disconnect, device number 7