last executing test programs: 47.254815364s ago: executing program 0 (id=185): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @empty}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1}, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x1}, 0x8) 46.866478735s ago: executing program 0 (id=186): sendmsg$sock(0xffffffffffffffff, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f0000000b00)="36a8861bb09c86a36488c17f8be3648e410070aadd7d070e34058ce4c797295437e2acd38ce81482edbf7e742eb16e7611541e57bb59bb48731c8268c340ab9778c3dd415e5690cb9594fe3a3a849ad6a02e1aac1176918064bd592fc102fa00fb1bbfbe13b6a6379023e22d34134f1676f058c3929cfb2b14184a95e7fb401d58e048046064be3d09e143ee3f55c94bc7f8807a44dde18fa954e06d360e957368a2ad4b4a9f46f7e5cc6ac431160334ca8ce9d9517f3f6edca7cf36b0dfee597c83226aa5b7f1a1d2052354f292e95345d54bde303553df4eca22c8048b2e159dda9de239f03c22007c896823967ce4a2eedacfa1b36d6f88eb35e4532f494207096fd66c3bea6d6316a7d01cb2c10f5b4dd535170b5c3b6499f1884d69d22cb1d9091d58818911c25888ffa5f48c6e482fbc9e3e2d791d495d8fbd274630b7c00c54bb979eae5696741408b1fe9f31ea48c7b30abee74269689b88f7b46140006051f309ccd81c211582fce6ae803642574c0774ae46fcdf6b3f9592fd9bff963be46dc80cd7c4a3912472a5ac2d5c9a77c2161fdb8c2a2ee07ef4c558c0d6baad11cf9f034e2501277f6f9c1f00f9d58c3223413473fe07b4e712b7323a0cafe50f07cce432ee577d980b06334bd37c072669be3afe345a67157bc86242790521397e754456c37cb00e63fcbf4e317d885abf6daa67cf61899677de68b39eea44d65833f7d84d73d167f1189ede608a15567480ced53b4c9b98f2dd956df12ff3c2812ddee659b005bfea9e6da1eada25210f90e918fed73ca7b6dbd49dae4ed99b5f971bfa224bab68cc8dc7c37551309adf448a1a3f5767e481ad2322d6d97064785090624bcb2be7266b5b43a240700b2e7010da0c21adf94a930f02b818ef2bd9ef883034bc5de06e470074ac54b593a0c683554ae125f9e8b25144a62078b8216db0a721be2d1ab978602e6005d55922463083b2e35b574072961ffc15954a46d9e86b0321eae11c260748b0fd07a8a1a3c7104707a2137f074751a3b4c40b86cd7c7707159e5654d092ae0a72859c7e5b56d4ff185c1d44729233b6d42bd3a55fb3a24d9bcb4dc88ee29d7e2ad41d28d77265b4f5420718d007f75be4ac80fb2b7270a74070f08b84c6e8b2c67bd2f3b681be3423d3cdc376cc823fc478075affcd0b187b60a4cb4c58b83f9c28a93d12048b820d8090bcfcd70aca7fc106061a2ef87e55ff3701336e327e23afa57b83acccc6e5bdb435903e88f47c4a8e64b0fa229c64a9ad9f3e207e4be7d48d690769a67a924b1b07b578b735b9a9702a3e74daebbff52eaae652822eefe72cc3df54f3108a5ab6116edaa02fc156c862ee1e4da5c766573deff2cc6253629dbff420e44b6e6180731ac207dfece17471ae7b8cb3d82c14b92c34a3ec1a76db2b625aa6a6e794921cad906869b783553b81a97cd62797ccb964728b0943064e15dad2b2aa0182de05fac8ee4c633adcea0c0a61bc328e4d0e4c1bda73620a163e362aa6ca0f56ecb8eec640eed4fff947380c443ae43137c983c4fe00c71f377405679c6ca212d78334fff6a3847381dc34ea52fe547572a85ada3794e0d53587d5f0694519eef11597a15f6271e630d25a6a057dcba5a752a23128631a9d591f4ec9f8f9d90c5f8974dbcfcd2583332485018bf126fb17a9ce78ee08655388b5b559b43253a376dbce09285c9e53607c5342a0be3c7280226db17ce0a0cc853973c92b6e52c1b0eb4df2aae5517f3c8c472555a0a84ed0c8738e6f5b947f823af503c66dd9d114c70a70dbc364d39748db097b65d4024e0b7cdcf16d3e10a59b6c055c60317fd83e50836ea19e8d4c28fd46d6d494e29f050c4279ec540cdb80b11c51685e450d54559dbf8e386e91e4baad31bb6865abbd4b9cd0b273707d549e0c0c5c970276a95cb67bd22b9bc59628a7b43738efda6665d17d2178a29b584f9a9f48405c8d42b051351b4160d161f94597aab60a7a75db7f5326dd43d9e653189e295099681e1f2571eddb21f858ec5ae1735a7dd7ace12d1b6bf6cec0462911849972b6b71380d9436dc96b5aa3e3aed70a318aa5aa4a00874c0c43cee3292009857bf0a71060f5a6f92b2e313533966690180061ee0ccc3d92b9dee943f5eea0e7ecc45685402bc3280404aac1afd0ef8562077cfb198d9ecbab9196779dce1a06bf8a14bce51d0bb3c4067394bab9aa23c689bcc7311de5c2033b4c4149e29145361556b9c7132165cec87d8afb3dd0299473fe3a89f989d9051399f33e60541950fa82584eb3058835c9acfffe1ae234f463bbda1be7bfbed97ab09f69db51b6ba17f5d42f541ee15b548ca863b157d1d68e6ad95e8bc59726579e078ba00fa700a2c2683c1b6e2825d68b11f39852835b8762ebe21e25380c1396fdc089c7848632000babd8d19fdf77abf5307c0fd90fe45f11eeb86d2343fff32f934df3f1f8239f3c4baa62f9323d16284d2e9dd52a234349428859c097844e7ffe2c8f3f9c7889d5c9db996215ed036f4581dfc6e3046d25fe2e34287c8db95f1a63024229d9e34a0442ea3c1e0b0eeab93d8d567840ac816e62feab804a40e75de528fde4767509b9db02374140c894679e833a9406ddca47366fb5e55003728dc1aba9fba93a09aa65bceead9d5c75fcb9c6291b9e05ff3540214399db6518045a7a14b3cda20b5e8a895d4b26a2aee63fafe698591c0117a84073ed37d53ec5b419b617e4e3c0761d1afd06b83b58b5bc5b780cac600d040dcee298a32b291d00f4ea85d131bea25ef051d4d1aabfa475c1ff74609866dd29f94a417bd0fb90d0c450359d270f6324d4af831461ed742bf8a9fb72997bbc9fd0403c0b236a41ec57ee6e9341636fb37635e28fdd3bd9e0a0e9bd74246a02e5478f31d6332d80ca1b517c9a18edfe419bfe94d6319d0ef26d34cdce832e4b8c8ff680edef370ac2c3084720510d77155b29dab17f747dc47641fd456582d6f76ebc162a84be8207866ffeea8b1df50a5f74ba8f11b3427d470eb177a554964830687f4315f94417c085b3305beb1c40f3e64a0d6f1fd2af7e419d6f94d329444c8d999867eb907784e5fbef13e415390e0e3b6ac1d17b96deae29151e6dba00f71f11a0ac79b90ad6ab728f05aec1099504ab44a22a440034e94d41ac4ca6611ccacb8571149af62b7b166935c7bbfc0a559ece2333ace7a19bdea076869a29bcfb06211bec8d84d2f94cbedad5972ac7f616c71d17029470b276d17f248195ec8248798c9dc4a064261bbe7fd043d4842607ddcc64a98fa32a36dbac06a66c64dffe8706c4ea01e366586d0acfd8ae85c13397163d65a798ee2b8b6a9396d1d6f2ad28317ea00d0312ba861b2f5d6f5984a91999c93f62cd69736b0f894c2a33db0174ef2c1645bf70e794c2aa9781854f748d2dce36d26d38c560b1c94d1aec73308af4cd05faac63b813794eaf2b7b8dcd612dcf8a13b218ebd9b95a1a84eff35f3fdd4f93273fd958631ec8d277eea4bd6e15a9337f33f24a788e3aeee34d2fdf105da785bf14e7b6f04d0bd630bf68f06e3357544adcc4d5336a4d70fb6ff88d740ce9e8c69db87fc160eda4b427c2b3427ad1a9e9fcdfa5acccdfe3650c5f9942f03b17f77ef684a790218272e6c054f339311285a0d986b4245cfa3c1ec6a1d7d85c346edfd9c75eea102b7a1be8f35f757af0e2abdfd9f1e8c66ea9eec1cd57015729bd9606826deed9470c06b8818a630b5e40f7c087dff11e14a5ff8b5bdd4619945bb449048b590dcbe828c7b23312fd1e847a8c3e6bc30d362677063c63c53891fadab559166e29dfa943c724b0fe72917b3ca9a91d954f451de791b75120b0d61182b00377f7ae6579f8aa8270f220ccda35f151fdb7b51103df6ee8d2675ac0f404e722a563aa7be1ca973c4e302f560300b2574bc3764f22bd5900585ac3cfd82fd8b3e81780877e0aab634f45887fc675c7ce9d2f1aed9bd4386260bc33db80956f6eaa5a8ee97969b8a43b6d343b4be1cc3731f337839f3cb245c607d3273e01b742bc7bdf590592bd94c50b8443d609bd793ee48439e77521090f4c02ffc3dbf79eb4c780f1359f0589ea6e04ec996f0cd70191706e348f4f320e2728acc366137e06af35f298cc06682741f0a83885eb25b192ff7a30c7264fb8f8fdff02ead2fa493a9bbcbbe7ab9d52a02ae029e80640c3aa04fab59bf0ef552e9e80948ef630c44cf3bf9fa191ab501b5f13a47bf61c120143d99855fa1f729c09658c4a1c8513a74e36975253fc15a19e2d2d2dca48d46fb1c46854fa22301c352a0267b8c5d19972a2cab08bbb2e27e5d782f11bb26c433204767169ea409ed8afbf9fcd2aed660191dc4091a77809efb20e72dfe7fde4497236a849c901e2f2f3503397bc853cca6743072d21791e5b1e0402d6eaad09ecdbc8fd1f31a0aff34ae18f887fda2c883960aa296483e1f5ecfca281a46a93aae5fd9539487a2686fc6a8ff3b3672314e255f5e3426b3f3aad4c9cedc7a363a971115f6ede4084765e87114d490fc1bd7a9518bb86c433e8dfaae1c3c4e310a845aa7db5029fa9cae876306a732e9cf210016e1d7a53618ddf775515d522e26098be2afd6ff16aafbbc7ee7f817520cc2c025f072e316fbb8de01989874821de75ae9d8eb7c14e339907e386e1b6fd4e5a072f79aa20a3adb1", 0xd05}], 0x1}, 0xc000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x70, 0x70, 0x2, [@ptr={0x4, 0x0, 0x0, 0x2, 0x5}, @enum64={0x3, 0x5, 0x0, 0x13, 0x1, 0x1, [{0xa, 0xffff, 0x6}, {0x2, 0xfff, 0x5}, {0x4, 0x40, 0x3}, {0xa, 0x3, 0x81}, {0x10, 0x473, 0x1}]}, @var={0x6, 0x0, 0x0, 0xe, 0x4}, @func_proto]}}, 0x0, 0x8a, 0x0, 0x1, 0x6, 0x10000}, 0x28) r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000001780)={&(0x7f00000003c0)=@caif=@rfm={0x25, 0x15, "fb95785b587f23ba61bfb990191a2af1"}, 0x80, &(0x7f00000015c0)=[{&(0x7f0000001800)="a5", 0x48}], 0x1}, 0x0) 46.631885021s ago: executing program 0 (id=187): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x13, r1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x1d8, 0x1c0, 0x43, 0xa0, 0x1c0, 0x98, 0xa88, 0x178, 0x178, 0xa88, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x70, 0x90, 0x0, {0x0, 0x7a010000}}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f1c098b60204ed02d82cf440fef5497b80c29d381d41116000"}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x238) 46.434202267s ago: executing program 0 (id=189): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file0\x00', 0x210000, &(0x7f0000002f40)={[{@bh}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x10}}, {@bh}, {@init_itable}]}, 0xfc, 0x57c, &(0x7f0000000bc0)="$eJzs3d9rW2UfAPDvSdPu5/uugzHe1wsZ7MLJXLq2/pggOG8E0eFA72doszKaLqNJx1oHbhfuxhsZgogD8Q/w3isZ/gP+FQMdDBlFL0SInPSky9qkabvMZMvnA2d7npyTPufb53yfPk9OQgIYWsfSf3IR/4+IL5OIQy378pHtPLZ23OrD6zPplkS9/tHvSSTZY83jk+z/A1nlfxHx8+cRJ3Ob260ur8wXy+XSYlafqC1cmagur5y6tFCcK82VLk9NT595bXrqzTde71msL5//85sP77535ovjq1//cP/w7STOxsFsX2scT+BGa+VY8e+sNBpnNxw42YPGBknS7xNgV0ayPB+NdAw4FCNZ1gPPv88iog4MqUT+w5BqzgOaa/serYOfGQ/eWVsANWIfa40/v/baSOxtrI32ryaPrYzS9e54D9pP2/jxtzu30y22fh1iX5c6wI7cuBkRp/P5zeN/ko1/u3e68eLx1ja2MWx/f6Cf7qbzn1fazf9y6/OfaDP/OdAmd3eje/7n7vegmY7S+d9bbee/60PX+EhW+09jzjeaXLxULp2OiP9GxImod731cWb1Xr3Tvtb5X7ql7Tfngtl53M/vefw5s8VaMSLGdhnyYx7cjHgh3y7+ZL3/kzb9n/4+zm+zjaOlOy922tc9/qer/n3ES237/1G3Jlvfn5xoXA8Tzatisz9uHf2lU/v9jj/t//1bxz+etN6vre68je/2/lXqtG871/+7P61XmplQHEs+bhSaSXCtWKstTkaMJR9sfnzq0U9r1pvHp/GfOL71+Nfu+k8XX59sM/5bR251PHQQ+n92R/2/88K99z/9tlP72xv/Xm2UTmSPZONfe9kVst0TfNLfHwAAAAAAAAySXEQcjCRXWC/ncoXC2vs7jsT+XLlSrZ28WFm6PBuNz8qOx2iueaf7UMv7ISaz98M261Mb6tMRcTgivhrZ16gXZirl2X4HDwAAAAAAAAAAAAAAAAAAAAPiQIfP/6d+Hen32QFPXeOLDfb0+yyAfuj6lf+9+KYnYCB1zX/guSX/YXjJfxhe8h+Gl/yH4SX/YXjJfxhe8h8AAAAAAAAAAAAAAAAAAAAAAAAAAAB66vy5c+lWX314fSatz15dXpqvXD01W6rOFxaWZgozlcUrhblKZa5cKsxUFrr9vHKlcmVyKpauTdRK1dpEdXnlwkJl6XLtwqWF4lzpQmn0X4kKAAAAAAAAAAAAAAAAAAAAni3V5ZX5YrlcWlToWHg7BuI0nmaAa3b19PygRKHQoXAz696dPauPgxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbPBPAAAA//88pDFh") mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) lsetxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x200010, &(0x7f0000000780)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 45.681919208s ago: executing program 0 (id=195): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0) ftruncate(r0, 0xc17a) syz_io_uring_setup(0x6f24, &(0x7f0000000200)={0x0, 0x5bd1, 0x2, 0x0, 0x43}, &(0x7f0000000280), &(0x7f0000001540), &(0x7f0000001580)) 44.933896878s ago: executing program 0 (id=198): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r0 = syz_open_dev$sg(&(0x7f00000000c0), 0x6f5e, 0x101) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85) 44.533259209s ago: executing program 32 (id=198): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r0 = syz_open_dev$sg(&(0x7f00000000c0), 0x6f5e, 0x101) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85) 3.763321956s ago: executing program 4 (id=419): r0 = socket(0xa, 0x1, 0x84) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f00000002c0)={0x1, {{0x2, 0x4e26, @multicast1}}, {{0x2, 0x4e23, @broadcast}}}, 0x108) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @loopback, @private=0xa010101}, 0xc) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @loopback, @empty}, 0xc) 3.483920114s ago: executing program 4 (id=420): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="000000a2", @ANYRES16=0x0, @ANYBLOB="000325bd7000fddbdf25070000003c0004800900010073797a31000000002c0007800800040004000000080001001800000008000200090000000800040005000000080004000004"], 0x50}, 0x1, 0x0, 0x0, 0x4008080}, 0x8000) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x3, 0x0, {0x0, 0x0, 0x0, 0x0, 0x102}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x3}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x404880c}, 0x54) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000) 2.923255919s ago: executing program 4 (id=423): syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x8400, 0x0) pivot_root(&(0x7f0000000000)='./file1\x00', 0x0) fadvise64(r0, 0xe0ffff, 0x19, 0x3) 2.429830493s ago: executing program 3 (id=428): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) tee(r1, r0, 0x100, 0x0) vmsplice(r2, &(0x7f0000001700)=[{&(0x7f0000000a40)="8b", 0x1}], 0x1, 0x0) 2.245066538s ago: executing program 4 (id=438): socket$inet(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) prlimit64(0x0, 0x7, &(0x7f0000000040)={0x7, 0xfd}, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) 2.127546181s ago: executing program 4 (id=431): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect$hid(0x5, 0x36, &(0x7f00000008c0)=ANY=[@ANYBLOB="12010000000000108117980800000000000109024100010000000009040000020308000009210000010122290a0905810318"], 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0xfefffffa, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.102966362s ago: executing program 3 (id=432): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='veno', 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x28004044, &(0x7f0000000140)={0xa, 0x4001, 0xfffc, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2b}}, 0xfffffffd}, 0x1c) 2.042674484s ago: executing program 1 (id=433): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = io_uring_setup(0x7d1, &(0x7f0000000580)={0x0, 0xddf9, 0x2, 0xfffffffe, 0x183}) close_range(r1, r1, 0x0) sendmmsg$inet6(r0, &(0x7f0000001380)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x101, @private0, 0x7fffffff}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000140)='r', 0x1}], 0x1}}, {{&(0x7f0000000400)={0xa, 0x4e20, 0x8, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c, &(0x7f0000000f80)=[{&(0x7f0000000440)='\x00', 0x1}], 0x1}}], 0x2, 0x0) 1.909951107s ago: executing program 3 (id=434): r0 = socket$inet6(0xa, 0x2, 0x3a) r1 = dup(r0) bind$unix(r1, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) syz_emit_ethernet(0x7e, &(0x7f0000000040)={@link_local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0) 1.890159908s ago: executing program 2 (id=435): r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16, @ANYBLOB="010000000000fcdbdf251200000018000180"], 0x3c}, 0x1, 0x0, 0x0, 0x4044890}, 0x200480b8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000019000100000000000000000002"], 0x2c}, 0x1, 0x0, 0x0, 0x4000016}, 0x0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 1.755747011s ago: executing program 3 (id=436): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000100), 0x1, 0x258, &(0x7f0000000340)="$eJzs3UFoHFUYB/BvZneNSRaJehEEFUREAyHeBC/xohCQEEQEFSIiXpREiAneEk9ePNhzW3LqJZTemvZYcgm9pBR6Stsc0kuhDT009NAetsxOEtJ2k6bd7E7b+f1gkpndefO9Yfb/ZnZhmABKayAiRiKiEhGDEVGLiGTvCh/k08D24kLvykREo/HtnaS5Xr6c22nXHxHzEfF5RCynSfxejZhd+nHj3trXH/83U/vo1NIPvV3dyW2bG+vfbJ0c+/fs6Gezl67cGktiJOqP7NfRS1q8Vk0i3upEsRdEUi26BxzG+N9nrma5fzsiPmzmvxZp5Afv/+nXlmvx6Yn92h67ffndbvYVOHqNRi07B843gNJJI6IeSToUEfl8mg4N5dfw1yp96R9T038N/jY1M/lr0SMVcFTqEetfne851/9Y/m9W8vwDr64s/9+NL17P5rcqRfcG6KYs/4M/z30S8g+lI/9QXs+T/53fDDvcNaDDWubfdQCUwkHn/3T/Zqud7hfQeb7/Q3nJP5SX/EN5yT+Ul/xDee3NPwBQLo2eZ7xheLch8LIrdvQBAAAAAAAAAAAAAAAAAABaWehdmdiZulXz4vGIzS8jotqqfmX7OQSvN//23U2y1XYlebO2/PR+mxto0+mC775+40ax9VffK7b+3GTE/D8RMVytPvn5Sw56DsahvPmU92u/tFmgTV98X2z9B4vF1h9di7iQjT/DrcafNN5p/m89/tSz49dm/T/vt7kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuuZhAAAA//9wnW38") r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) lseek(r0, 0x0, 0x3) 1.755427171s ago: executing program 2 (id=437): r0 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc) setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f0000000080), 0x24) close(r0) 1.625481355s ago: executing program 1 (id=439): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4a380000}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fcffffff850000002d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000002b80)={r0}, 0xc) 1.594420476s ago: executing program 2 (id=440): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x4, {{@in=@remote, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x1000000000000000, 0x7, 0xffffffffffffff8b, 0x0, 0x0, 0x2, 0x0, 0xfffffffffffffffc}, {0x0, 0x2, 0x200000000000}, 0x0, 0x0, 0x1, 0x0, 0x2}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x2b}, 0xa, @in6=@local, 0x0, 0x1}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00ee0000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c000c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05af3a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e4e4e29d8b33fbdd02e86a6432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3ce8f530ffff19a6471bf5abc742d9cbcfb964b13831034694a6aad84cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df871a8e782339bc424d1bafe5725c8a404724f8a4f1cda7997b65954f74097579b91da309b887af2485c2d9ab09b506000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb78183e7e68de9dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbefd9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d85618ba2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009de2323f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e75fa39643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2df636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978addf2f2a29a387c6f0576b36038f819286eea99a6a434811cf2a117d775fe986a49fb82cf5f15972d55185ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e671d305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a540f64000000000000fbb4c256409e54daefbb107c381fa729ff5fe607d93430da178d685d7730f5e129438a5214f722096d2986334c25e454474f92e65828b018174a9f4738b8c71fbdead06ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a379ed4c6267965af78b861bd335312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68ffce8d141e8960ef790fb0078215d65f96eb55db8cbcb060000000d988374e45451a694ffe38a1d03912b31c98d42e1a1bda1290de1a499a5d6849914c1788a7aca37177cc34102f44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553ecece78d4c1541c70f5d81e0725d5b273755c0000000000000000aa4234e282182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a7d72fcdb0a11993d54d97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a9236558fea2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574ea68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa1ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8edc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a41b315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f24bb68f486e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e8d5bc5642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f0cf74f845d1cc9ec4eee79c290fb0ba939b13707004e2e9cc0d350538c1c8c6bb9a38c6ac5ca07df32601240ea3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4055f05558ab31f339f6a4caf2ee2fd01f34dca330000000000000000000000000000000000000000000000000000000000000000000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c5954d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd6f7fd7f8898c70b5c65f2e28f22e983892c383882809f557affbda5e1850d66a4a1ee73b2084681f880a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae9052be8eec1e95f6ad8d41dd34829504ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b06a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd31091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a474bd16b8f7e6aed12a305366599f5f029a7b24558c02750500002f1c19d16a6f391906000000cc03bbfb8c698ecc137d96711100e01031aa74fad86b99eebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc86784c9f940d9fb0464a72ce635e14b80dc5c1c64e8f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de1b3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f938ad16eeb8342278f1c1cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706e587f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2cc0e7c207b8942fafd70530a0fc4622ecf132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af999dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2be0d1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bff348229fa84034faf8421a22c4b4c17a3d24a4aeee0d0850371feefd77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2b59654d49a11c6736ac63e8eb383760fc2b5c976dacf3dda7191c757f28e44f6a5f95db7055f7ed983f5665210f20a494fabb0dbcd335700000000000000000000000000000086666201251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a5826fdbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193ad0438cdef7a98a1671a1918df310dc4bfd61c3db3c22673884dca370558936b85737e14819ab1c57b348a8ff16d36364a20fe846d11d045de81f069bac8425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb251ab9eefc8e400191f0f0f8c679b0000000000000000000000b41b0ae67d9351c49e1ff285d05a3cc39a5b0cd20afe0a00086650f8fad20c0e1e7131836c85b2cbacd41593928207312189fdd66abc45a139f0c9dbcc58237cec5bd56ffe0c6de23254a7951a298501ca04ab30b5723df6dd01d0b1a87c197b83b286374ba9a9dd1bd09ea1b71b24a1f527bf59d9633e3d15ed3757acc494f464482e49884c13780cc392bfe67b5d91e5b513daea48cac7645db35f07ba41aa187f65c5344717d7a0ee353a7e36b14fdce5898a613cef224d3addb3d2de74cef73f7520dc8cc8ffaa62cbd25e691ef4c45fdd25675b32c129a8464f08c4da9c08713b54416f3b56a04086dab1d196884e062287ad4758e883d2f99833d8aaf0c56718f6b0434740900faf4ab824662a719bf370fd0b2de04c1455ec14908ce5cbec79466f2f2cc337c53437d626254e00000000000000000000000000000000c34646f8ae68c095e7298300feab8a3dfe2c43fc971385b13b4f3b61ddbf5044ff572defcc67930f0e715774e1e970751534398faf79350255cfa9021378f10c2043e7ecd5649c9720530da7ea227b792f31cb5d688b5f1eba9ff5f85c97b35e00ecf76282912b483e31c76e303e527e98a9ca14f718d495ad45db16c4500011de506f0ca35f7ea96ed1831e3c1219f985b26cb8a70e7c8efcb287984871e0fed3f1985cf63f00289292b378188ad0dfae12c265b88961a9223b48cf7055d641595e0cb926d63c1f8a207f48bd482290b79867285c2155e655e017bca6cbba43f9b49042fb2fb390c436b3306e8a0800000090d159004da838a50235b91f5273c1fe083067ce1e2d8011c9e2b6d3ea69dfc3712e5ce440432fbd29ffd004000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r1, 0x20e, 0x5ee, 0xfd000004, &(0x7f00000004c0)="b9180bb7600a070c009e40f086dd1fff310005e03300fd010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d74733e0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) 1.371549602s ago: executing program 1 (id=441): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) tee(r1, r0, 0x100, 0x0) vmsplice(r2, &(0x7f0000001700)=[{&(0x7f0000000a40)="8b", 0x1}], 0x1, 0x0) 1.371463682s ago: executing program 3 (id=442): r0 = syz_io_uring_setup(0x2b68, &(0x7f0000001080)={0x0, 0x64b5, 0x10000, 0x3, 0x33c}, &(0x7f0000001000), &(0x7f0000001100), &(0x7f0000000000)) r1 = epoll_create(0x1) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)) io_uring_enter(r0, 0x4006e0b, 0x7b1, 0x2, 0x0, 0x0) 1.142917668s ago: executing program 1 (id=443): r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @loopback}, 0x10) 1.142818468s ago: executing program 2 (id=444): r0 = creat(&(0x7f00000005c0)='./file0\x00', 0x0) close(r0) r1 = socket$xdp(0x2c, 0x3, 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 1.08245784s ago: executing program 3 (id=445): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000404c05f20dafd60000000109022400010000000009040000010300010009210101000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000657"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000e40)={0x84, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 382.56142ms ago: executing program 4 (id=446): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f000000a100)="58785f58471eb4b5b3ff3946acaad41068511507291e72541d949ffc8a54ff637ccef1fe8511899ea7f3c82cbc6539763a34f6760c1608c911801ca672e62708ba4fc023749076ff6a0daba0caa57000acbd9ecf5e97201f7f14e715bc8c089c3d65e92fd65dedb76d61715067ccf6dfec2b56a48f2b274b564d90c3d868f2bdc07b7e636ad78904bca826fa69b7783e7be2b8e7c997b99225467747875695f6d500cb82b479fe9486bb94e06f796f89906bbfccc964830f86986760ade90c3f7a9dde3172a5124c1889075ad30b5ee2a5f257a6ac790a8e89b247ccbc8d241b7b95f8fc649deffc1bc37d51a8c3dfae38ac968eb48695de38df941f9632ef9ad6779e41ccea8a3ff1cac4fa4b47a152a8f9a1bb0094f41580bbf60fa11cfaf2c535a12c866e9414ee9b58226fbdb0d221e1bdc50e3fa300351364f6350030383856f1f809aee19f337f3d3435ae6754916be1eec24643cec1bd1007ffa38418735988cc901603895f66bd6450d54f99e1246ded898499d2a447f899c00368ce1dd4a4f4cf9cdf7d4f8b38d7b98a598ac490f1086ec712b0cb94610abfdb25b0f6947b46e1dd628897ab68445568578049fa6140250a5d821d70f102fadc2fa273a6e486f250712ec847de3b02a121e19775311e8629045f3404bdfa3207aecdac43c3571b86a9423bd716aa67cb688f9ee4f2b14ea42c89f2766c78fd4ec41ab34eebb4256e885bd7e3abe4348772993bb630aa3397084bbc66cdad664d6a9d33767cc375a44dbc0b08931053a6780a796fd31e1d7c512599f9e010883a52c07ec0938ce1acb3fe3baac6af9fb7e9d7942662e41bd3626d240d5ed34ebcbcc0ccf1c3280c76fbf6cdfb04bdb2d3b4ec6a8961b1eb036b211eff6247b95039cc67d222f2ff122340c56d74b4fffa79a202144bb10ad766f1fd6b3276342baf2fdbd26e9563dadd01fce19d7ec025d05d0494e53229379d13c1cae48ec058cff0bc1ccdc94a74b11a9bc87c580bb6a3f45fe15d15d89bf6102dc1085bfe27b2ab462aaf642b8ceed519cf88b31e9e00fdc23e8f6967a72b4c38b2458656dbf26dd75586731bb519a97d0ff43f4358cd40c7ed371ae8a24f46e320d4c4c0a1b8c42f10908a1c283d8032d76f52d4509d78c2f3a0716c37bc0c786ce9174a88d468e88a6d154e4712778aecded0ca5de28e52c04e33672ecea5135438e908aa1bf00e65ba6dacc4bd018b7bb1c30aa5d9acc679220cb5e7207f1759bd7722d10469225aae24973031a21358532a63aab42f33b1f8f40d545fec7799703ba067592b34247fbc7375acdcb3883ace7d34cf33484f2cf662f3f0e18b5c475ae311fb20f6e6b85320b2bc37e56512dc27815b37bfd9f172be1a119197eb53b535c440f97f24724e1d466309c0f8556965bd02d75c3dbe2baa0c6a515db07af1f77306577d0b38f0aa8cb188cf5523368951b8210f4bfc6afa0d058ad84656d27a46faef225e6268396ecb54a5182591bff3a86792db5454e238afe7c26eae85fd3c1c060760d89223bbdbe8966ae2558f47d799839cd959c974b69ad262cf8ab4fee554288e767ede9bc5d7f0cfba05966ef7858e41db363122680abe978345d45e4b52b73fe9f52ad26371a5b0539d88aa0c572aa01a41b079dde5a14e031ad903629d06c8d85ad82828c25a9ba7ce0fef2316eb011643e47feca7d280833f8b3008841fb2d88ea84df65b03aa5baaa29d6234ed5db8db461fc5df77aad38690277cd5dac1ed3c23c9f2778295578561f9a4d31159a826b4b62b2a867e6e8a9514edddaacad22106880e6633fb2f3b17c8d10bec633d6128489f7253b3e3e38e5942743ddd1547dfab27a152549f61891e3a5ad17f733b042f7ef915ad7423b9719fee9142407fe1d10ec8b64a21cd24fd39de4496ca3f394f07149bdbf1393181b5afee090ff40ee31d34a9c6a113e3823fac425fa85e212de1a9f7c4937ba64f3327961fccf85e6fa29be12de9589671d60d4658b1562ce7dedcde8ec79d265c13f5e197b66989c3f067d2801fcd78bb92b45e55fb4089a7cd3b179284af782ae0327ba56fc307a281772384448ee465dccefe41be8d75c8cd0eb5c0217d7ca706848f9b82500b77c2d838cbd536304556af87d3b6fb9183b5dc9cf2d0f7ecbb24d9f790151b9c6092dfb2c14decbe6448362cd7c13515f66a99c37b56134d12e8c7f1a5b75e14e47f84d8658f0b65ea91014e2e4fd361f03dbf8ca509d426ca1bba7e43ce918268393ff16b17d9e1bb49fb2b4f6eeb8b4b226c79303b19412a55b7ea7c8774ccebd8d66abe117a8be9a3c4faea730902136df57aff991b59dd71610ba4c8e1cded8287c21c56526f4fb6c502ea73ae310d56640990b3e695b278de6e1eebd51108cf7547c0e457e5fdf59691baf080dd3f5dc3c9a10bd4cc5e10ba42d4d3d9dc4f7ebe0bd2981a1d6fb06f7457dca1e56fac3f0fa7ca19ec2fb7940ee837e960d93a73bf085eaa2888fe3025aadd33cae85d63273be6ae3a92e35d78602d8e23b9460f04b7c0e0e710d10fdb0dd3fa9b880865603500d81dc7e968e8046569830b526e441f25f8b0af47d524aa80fd7dd9c3f72facec2032e2c06bc33c6b739c5368bf54e32b6acdca9d2d14276a8348ae92bfbd60f6aceecf98f3c6fe70747499b25667a96c52e21236421b27deafbc6b5e2b8a4ea2a0d3cd5ee1a10f3153b529b5c04a1961223a943842e17ee0cd114ce6983536400fc40f3d4708436954803fd60caf2b5ed7e4ce90bc75385e2424191c6a5038fa15d99aade49fa1affe63fb73078a6bb4ee560b0b521aeb33f507bdf876829f4d3f695197468e41503a10870a8e6df800608ac33dfdecc03f64d03fb6180287a684063c7edfc8db1366f6bb502fe446085f6acc4741b273a0b736f0f55da28967390bc7434db54ad0da9d1d002ceaa5c3e53efa95e7aaa792db32501a072e669da29fb734d771a6fa8c753fb2fcc204e31d668992473e7937fcf751bc79b125db1725f2a495bd2a4207e4db8d44810a4db5113705c5cb8733866ade3375d1bdbcb965cbd927e7d285f2933bf037911959088b64cfac0ff1e39244f2e9416653ed87ec564eb686af1062354a8bd7034c1022cb0d0b6996762ef4a0a3ab4f3deb459f023a867a38fcad2a10fcf0872862b386ff7c5ea7ce13abb112d1f0ed0723870eccc76d16f7e3cc00e28945bb93d9f2bd8e2017993102f0824867ec141f20df951202a2ab1cd796516ca0b4fdd9e6de8b82fcd30f9ab85cf0a5547e1ad1ef1ad5be7a878a16864d7c06b4ae002f3ba485a9bb36b8a591ecb64a4a5c0fd3b4beb015f58ea4cfe190f3b46cc4d9108d10c52a9de859814edac575d2a3d937a9b31db049e70aa76c085ab63d61c1317205c228f7027fa39125de8fec40ed7982e36a7cfa9fedca30f0b692bd4c7794f6b56d69ada1fed168cf03cc57321fe37e3a8cea4bd093e87b657fe5acb13d2591bebb526301d16707eaa38e52f913f8aa3e27b2387ca1a217ac69966e287ad5cb0286535d5d00b7006661dbc7923a066945c1a2040a4e95d7b0de4dc8217bf1d4e9b6cccc671fdd9a5770c21e749b407df8c463a3bf17e47bfcba6a890a0435d3fbb7252fe072b149b7bfeb185b088686dd70e0c9cda275497b553aff2b319f7d7b0ed64002c5f9f6ccfc3d55d8c908d314487452f37a650f4561326a84c660b6111702a87db03595b5d080c60288203f091de9f78b997e47233f4bab9b044a98ab118a6c45b7ca746cc2fb90182a923d67216412e24a955c0c2307acc47bdd319955249d8412a5ccf444437f53f524c69ba0167c920f0c1f775cd1a225636200a9e4adf61f418d20f717339d0c8c5386af0936f628cc589a8d5581c1c8cad0b564a3f38b606473280a3fa586a5ba932fd38eeb23096df29a92ab54c409f88ef4f03217f0bb90fea539e629d8a025c802f6b5c3d735fe950c8ff7136e6db287851dfbffea1ef81491a50cb75a103367e85afa3484d6af865dfbca91dc05632b0d94aa384ee0c585424a5ddf80babe0b913b0a2eedda34c7ea7814642a69f8eae868274b16fe0f52fb60b201e6685dad3f419413d5b8186992855a25ffe0d4773a14c7977181a120cbc42af4f9acca3fee1d54ccc125ea49b62ab60c58a0ecdf50ee7c16f3b6b12b254fc08fcc85d409eef7c3f30cf705617f926a17e6588a9fd7e34be9fd863a7b157a2d9a336356d568c2d2dbaf76c2d2b2ff8703748b860e36f02b04d6e4f2fd49511f12ce395dc18622cd51948a32cc432cd797d8a68838cebbbdd9bcb6f2e85719785706012e894cb043bb9a53998131fd4aae3321d81fc001e718c4a99c0580af1d4a0c81665cc5adcf337c8bc00fc0fb3c7be0d5e5ff6a6fae5891858eafedbed69223170ccc71ce36ae439d769c3520972601fbab93f54808d6950cb7cf1e5a3b32d8c6a975e3adccca0b2ee28a4eb5ca3b0ceb9d31a8f767c3f4486a62215171738007675a55abf5916513f7eb9b21ff291f2b4b48bbfcf394cf861fe016b3680be422a8bff49963ce096d1bc17186822b1392e68b1a05fa6c70bd2d9a164f12301a6e78caa8f4cd437497320d383e752dd224aeef80794d3f206741363e74fa181c9f1dc47557553de620794f096c59ccd74a178f5adb466ad5a62fffc1886f56ebceca4ed46ed2396bcbc31160b4eb1b7d69642e33315e3adbdbe1b9794931e7babf745ecfca37dd4190013793d530df12d6521bc069a05a94e0ffe91900a0c2209a6914d2f85bd161ff77284198129a9b1ba600bda3e52769d39c1bd61c4a70c627c3ad89aa0bdf0c93a2c35e166da9a08b4d2f92deacb6e9034274305b6d254c4052868ba32bec9aa3cec75debe24e78e43374efffe444722a983935f9007fe3de37dd83c52be16e034d09592a179275dd0c91281be579cd19c0162123886893713f25cdae19cf258926bf2070741111eee6b3df708c3fc416b7d046c948bf8500779c0cd5460e640bb1f860f58052b8087e6eb2f16e48f4984c9f9fc9fb2652ac5305861ece5362db08ae912ba055af766da1322057d0bfa647d98b8d4f1e7ed43ecdf1050c0eb19dae93b8014da57241cdab4ffacf0ec1348d4a89b3e8ff187098d83d8eba34e5c7ad4215f1977968a9d337d08fd1188754e7cf41baf0189ccaa5f3b1005f807b0255ce1920ca7d919e4684af70c3d089a99922727c607a2b06e713dd61122842a913036f6cd64dfb313fbdf639fcbd712852bb85337d056685b0a54225ae27e1e8c7ce5acd1f017b8f712c268b9cc0ee26d26c63f0a8b0a40fccec5f945431a2e81c35720d178feb481092e4f51978493c5fd502f252bc0152f145f268ead14932990069169483ecc7abc901657460c8730715c078b61059bd2621f50fb838376e0b808a3f118f761efea45bbac4274016960063cc67c428e72e516685552dc3bf473e442d76f2d3ed07b319694490054302a538b52e3b8496b7e37fbf4a2ffff2b484f98fdb14c66ecb8447834733f8a7a5a3c83de34b6647842dd56d8201f9d9240f3b3a5b5cbccf174a08853d06fd164fe74e04608ae12df8a35b73517d22a87c7ebca60942932d03102ff7e8644611b5520b5ebce950945498ce19210c866e48284d18fb7e049deaa43ee5283e3dfad7316ba85490e93182d13efe7ba64ee5ceeaabcff3eb24d46a3a129dd5a6b82e8c48210cb1e6564833f3e15dda4dec383b4319741cebf6374cf2c5d64722afccf7c4e2d81ae28d45f2c35b764281f1f08fec8f8e9277277ae1ae8a8981f85e041d2450afc9374e978f73b66da9aadb2087223f28e21e946eb07710ec86cdcad0948d4ca93827ea34e28806d172c3feb83471ed2d4d7ada2360b209d16b9d35861082d85b6be3c3589a6bdaf6f9b5d52ac8fd7388e32b24f1d5d34b5442c1ceebde311decd709f075d064f07bc60ab14c101ef51039eed56ae1e0a374e3e956603737b3a16db684a81e9b8998a0bb9b17a0876a92b2a3b9924f44b16ae4c7ff376ea8a8c91b504c1dbeb522cf846fc3ec6b9a01f452eeb35cade34c6a0463b92c46e013ee7906ee934141870ddd1464ae688805933504a2dc7cb1f947e28bf22f5eea6afb5de3b950056bf44065b84fd5589385d0feec4ef1db4fb4b595957130e575dc383e3686f4674143debb23e17b398f32683fb4805f297369d0e5f2e63af6891491e4e37186b4a3dffbbdcfff63d1fea4e12d24ef96fde3ed7a323a3605cdf5eaa43da738004556c2c20aa30c40079bc2e9ebe102c1fcf5259f1e3acc6b2a2bc9da4d0b1252433c58a1810581152a235e93deabf7f728eace350bcc4db4f249d4234bbd858c4e61a0eda4e3db0ae530c78eb63425502d651fd0cb986341ba69c44ede18eb3ebf25b2336cdda02447a9e20426d8206368c63b5fd6828612d3b99f627e331bab0009579de8270c36aa03861c300d34f2a3703870712325190073e6c17d8699f6744acb1b5468f93b57ab0366796181a4f543511d7ea2b32606c33cda61e81ed1c2194d305be47a3f1a9145d023620af12e79ec188573526ec35b9ce44e95fdb3530bd0431dd12a227d0ffe317cda1bbd787979261d6c9cf728b3d6bec3ba6ae15a595a30fc242bc5f25d837c1c642219afcfe043bb68a82965574b8b2139789235b262cf4af95a538e6954acf8e27ac3c95328df6e4bd615a376cd96bbc9e0d9802fbb40f80a848225e076219e26e0e63f57330b8bda69ec8dbd8b3272798cbfbb085b1885a1c22b3e2df2a879020ac1110b7af4f53ac97f556596ba0e164df0c85842026a87cf9631c9c9d851549efd8ca37e3b863e88436d5da5f4d3b5b5528e2d08d92b0d3ac6a06a0699653718e93a25b5afe254a068e300751eb6c67e3f5a1813d58d428f1ec108b88ec81444ccb50e8452941510c11f2e80bfd712f64b32b686c92ce922baf6c8eed1e9f0717a654d53b3ce1001880de80b5b15362b20286db9dfdf6c41f48aae84d5ab12ac45310f0eefc56e54113bcf95c1b2a259895af2ae9c679de4e2b898bf8a40a199a2059f8248c1303351dca3fb38906a682f66a94ee660debd6eaaee7b2f1051781084b3c9d626263d011a3daf971b708750a77614753b89b5e1a77a52510ced5708083fb48c554dfd6aacfcf97650f3a3b3f97566050e76da968d4eceb83bc1e005ed1596d6e0ec5e2c90231e62496d7435ec5b28f805e3b7aefdd3718e4ff53065b8e4b15175d80eec59218d8278e711c6049bf6d62ae7069578e957135463d7616b37c1e4bf44d60dac6c7aa04cbbc4a64bb0cc0b059abb6b26f8ed5203232ddd8a6c5882e6e6c53068a71bc84c5834104e85bc96db2163798a3881929248b8c788e5bdc9e46e5f7f3f6ad43fad6fa381a0b924bd938702470b330fb90ba73d557c0d203d55edaed6e3a01aeb53b061dad57713ab27e1a9e0d06b534a65d85beb061bb5258bbb38179ea612a6f402affb8ca018ebf0d6f61d44d5a657c080c7d2dbc9b08c07713b17b0f173ada59b57abb401212f4f1fa026491b48d08cf46a704ab43e46de8ea596d68658523b61a156278b3b77bd1f4491381bfd874ed72b00675fd5b4b7c0ec13c6837434ba8e22230d32e7bb1287e488e14f5c5602cd4ca88012b244c7f23f4897e27027aa862ca139bc8b5fe14be7554832ab02e4ba19699a1e66825d94c7c44451062819a38d3376f0a3716b210c7adf4bfbbc303058aa2e054b3bd53539764f177b11b05451705550f90196997de3d1d480e500cd9d234078cb1a09c63d8911381d327402702c2765fe92b8ba3a0189b2b11b7460996c36eaae3ecb4f4e63bfafd7953ff086dfc0b12e616bbdca4707631467b830d244bd3f4371744bc8a4baac728a397818875d1b6a4a2f0d10be607122a6fe813f52e4456b8a5eb6c9ee0cf889f777a03cc26a055f9f259cfc4f8552b568a4b371260af062619dfb215ecfe7b318f8d627d2777bd5103d6ca2948d19d5812112962b63c2bf3d090ff19185dbc5ad49a580451de717c0baa288cd96669babe88a8b1ab6d0936c4c407878786695f46f59ef06c5c2166b661542c598b6e0551d490946182841184a7a0e669c6ccd73a342f65c4525dc7522dccab15fa72bd07588b5bca71635b9466ca72a504c74cca1c573e8d40d83d1b5c5326481ff8a2055a2e0fb997fe8e4787deaa2a8a57afe74a971e7f1f280895f2fc9d99c41416adef7b70ec47e7a12d0ca3c0ab1dba3c2d65bb172fde1fcd7f97692d3d8c9657e3277ce95947d59bf37dde3f35f7a5d76575f5c14caf7f0926c0896995a5f42efd0d38c42de202bea5b5db39bf697f9a96b54aefec723db523893186634763e7399bfa8029c2708dc817984528601c77a1d78bd4b2c85f10f5ca9363badcdab51a1b315cafa5c2ef64f60395f53efb9d60d89e1b2a5f147508c90d2b09476eee3cb9b5957669a77cd2c522909480dea9be3406d1779ffe4539f2e03efb5f8c2d040f0ea776ff869a36862246294d0ced556a129ef78327617052dc1ef5cfb4e5986ba2f0e063b90e1657d8977b58827a3c4e3d556eb3cf0540685f7c9eda461aa2ecc539fec3d2d56be99a518f11752f2be2f670c5fbe8010ac4eae0ede31c1a48f747ff2eac9fc069d3700a40bf5fcda80a3a4f5fa920f117a72de6da51195d2d7f0cc92ff7835bce2ba6b564832f582df56b24cf30c8297a826a4bbfe0afeb1da3e986b3d0a95509e0037d212a70178ecb246061e067238ea9238e4c4a9a7c6fc5dcba290970f50c52598423336c523f2de7580d059fb53934cb0beb208585e897fafeba30853e54badefa197478fe6b9f26ed0d33babb53acee7b7221d8e0cad7a6bd0d9383ced6391bf88ca7aa50c75c136075e87b92445f02fbbc92f7cb65fe2bbe0bf0c9fc2577da63a56f1efbeb276c1f4d01da6f6f7a842212d96dd45edcd2aee7f2c553ace15eb9336bb1804ec252998c5c8b25033894b05c01ce7c77b73ec0e239478c67d5378fe5a53fe6269025d54006e9bb1cbd09b81a39615517c609f3d74e377888f641587121f0f097b48d8be85800295ebab9407978a9cd379966577cb6e1f5261e4305696a2cdd50d8cb1964d3ae18ec730d40f9c782533efba47db8378c6aa15ce85985e211fff2659729599802a7b585cbef3a2762595f67e2054a0fb4457b146e7a656abb2c4b2387d760f7e5b8b7864132317d5ba29a662f50af8dc182d2fbe216db8e997ac856bc59855ca48999699cd6c5576cc47bf8a8c30638c7e08847e5083aa82068940409461d1065c2b53292d3ab145d5bb590bcd278e48ebd34920b18a2e1731c1855ae5a3ed637ff568d205a08cf98c58f5d79c99912e6c1ab257ece0d68ef13d69a56364419aac7df43f43d5faa9ad851c9810648f9050012e55475109ca3ada3452b78a7964377e0d862e022c73ca3ed6cee8c5fbb2d7c12f91c4851fea7c5b02e0a3c5364b7fcca110f20f8858465c498d7e9c6049417fc5c7d4e0059852a6d794af426e938a401cf43b2ba9f4f3f6f0f2eb710ecf3c0c36c4b3072597f805eca9cb14602292ec7d5601e6b1555c8d024aa4bb81a4cff98cb03725cb184ea7dbed6814106a1402bf68a2e51660af930a500d5530651a0dbf2fdc01a31a99be25350b5c8a5fe01155343d028c03e09009ef2c386a24eba8d842cac581402c8faec7dca1623afe25a230d8d4a8bd23df3cf12abedc2a50e387285acf1b3105011a2bdefb204a53b20be213b50f5244511f25852271e05c03fb9a799ac7ea675ffbde8de181368748a9707674e7e70f28a75e4036b6cf9e0693f91a65be4478b6630067ad8dae030a4b7b9784a206b2f7cfeeefc65aae11fc20190f4d6387bab05fa6de640bfbfb0c4f604878771aeace0676d12325e61b19a5317c4d4bb9fe6f3fc8b171f1116528b7cbcc4a91c26a729b512196828075f4d0aeac98887e2a6a19b4e1f1f66233962961c0d49df14c3e6123c9ec8dd7152ad045000107365fd5ed7ce6a6d65ae0736a7e227f77c9b0903d4589ac58ceb691583cdb93ae3fc792c886663cb7c5b0640deb66e29b3c69d2f1a3d1d47d7b672ee3c49e90bd406aa84a0189808924c4e67c5495b045e779c58ca65b42889f52d7315c66be3716dc8592b4875629cd0cb02c29d42bdf9ca5c16bc9051c2a6c09d0695bfba58c19a995838c022e9936c407d8999aa65e4a9d6d8eff99f8dcfac9b561375b6d1293441b9d32533161062c053c63ef09f6100cd748700a710f5bfc2a6297b15242b1f41e21bd004b885d6429a0d334a8c115f7d53d278dad24c9d295b97c50eb340d1e6d523f1757e2014c1605c3bd35f0cfdb74f79850423a37e2f95dfe41c56df09724d21065377f1818311f0c70aaf6fb2d4fc8d9eef576136617371d85481770ce9c390859eacfebba34e75a238ce80bcccadd6c42e8e186be3c15451131fbe9e345c05ab8e23f917d269686a9b5f06dd474f95757b9e5a3328416595539cbdfa69efa9702e5a268b1a70c6e5ff2c118a6e574bfecf17b1576e4f2f7ee566b0b2b5388476a68562991ac01412fa463b0f9e586ad4bde59e91a4b303268b5d8644cb7996cfbba422facd59875ed6ac057e563412255c412be0928a0b6fdb6f35d7008b5d5528ca796a4a69bd90b993a52da9c7d62f4b71a2763f822bb39f3ed39cc5ad5a4d51b5c27d31d105000f3f1e705ed5c42067106f3fe6d30151021bcab7f3a1ad9175b3d3644325aa676b9e057bf9d9aa3348b1d9b31bd639c59bb63f46a6c18794ae006db3b1ee20368160a82e26aee5a9fdc6b44df8be294f3ac0a1275e57ebf5e384b141ce89dd51aaf2248274468894645ba54bc4e6b9788b1eb5043c1f0dffe2e13c6179d0238d8cd037b6fe3e484445ab458fa09e4e8010d3288aa6e6cdbfba4b62c7984d058da8993d5de1df75a1ce8e3bd5875709fd2ede4cd5843e7102ed4031ed096a0c6e3ae9d522ad95ef4af83599507dd32fe3325819cdd7718c9797e921e6e365175e1dd53991edcd2baf27df8b1670d01967e97b3e3e75d297f908deedf2e3b91bd61973e8aa75a5a6f9db11525dd35556bbd13873602a320af74677832f93bd01f1e0631c882c8ab254a26b73a60a6c90cf9b96bd576e05b9befbce882c5d29198451bd15acaa894a5276ea9d870f49a33ee9d2429ef35a905b281deb75be54fa0c9e47be5876d7dce01986f2d0e7ae6df9b87a0ba6cfa55cec0c65dd386db5adc427eac18a00c9aded475417add4ebb8880ef3dd218a9ec3e6e13456f8de1630774e918fe5288dbaec3dd2a74698ec9e28ad573761b9e78af3d5c7a61e3eefc1a54c25bb841529b3fc9137836a2e7eff5ffae8e44f0257160da51ec0b3d144b92f1f43d2782513705baf5930903602d40cb4de87feca7243d2248a78a5d684e303ae147acc96e0b755eea77092b5f6efa723afc6c9a44c575738725815a9af1ced500", 0x2000, &(0x7f0000000200)={&(0x7f0000000400)={0x50, 0x0, 0x100000001, {0x7, 0x28, 0x7a, 0xffffffffa4614429, 0x104, 0x9, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) newfstatat(0xffffffffffffff9c, &(0x7f0000000980)='./file0\x00', &(0x7f00000009c0), 0x4000) 193.531705ms ago: executing program 2 (id=447): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = epoll_create(0xea3) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380)={0x2000}) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e21, @loopback}, 0x10) 120.252817ms ago: executing program 1 (id=448): socketpair$unix(0x1, 0x2, 0x0, 0x0) setresuid(0xee01, 0xee01, 0x0) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f0000000200)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x48, 0xffffffffffffffff) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) 36.410539ms ago: executing program 2 (id=449): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x0) remap_file_pages(&(0x7f0000250000/0x4000)=nil, 0x4000, 0x0, 0x1ff, 0x800) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) 0s ago: executing program 1 (id=450): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x29) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000040)={0xd4c, 0x3d07, 0x7f, 0x9ab, 0xfd, "00000807000000f6150000000100", 0x240000, 0x1fd}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000200)=0x8) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.111' (ED25519) to the list of known hosts. syzkaller login: [ 82.967986][ T5754] cgroup: Unknown subsys name 'net' [ 83.079809][ T5754] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.765386][ T5754] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.497483][ T5781] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.506684][ T5781] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.512026][ T5777] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.522171][ T5781] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.532065][ T5777] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.532964][ T5778] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.547546][ T5777] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.553102][ T5778] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.562265][ T5781] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.570859][ T5781] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.580293][ T5777] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.581550][ T5781] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.592005][ T5779] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.595605][ T5781] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 86.605859][ T5779] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.616816][ T5781] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.620137][ T5777] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.631314][ T5781] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.632619][ T5779] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.645766][ T5777] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.646387][ T5781] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.656490][ T5777] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.668847][ T5777] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.676474][ T5777] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.158461][ T5766] chnl_net:caif_netlink_parms(): no params data found [ 87.176792][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 87.452671][ T5766] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.463117][ T5766] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.477250][ T5766] bridge_slave_0: entered allmulticast mode [ 87.489812][ T5766] bridge_slave_0: entered promiscuous mode [ 87.510254][ T5766] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.518502][ T5766] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.528533][ T5766] bridge_slave_1: entered allmulticast mode [ 87.536485][ T5766] bridge_slave_1: entered promiscuous mode [ 87.559554][ T5765] chnl_net:caif_netlink_parms(): no params data found [ 87.603056][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 87.668687][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.678475][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.688572][ T5767] bridge_slave_0: entered allmulticast mode [ 87.698746][ T5767] bridge_slave_0: entered promiscuous mode [ 87.719253][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.726971][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.736763][ T5767] bridge_slave_1: entered allmulticast mode [ 87.744305][ T5767] bridge_slave_1: entered promiscuous mode [ 87.753971][ T5766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.800317][ T5766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.880042][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.901201][ T5766] team0: Port device team_slave_0 added [ 87.922412][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.966243][ T5766] team0: Port device team_slave_1 added [ 87.998884][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.006589][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.014389][ T5768] bridge_slave_0: entered allmulticast mode [ 88.022154][ T5768] bridge_slave_0: entered promiscuous mode [ 88.029870][ T5765] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.037301][ T5765] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.044734][ T5765] bridge_slave_0: entered allmulticast mode [ 88.052269][ T5765] bridge_slave_0: entered promiscuous mode [ 88.072925][ T5767] team0: Port device team_slave_0 added [ 88.091343][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.098522][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.106254][ T5768] bridge_slave_1: entered allmulticast mode [ 88.113695][ T5768] bridge_slave_1: entered promiscuous mode [ 88.120371][ T5765] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.128208][ T5765] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.135589][ T5765] bridge_slave_1: entered allmulticast mode [ 88.143118][ T5765] bridge_slave_1: entered promiscuous mode [ 88.153338][ T5767] team0: Port device team_slave_1 added [ 88.166983][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.174122][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.200214][ T5766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.214102][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.221508][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.247851][ T5766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.358767][ T5765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.381351][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.394205][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.404503][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.413961][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.440355][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.454212][ T5765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.470077][ T5766] hsr_slave_0: entered promiscuous mode [ 88.476994][ T5766] hsr_slave_1: entered promiscuous mode [ 88.496887][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.504926][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.531682][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.600128][ T5765] team0: Port device team_slave_0 added [ 88.609974][ T5768] team0: Port device team_slave_0 added [ 88.619840][ T5768] team0: Port device team_slave_1 added [ 88.637359][ T5765] team0: Port device team_slave_1 added [ 88.714252][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.724426][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.733720][ T5781] Bluetooth: hci2: command tx timeout [ 88.756405][ T5781] Bluetooth: hci0: command tx timeout [ 88.760870][ T52] Bluetooth: hci1: command tx timeout [ 88.762421][ T5781] Bluetooth: hci3: command tx timeout [ 88.773188][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.787188][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.794544][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.820907][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.862961][ T5767] hsr_slave_0: entered promiscuous mode [ 88.869686][ T5767] hsr_slave_1: entered promiscuous mode [ 88.876075][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.884236][ T5767] Cannot create hsr debugfs directory [ 88.906085][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.913387][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.939576][ T5765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.953505][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.961530][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.987701][ T5765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.092491][ T5768] hsr_slave_0: entered promiscuous mode [ 89.099047][ T5768] hsr_slave_1: entered promiscuous mode [ 89.105419][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.113080][ T5768] Cannot create hsr debugfs directory [ 89.165697][ T5765] hsr_slave_0: entered promiscuous mode [ 89.172834][ T5765] hsr_slave_1: entered promiscuous mode [ 89.179453][ T5765] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.187394][ T5765] Cannot create hsr debugfs directory [ 89.535203][ T5766] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.556320][ T5766] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.567405][ T5766] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.607225][ T5766] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.662922][ T5767] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.674151][ T5767] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.687596][ T5767] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.725148][ T5767] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.799717][ T5768] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.812697][ T5768] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.825500][ T5768] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.837986][ T5768] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.946423][ T5765] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.965663][ T5765] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.977439][ T5765] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.996044][ T5765] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.104287][ T5766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.149812][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.208534][ T5766] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.222692][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.234954][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.248100][ T2980] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.255669][ T2980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.309859][ T2980] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.317080][ T2980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.335552][ T2980] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.342809][ T2980] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.378297][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.425157][ T4245] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.432392][ T4245] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.454949][ T2980] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.462274][ T2980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.504236][ T5765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.528260][ T2980] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.535535][ T2980] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.560355][ T5765] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.622668][ T4245] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.629906][ T4245] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.684462][ T4245] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.691702][ T4245] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.811166][ T5781] Bluetooth: hci3: command tx timeout [ 90.811186][ T5777] Bluetooth: hci1: command tx timeout [ 90.816692][ T5781] Bluetooth: hci0: command tx timeout [ 90.826662][ T52] Bluetooth: hci2: command tx timeout [ 90.876354][ T5765] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.127687][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.267617][ T5767] veth0_vlan: entered promiscuous mode [ 91.302595][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.316668][ T5766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.342109][ T5767] veth1_vlan: entered promiscuous mode [ 91.439753][ T5766] veth0_vlan: entered promiscuous mode [ 91.466116][ T5766] veth1_vlan: entered promiscuous mode [ 91.488867][ T5765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.501627][ T5767] veth0_macvtap: entered promiscuous mode [ 91.516768][ T5767] veth1_macvtap: entered promiscuous mode [ 91.555555][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.572539][ T5768] veth0_vlan: entered promiscuous mode [ 91.598328][ T5766] veth0_macvtap: entered promiscuous mode [ 91.613553][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.632007][ T5768] veth1_vlan: entered promiscuous mode [ 91.648545][ T5766] veth1_macvtap: entered promiscuous mode [ 91.667264][ T5767] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.677864][ T5767] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.687127][ T5767] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.696683][ T5767] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.745213][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.757859][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.777579][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.828168][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.838916][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.852883][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.879207][ T5765] veth0_vlan: entered promiscuous mode [ 91.889229][ T5768] veth0_macvtap: entered promiscuous mode [ 91.910863][ T5766] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.919647][ T5766] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.933130][ T5766] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.942611][ T5766] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.959935][ T5765] veth1_vlan: entered promiscuous mode [ 91.986204][ T5768] veth1_macvtap: entered promiscuous mode [ 92.027712][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.047539][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.107348][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.119407][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.129708][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.140352][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.155349][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.166528][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.177651][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.188055][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.198919][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.210425][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.230647][ T3466] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.242808][ T5768] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.252879][ T3466] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.262953][ T1187] cfg80211: failed to load regulatory.db [ 92.269543][ T5768] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.279157][ T5768] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.287995][ T5768] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.391608][ T5765] veth0_macvtap: entered promiscuous mode [ 92.410011][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.435746][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.472582][ T5765] veth1_macvtap: entered promiscuous mode [ 92.549860][ T4245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.567889][ T4245] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.627105][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.639911][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.661893][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.683543][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.695420][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.708380][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.728516][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.750905][ T3466] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.754191][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.758874][ T3466] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.790668][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.801036][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.814207][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.824445][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.835423][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.853086][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.880482][ T5765] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.893051][ T52] Bluetooth: hci3: command tx timeout [ 92.893154][ T5777] Bluetooth: hci0: command tx timeout [ 92.909602][ T5777] Bluetooth: hci1: command tx timeout [ 92.915415][ T52] Bluetooth: hci2: command tx timeout [ 92.941596][ T5765] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.950378][ T5765] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.961141][ T5765] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.046812][ T3466] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.057323][ T3466] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.188023][ T993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.205363][ T993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.276484][ T5843] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 93.339864][ T4245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.354756][ T4245] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.731389][ T5814] kernel write not supported for file /input/mouse0 (pid: 5814 comm: kworker/1:3) [ 94.197057][ T5866] netlink: 40 bytes leftover after parsing attributes in process `syz.2.13'. [ 94.413021][ T5872] netlink: 'syz.2.17': attribute type 12 has an invalid length. [ 94.444456][ T5872] netlink: 'syz.2.17': attribute type 29 has an invalid length. [ 94.473056][ T5872] netlink: 148 bytes leftover after parsing attributes in process `syz.2.17'. [ 94.490092][ T5875] mmap: syz.1.19 (5875) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 94.494172][ T5872] netlink: 'syz.2.17': attribute type 1 has an invalid length. [ 94.534669][ T5872] netlink: 'syz.2.17': attribute type 2 has an invalid length. [ 94.971468][ T5777] Bluetooth: hci2: command tx timeout [ 94.971680][ T52] Bluetooth: hci1: command tx timeout [ 94.976938][ T5777] Bluetooth: hci0: command tx timeout [ 94.983404][ T5781] Bluetooth: hci3: command tx timeout [ 95.218746][ T5890] netlink: 'syz.2.25': attribute type 4 has an invalid length. [ 95.321716][ T5816] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 95.332889][ T5894] xt_hashlimit: size too large, truncated to 1048576 [ 95.340819][ T5892] batadv_slave_1: entered promiscuous mode [ 95.372708][ T5891] batadv_slave_1: left promiscuous mode [ 95.397611][ T5897] –: renamed from vxcan1 (while UP) [ 95.543733][ T5816] usb 4-1: Using ep0 maxpacket: 16 [ 95.564768][ T5816] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 95.590000][ T5816] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 95.620441][ T5816] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 95.638122][ T5816] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 95.650098][ T5816] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 95.670062][ T5816] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 95.681635][ T1187] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 95.698721][ T5816] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 95.708429][ T5816] usb 4-1: Manufacturer: syz [ 95.731973][ T5816] usb 4-1: config 0 descriptor?? [ 95.895624][ T1187] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.912957][ T1187] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.926863][ T1187] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 95.941496][ T1187] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.969908][ T1187] usb 3-1: config 0 descriptor?? [ 96.121008][ T5816] rc_core: IR keymap rc-hauppauge not found [ 96.134200][ T5816] Registered IR keymap rc-empty [ 96.146644][ T5816] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 96.210852][ T5816] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 96.265846][ T5816] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 96.284539][ T5816] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input5 [ 96.312271][ T5816] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 96.351358][ T5816] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 96.402409][ T5816] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 96.433127][ T1187] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 96.446746][ T1187] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 96.454502][ T5816] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 96.462869][ T1187] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 96.470417][ T1187] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 96.479411][ T1187] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 96.501432][ T5816] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 96.513262][ T1187] playstation 0003:054C:0DF2.0001: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.2-1/input0 [ 96.545511][ T5816] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 96.593837][ T5816] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 96.621831][ T1187] playstation 0003:054C:0DF2.0001: Invalid byte count transferred, expected 20 got 0 [ 96.641870][ T1187] playstation 0003:054C:0DF2.0001: Failed to retrieve DualSense pairing info: -22 [ 96.660695][ T5816] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 96.678193][ T1187] playstation 0003:054C:0DF2.0001: Failed to get MAC address from DualSense [ 96.698304][ T1187] playstation 0003:054C:0DF2.0001: Failed to create dualsense. [ 96.709508][ T5816] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 96.734793][ T1187] playstation: probe of 0003:054C:0DF2.0001 failed with error -22 [ 96.764499][ T5816] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 96.823161][ T5816] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 96.863342][ T5816] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 96.892032][ T5816] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 96.936484][ T5858] usb 3-1: USB disconnect, device number 2 [ 96.942603][ T5816] usb 4-1: USB disconnect, device number 2 [ 97.905377][ T5922] syz.3.37[5922]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 97.921615][ T5810] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 97.944626][ T5922] loop3: detected capacity change from 0 to 256 [ 98.028604][ T5922] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x47dfe6af, utbl_chksum : 0xe619d30d) [ 98.120891][ T5810] usb 3-1: Using ep0 maxpacket: 16 [ 98.133811][ T5810] usb 3-1: config index 0 descriptor too short (expected 65, got 36) [ 98.149493][ T5810] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.161835][ T5810] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 98.176678][ T5810] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 98.186323][ T5810] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.203087][ T5810] usb 3-1: config 0 descriptor?? [ 98.220222][ T5810] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input6 [ 98.475258][ T5816] usb 3-1: USB disconnect, device number 3 [ 100.551729][ T5952] netlink: 'syz.0.51': attribute type 4 has an invalid length. [ 100.580815][ T5952] netlink: 20 bytes leftover after parsing attributes in process `syz.0.51'. [ 100.599371][ T5944] loop3: detected capacity change from 0 to 32768 [ 100.667560][ T5944] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 100.755815][ T5962] netlink: 'syz.0.52': attribute type 39 has an invalid length. [ 100.811762][ T5944] XFS (loop3): Ending clean mount [ 100.955568][ T5964] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 100.998928][ T5767] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 101.318529][ T5970] loop0: detected capacity change from 0 to 4096 [ 101.331598][ T5970] EXT4-fs: inline encryption not supported [ 101.566092][ T5970] EXT4-fs (loop0): Test dummy encryption mode enabled [ 101.595337][ T5970] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 101.608263][ T5970] System zones: 0-5 [ 101.652537][ T5970] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.720828][ T5814] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 101.759501][ T5983] input: syz0 as /devices/virtual/input/input7 [ 101.780647][ T28] audit: type=1800 audit(1777378442.390:2): pid=5970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.57" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 101.844804][ T28] audit: type=1804 audit(1777378442.430:3): pid=5970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.57" name="/newroot/18/file0/file1" dev="loop0" ino=15 res=1 errno=0 [ 101.915921][ T5814] usb 2-1: too many configurations: 70, using maximum allowed: 8 [ 101.923546][ T28] audit: type=1800 audit(1777378442.430:4): pid=5970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.57" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 101.950299][ T5814] usb 2-1: config index 0 descriptor too short (expected 65505, got 72) [ 101.973307][ T5765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.000122][ T5814] usb 2-1: config index 1 descriptor too short (expected 65505, got 72) [ 102.051403][ T5814] usb 2-1: config index 2 descriptor too short (expected 65505, got 72) [ 102.075165][ T5814] usb 2-1: config index 3 descriptor too short (expected 65505, got 72) [ 102.105776][ T5814] usb 2-1: config index 4 descriptor too short (expected 65505, got 72) [ 102.123181][ T5814] usb 2-1: config index 5 descriptor too short (expected 65505, got 72) [ 102.149718][ T5814] usb 2-1: config index 6 descriptor too short (expected 65505, got 72) [ 102.173657][ T5814] usb 2-1: config index 7 descriptor too short (expected 65505, got 72) [ 102.198533][ T5814] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 102.220872][ T5814] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.240663][ T5814] usb 2-1: Product: syz [ 102.244980][ T5814] usb 2-1: Manufacturer: syz [ 102.254668][ T5814] usb 2-1: SerialNumber: syz [ 102.278624][ T5814] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 102.357784][ T5858] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 102.540745][ T23] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 102.629619][ T5998] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 102.744439][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.776192][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.793069][ T23] usb 4-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 102.802930][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.818709][ T5988] loop2: detected capacity change from 0 to 32768 [ 102.830384][ T23] usb 4-1: config 0 descriptor?? [ 102.899807][ T5988] XFS (loop2): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 102.909060][ T1187] usb 2-1: USB disconnect, device number 2 [ 102.997555][ T5988] XFS (loop2): Ending clean mount [ 103.147995][ T6010] loop0: detected capacity change from 0 to 1024 [ 103.327061][ T5768] XFS (loop2): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 103.467871][ T5858] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 103.491394][ T5858] ath9k_htc: Failed to initialize the device [ 103.511374][ T1187] usb 2-1: ath9k_htc: USB layer deinitialized [ 103.520996][ T23] razer 0003:1532:010E.0002: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.3-1/input0 [ 103.748529][ T5816] usb 4-1: USB disconnect, device number 3 [ 103.933353][ T6019] loop2: detected capacity change from 0 to 64 [ 103.949214][ T6019] ======================================================= [ 103.949214][ T6019] WARNING: The mand mount option has been deprecated and [ 103.949214][ T6019] and is ignored by this kernel. Remove the mand [ 103.949214][ T6019] option from the mount to silence this warning. [ 103.949214][ T6019] ======================================================= [ 104.007768][ T6021] netlink: 'syz.1.74': attribute type 6 has an invalid length. [ 104.025736][ T6021] netlink: 'syz.1.74': attribute type 6 has an invalid length. [ 104.035740][ T6021] Zero length message leads to an empty skb [ 104.056887][ T6019] hfs: unable to locate alternate MDB [ 104.066220][ T6019] hfs: continuing without an alternate MDB [ 104.189150][ T6023] netlink: 4 bytes leftover after parsing attributes in process `syz.1.75'. [ 104.211724][ T6019] hfs: walked past end of dir [ 104.421813][ T6013] loop0: detected capacity change from 0 to 32768 [ 104.476188][ T6013] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.71 (6013) [ 104.489427][ T6025] loop1: detected capacity change from 0 to 4096 [ 104.602536][ T6013] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 104.656201][ T6013] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 104.680706][ T6013] BTRFS info (device loop0): setting nodatasum [ 104.700641][ T6013] BTRFS info (device loop0): force zlib compression, level 3 [ 104.714679][ T6013] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 104.740867][ T6013] BTRFS info (device loop0): use lzo compression, level 0 [ 104.748106][ T6013] BTRFS info (device loop0): turning on flush-on-commit [ 104.799038][ T6013] BTRFS info (device loop0): enabling auto defrag [ 104.813327][ T6013] BTRFS info (device loop0): max_inline at 4096 [ 104.837154][ T6034] netlink: 28 bytes leftover after parsing attributes in process `syz.3.80'. [ 104.846295][ T6013] BTRFS info (device loop0): using free space tree [ 105.107217][ T6013] BTRFS info (device loop0): enabling ssd optimizations [ 105.361646][ T6057] loop2: detected capacity change from 0 to 64 [ 105.486337][ T6057] Trying to free block not in datazone [ 105.534347][ T6060] Trying to free block not in datazone [ 105.608986][ T6060] minix_free_inode: bit 5 already cleared [ 105.865260][ T5765] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 106.498771][ T6081] loop0: detected capacity change from 0 to 256 [ 106.681783][ T6067] loop3: detected capacity change from 0 to 32768 [ 106.714000][ T6067] (syz.3.90,6067,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 106.767281][ T6067] (syz.3.90,6067,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 106.912473][ T6067] JBD2: Ignoring recovery information on journal [ 107.000988][ T23] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 107.040235][ T6067] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 107.200630][ T23] usb 2-1: Using ep0 maxpacket: 32 [ 107.228906][ T23] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 107.261139][ T23] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 107.297094][ T23] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 107.328725][ T23] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 107.352631][ T23] usb 2-1: config 0 interface 0 has no altsetting 0 [ 107.364018][ T23] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 107.383979][ T23] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 107.393781][ T23] usb 2-1: Product: syz [ 107.398021][ T23] usb 2-1: Manufacturer: syz [ 107.410606][ T6067] (syz.3.90,6067,1):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options [ 107.420667][ T23] usb 2-1: SerialNumber: syz [ 107.429674][ T23] usb 2-1: config 0 descriptor?? [ 107.447585][ T1187] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 107.468244][ T23] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 107.495317][ T6067] syz.3.90 (6067) used greatest stack depth: 18768 bytes left [ 107.508422][ T23] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 107.616944][ T5767] ocfs2: Unmounting device (7,3) on (node local) [ 107.651579][ T1187] usb 3-1: Using ep0 maxpacket: 32 [ 107.664623][ T1187] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 107.680603][ T1187] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.716906][ T1187] usb 3-1: config 0 descriptor?? [ 107.764418][ T6098] loop0: detected capacity change from 0 to 2048 [ 107.807199][ T6098] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 107.817906][ T787] usb 2-1: USB disconnect, device number 3 [ 107.834842][ T787] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 107.842174][ T6098] NILFS (loop0): mounting unchecked fs [ 107.899319][ T6098] NILFS (loop0): recovery complete [ 107.915769][ T5771] udevd[5771]: incorrect nilfs2 checksum on /dev/loop0 [ 107.924328][ T6099] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 107.955537][ T1187] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 107.995338][ T1187] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 108.031880][ T1187] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 108.061389][ T1187] usb 3-1: media controller created [ 108.115562][ T1187] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 108.164154][ T1187] az6027: usb out operation failed. (-71) [ 108.190481][ T1187] az6027: usb out operation failed. (-71) [ 108.206649][ T1187] stb0899_attach: Driver disabled by Kconfig [ 108.216771][ T1187] az6027: no front-end attached [ 108.216771][ T1187] [ 108.237449][ T1187] az6027: usb out operation failed. (-71) [ 108.250156][ T1187] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 108.278663][ T1187] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input8 [ 108.326705][ T1187] dvb-usb: schedule remote query interval to 400 msecs. [ 108.366951][ T1187] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 108.417052][ T1187] usb 3-1: USB disconnect, device number 4 [ 108.622386][ T1187] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 108.913289][ T6101] loop3: detected capacity change from 0 to 32768 [ 108.983284][ T6101] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 109.087085][ T6123] overlayfs: upper fs does not support file handles, falling back to index=off. [ 109.098700][ T6123] overlayfs: fs on '.' does not support file handles, falling back to xino=off. [ 109.231966][ T6101] XFS (loop3): Ending clean mount [ 109.247464][ T6129] loop2: detected capacity change from 0 to 128 [ 109.255949][ T6127] loop1: detected capacity change from 0 to 2048 [ 109.322910][ T6127] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 109.585807][ T5767] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 110.302387][ T6150] capability: warning: `syz.1.120' uses 32-bit capabilities (legacy support in use) [ 110.390735][ T23] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 110.572739][ T23] usb 4-1: config 0 has an invalid interface number: 231 but max is 0 [ 110.584196][ T23] usb 4-1: config 0 has no interface number 0 [ 110.590381][ T23] usb 4-1: config 0 interface 231 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 110.633680][ T23] usb 4-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 110.653829][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.672148][ T23] usb 4-1: Product: syz [ 110.680596][ T23] usb 4-1: Manufacturer: syz [ 110.690587][ T23] usb 4-1: SerialNumber: syz [ 110.711606][ T23] usb 4-1: config 0 descriptor?? [ 110.727157][ T6146] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 110.837648][ T23] plusb 4-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.3-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 4a:e3:77:a9:e9:c4 [ 111.174494][ T23] usb 4-1: USB disconnect, device number 4 [ 111.183116][ T23] plusb 4-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.3-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 111.245626][ T6152] loop0: detected capacity change from 0 to 40427 [ 111.283940][ T6152] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x7ffff [ 111.315557][ T6164] loop1: detected capacity change from 0 to 1024 [ 111.351946][ T6152] F2FS-fs (loop0): invalid crc value [ 111.413787][ T6152] F2FS-fs (loop0): Found nat_bits in checkpoint [ 111.671092][ T6152] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 112.103202][ T5765] syz-executor: attempt to access beyond end of device [ 112.103202][ T5765] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 112.135480][ T5765] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 112.282353][ T6188] netlink: 8 bytes leftover after parsing attributes in process `syz.1.131'. [ 112.328181][ T6188] erspan0: entered promiscuous mode [ 112.520401][ T6193] netlink: 4 bytes leftover after parsing attributes in process `syz.1.133'. [ 113.052933][ T6206] loop3: detected capacity change from 0 to 2048 [ 113.121422][ T6208] loop0: detected capacity change from 0 to 1764 [ 113.128665][ T6212] loop1: detected capacity change from 0 to 128 [ 113.144368][ T6212] EXT4-fs (loop1): Test dummy encryption mode enabled [ 113.155410][ T6206] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.204661][ T6212] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 113.236962][ T6212] ext4 filesystem being mounted at /35/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 113.357311][ T6218] tap0: tun_chr_ioctl cmd 1074025677 [ 113.400597][ T6218] tap0: linktype set to 768 [ 113.613748][ T6205] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 113.637954][ T5766] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 113.671358][ T6205] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 113.684756][ T6205] EXT4-fs (loop3): This should not happen!! Data will be lost [ 113.684756][ T6205] [ 113.695830][ T6205] EXT4-fs (loop3): Total free blocks count 0 [ 113.702880][ T6205] EXT4-fs (loop3): Free/Dirty block details [ 113.709087][ T6205] EXT4-fs (loop3): free_blocks=4096 [ 113.714968][ T6205] EXT4-fs (loop3): dirty_blocks=512 [ 113.720379][ T6205] EXT4-fs (loop3): Block reservation details [ 113.727038][ T6205] EXT4-fs (loop3): i_reserved_data_blocks=32 [ 113.826783][ T42] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 480 with error 28 [ 114.764432][ T6256] Bluetooth: MGMT ver 1.22 [ 115.136543][ T6249] loop2: detected capacity change from 0 to 32768 [ 115.282079][ T6250] loop3: detected capacity change from 0 to 32768 [ 115.358521][ T6250] JBD2: Ignoring recovery information on journal [ 115.405562][ T6250] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 115.556680][ T6254] loop1: detected capacity change from 0 to 40427 [ 115.573281][ T6254] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 115.594742][ T6254] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 115.646096][ T6254] F2FS-fs (loop1): invalid crc value [ 115.884252][ T5767] ocfs2: Unmounting device (7,3) on (node local) [ 116.034808][ T6254] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 116.104828][ T6254] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 117.409911][ T6280] loop0: detected capacity change from 0 to 131072 [ 117.442548][ T6280] F2FS-fs (loop0): Invalid log sectorsize (67108873) [ 117.449318][ T6280] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 117.452663][ T5766] syz-executor: attempt to access beyond end of device [ 117.452663][ T5766] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 117.485336][ T6280] F2FS-fs (loop0): invalid crc value [ 117.496662][ T5766] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 117.504786][ T5766] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 117.524113][ T6280] F2FS-fs (loop0): Found nat_bits in checkpoint [ 117.607237][ T6280] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 117.614555][ T6280] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 118.626638][ T28] audit: type=1326 audit(1777378459.230:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6302 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29e359cdd9 code=0x7ffc0000 [ 118.690597][ T28] audit: type=1326 audit(1777378459.230:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6302 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29e359cdd9 code=0x7ffc0000 [ 118.714043][ T6303] loop3: detected capacity change from 0 to 2048 [ 118.733359][ T28] audit: type=1326 audit(1777378459.260:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6302 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f29e359cdd9 code=0x7ffc0000 [ 118.766412][ T28] audit: type=1326 audit(1777378459.260:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6302 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f29e359cb42 code=0x7ffc0000 [ 118.784571][ T6303] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.801511][ T28] audit: type=1326 audit(1777378459.270:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6302 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f29e355d60e code=0x7ffc0000 [ 118.829763][ T28] audit: type=1326 audit(1777378459.300:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6302 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f29e359cc07 code=0x7ffc0000 [ 118.859595][ T28] audit: type=1326 audit(1777378459.300:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6302 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f29e355d60e code=0x7ffc0000 [ 118.886988][ T28] audit: type=1326 audit(1777378459.330:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6302 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f29e359ca6b code=0x7ffc0000 [ 118.915062][ T28] audit: type=1326 audit(1777378459.340:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6302 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f29e355d60e code=0x7ffc0000 [ 118.948716][ T6308] capability: warning: `syz.1.172' uses deprecated v2 capabilities in a way that may be insecure [ 118.970442][ T28] audit: type=1326 audit(1777378459.340:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6302 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f29e355d60e code=0x7ffc0000 [ 119.071722][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.256795][ T6312] openvswitch: netlink: Actions may not be safe on all matching packets [ 119.428731][ T6317] loop1: detected capacity change from 0 to 512 [ 119.439987][ T6317] EXT4-fs: Ignoring removed nomblk_io_submit option [ 119.470415][ T6317] EXT4-fs: Ignoring removed mblk_io_submit option [ 119.499108][ T6317] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 119.555381][ T6317] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 119.641047][ T6317] EXT4-fs (loop1): 1 truncate cleaned up [ 119.648791][ T6317] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.803613][ T6317] EXT4-fs error (device loop1): ext4_map_blocks:610: inode #2: block 4: comm syz.1.176: lblock 0 mapped to illegal pblock 4 (length 1) [ 119.844894][ T6317] EXT4-fs (loop1): Remounting filesystem read-only [ 119.945023][ T5766] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.060761][ T787] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 120.251419][ T787] usb 3-1: Using ep0 maxpacket: 16 [ 120.266350][ T787] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 120.274830][ T787] usb 3-1: config 0 has no interface number 0 [ 120.291471][ T787] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 120.313428][ T787] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 120.350841][ T6326] loop3: detected capacity change from 0 to 32768 [ 120.360895][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 120.361277][ T787] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 120.385559][ T6326] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.179 (6326) [ 120.398073][ T787] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 120.416704][ T787] usb 3-1: Product: syz [ 120.426497][ T787] usb 3-1: SerialNumber: syz [ 120.483445][ T787] usb 3-1: config 0 descriptor?? [ 120.489912][ T6326] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 120.507688][ T787] cm109 3-1:0.8: invalid payload size 0, expected 4 [ 120.519345][ T787] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input9 [ 120.535051][ T6326] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 120.548695][ T6326] BTRFS info (device loop3): setting nodatacow, compression disabled [ 120.560910][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 120.571702][ T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 120.597292][ T6326] BTRFS info (device loop3): setting datasum, datacow enabled [ 120.616907][ T6326] BTRFS info (device loop3): force clearing of disk cache [ 120.624126][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 120.624159][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 120.624184][ T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 120.624232][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 120.624256][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.687252][ T6326] BTRFS info (device loop3): enabling ssd optimizations [ 120.698929][ T6326] BTRFS info (device loop3): using spread ssd allocation scheme [ 120.749328][ T6326] BTRFS info (device loop3): turning on sync discard [ 120.766120][ T6326] BTRFS info (device loop3): turning off barriers [ 120.783202][ T6326] BTRFS info (device loop3): enabling auto defrag [ 120.800459][ T6326] BTRFS info (device loop3): not using ssd optimizations [ 120.808806][ T6326] BTRFS info (device loop3): not using spread ssd allocation scheme [ 120.851935][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 120.862345][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 120.870027][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 120.877270][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 120.884658][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 120.891973][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 120.899873][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 120.907228][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 120.914465][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 120.921697][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 120.928853][ T23] usb 3-1: USB disconnect, device number 5 [ 120.928930][ C1] cm109 3-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 120.951925][ T6326] BTRFS info (device loop3): using free space tree [ 120.972594][ T23] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 120.982269][ T9] usb 2-1: GET_CAPABILITIES returned 0 [ 121.000805][ T9] usbtmc 2-1:16.0: can't read capabilities [ 121.125181][ T6326] BTRFS info (device loop3): rebuilding free space tree [ 121.225611][ T6332] usb 2-1: usbtmc_ioctl_clear_out_halt returned -32 [ 121.244918][ T23] usb 2-1: USB disconnect, device number 4 [ 121.492233][ T3466] BTRFS info (device loop3): cannot satisfy tickets, dumping space info [ 121.501155][ T3466] BTRFS info (device loop3): space_info DATA+METADATA (sub-group id 0) has 10039296 free, is full [ 121.511941][ T3466] BTRFS info (device loop3): space_info total=11534336, used=53248, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 121.525795][ T3466] BTRFS info (device loop3): failing ticket with 33558528 bytes [ 121.534955][ T6326] BTRFS info (device loop3): space_info DATA+METADATA (sub-group id 0) has 10039296 free, is full [ 121.546358][ T6326] BTRFS info (device loop3): space_info total=11534336, used=53248, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 121.560304][ T6326] BTRFS info (device loop3): global_block_rsv: size 1441792 reserved 1441792 [ 121.570094][ T6326] BTRFS info (device loop3): trans_block_rsv: size 0 reserved 0 [ 121.578196][ T6326] BTRFS info (device loop3): chunk_block_rsv: size 0 reserved 0 [ 121.586891][ T6326] BTRFS info (device loop3): delayed_block_rsv: size 0 reserved 0 [ 121.595353][ T6326] BTRFS info (device loop3): delayed_refs_rsv: size 0 reserved 0 [ 121.745563][ T6369] loop2: detected capacity change from 0 to 256 [ 121.771726][ T6369] exfat: Deprecated parameter 'utf8' [ 121.783021][ T6369] exfat: Deprecated parameter 'utf8' [ 121.799419][ T6369] exfat: Deprecated parameter 'namecase' [ 121.836954][ T6369] exfat: Deprecated parameter 'utf8' [ 121.861778][ T6369] exfat: Deprecated parameter 'namecase' [ 121.884273][ T6369] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 122.077579][ T6372] loop0: detected capacity change from 0 to 1024 [ 122.122650][ T6372] EXT4-fs: Ignoring removed bh option [ 122.128252][ T6372] EXT4-fs: Ignoring removed bh option [ 122.192441][ T6372] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.323051][ T5767] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 122.500612][ T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 122.585090][ T5765] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2853: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 122.690169][ T5765] EXT4-fs error (device loop0): ext4_read_inline_dir:1591: inode #12: block 7: comm syz-executor: path /58/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 122.758824][ T5765] EXT4-fs (loop0): Remounting filesystem read-only [ 122.767866][ T9] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 122.783129][ T9] usb 2-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 122.830609][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.920130][ T9] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 122.937878][ T6388] loop3: detected capacity change from 0 to 512 [ 123.008176][ T6388] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.138604][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.195817][ T5765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.250950][ T1187] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 123.325936][ T42] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.472261][ T1187] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 123.477168][ T42] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.490726][ T1187] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.510428][ T1187] usb 3-1: Product: syz [ 123.522834][ T1187] usb 3-1: Manufacturer: syz [ 123.532249][ T1187] usb 3-1: SerialNumber: syz [ 123.555027][ T1187] usb 3-1: config 0 descriptor?? [ 123.563200][ T1187] ch341 3-1:0.0: ch341-uart converter detected [ 123.656201][ T42] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.783621][ T42] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.059006][ T6393] loop3: detected capacity change from 0 to 40427 [ 124.113533][ T6393] F2FS-fs (loop3): invalid crc value [ 124.142374][ T6393] F2FS-fs (loop3): Found nat_bits in checkpoint [ 124.270429][ T6393] F2FS-fs (loop3): Start checkpoint disabled! [ 124.300991][ T6393] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 124.395795][ T1187] usb 3-1: failed to send control message: -71 [ 124.422483][ T1187] ch341-uart: probe of ttyUSB0 failed with error -71 [ 124.464502][ T1187] usb 3-1: USB disconnect, device number 6 [ 124.503832][ T1187] ch341 3-1:0.0: device disconnected [ 124.521959][ T9] gspca_stv0680: usb_control_msg error 2, request = 0x6, error = -110 [ 124.568648][ T9] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -32 [ 124.601119][ T9] stv0680 2-1:4.0: last error: 86, command = 0x78 [ 124.670099][ T5781] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 124.681678][ T5781] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 124.690645][ T5781] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 124.724732][ T5781] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 124.744894][ T5781] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 124.752805][ T5781] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 124.877969][ T3466] kworker/u4:7: attempt to access beyond end of device [ 124.877969][ T3466] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 124.903493][ T3466] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 124.926617][ T3466] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 125.298696][ T5810] usb 2-1: USB disconnect, device number 5 [ 125.668828][ T6404] chnl_net:caif_netlink_parms(): no params data found [ 125.964703][ T6404] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.974400][ T6404] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.006491][ T6404] bridge_slave_0: entered allmulticast mode [ 126.021119][ T5858] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 126.040943][ T6404] bridge_slave_0: entered promiscuous mode [ 126.103166][ T6404] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.124136][ T6404] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.150419][ T6404] bridge_slave_1: entered allmulticast mode [ 126.182315][ T6404] bridge_slave_1: entered promiscuous mode [ 126.244250][ T5858] usb 4-1: Using ep0 maxpacket: 32 [ 126.262741][ T5858] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 126.275247][ T5858] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.286633][ T5858] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 126.309629][ T42] hsr_slave_0: left promiscuous mode [ 126.317393][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.325597][ T42] hsr_slave_1: left promiscuous mode [ 126.344070][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 126.352508][ T5858] usb 4-1: config 0 descriptor?? [ 126.361049][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 126.371781][ T5858] hub 4-1:0.0: USB hub found [ 126.391934][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.404266][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 126.414294][ T42] bridge_slave_1: left allmulticast mode [ 126.420118][ T42] bridge_slave_1: left promiscuous mode [ 126.433357][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.453553][ T42] bridge_slave_0: left allmulticast mode [ 126.459507][ T42] bridge_slave_0: left promiscuous mode [ 126.466058][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.482750][ T787] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 126.523983][ T42] veth1_macvtap: left promiscuous mode [ 126.530402][ T42] veth0_macvtap: left promiscuous mode [ 126.537421][ T42] veth1_vlan: left promiscuous mode [ 126.543345][ T42] veth0_vlan: left promiscuous mode [ 126.605868][ T5858] hub 4-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 126.682685][ T787] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 126.709345][ T787] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.728895][ T787] usb 3-1: Product: syz [ 126.740144][ T787] usb 3-1: Manufacturer: syz [ 126.755054][ T787] usb 3-1: SerialNumber: syz [ 126.782240][ T787] usb 3-1: config 0 descriptor?? [ 126.817065][ T5781] Bluetooth: hci0: command tx timeout [ 127.024026][ T5858] hid-generic 0003:046D:C31C.0003: item fetching failed at offset 0/1 [ 127.061613][ T5858] hid-generic: probe of 0003:046D:C31C.0003 failed with error -22 [ 127.154721][ T1187] usb 3-1: USB disconnect, device number 7 [ 127.371261][ T9] usb 4-1: USB disconnect, device number 5 [ 127.725207][ T42] team0 (unregistering): Port device team_slave_1 removed [ 127.775641][ T42] team0 (unregistering): Port device team_slave_0 removed [ 127.838180][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 128.017389][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 128.331333][ T5810] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 128.480091][ T42] bond0 (unregistering): Released all slaves [ 128.526632][ T5810] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 128.541181][ T5810] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 128.557085][ T5810] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 128.566962][ T5810] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 128.575709][ T5810] usb 4-1: SerialNumber: syz [ 128.627514][ T6404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.642299][ T6404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 128.874810][ T5810] usb 4-1: 0:2 : does not exist [ 128.889333][ T6404] team0: Port device team_slave_0 added [ 128.908215][ T5781] Bluetooth: hci0: command tx timeout [ 128.952712][ T6404] team0: Port device team_slave_1 added [ 128.985981][ T6404] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 128.993351][ T6404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.026347][ T6404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.039830][ T6404] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 129.047565][ T6404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.079627][ T6404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 129.199145][ T5810] usb 4-1: USB disconnect, device number 6 [ 129.338677][ T6404] hsr_slave_0: entered promiscuous mode [ 129.348328][ T5771] udevd[5771]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 129.379650][ T6404] hsr_slave_1: entered promiscuous mode [ 129.405524][ T6404] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 129.422084][ T6404] Cannot create hsr debugfs directory [ 129.599253][ T6478] loop2: detected capacity change from 0 to 2048 [ 129.680710][ T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 129.720876][ T6480] loop3: detected capacity change from 0 to 1024 [ 129.749434][ T6481] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 129.879292][ T6480] hfsplus: bad catalog entry type [ 129.910599][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 129.940928][ T9] usb 2-1: config 1 has an invalid descriptor of length 142, skipping remainder of the config [ 129.972303][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 130.025698][ T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 130.035777][ T11] hfsplus: b-tree write err: -5, ino 25 [ 130.047103][ T11] hfsplus: b-tree write err: -5, ino 4 [ 130.055829][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.072040][ T11] hfsplus: b-tree write err: -5, ino 2 [ 130.082196][ T9] usb 2-1: Product: syz [ 130.086451][ T9] usb 2-1: Manufacturer: syz [ 130.091304][ T9] usb 2-1: SerialNumber: syz [ 130.093883][ T11] hfsplus: b-tree write err: -5, ino 26 [ 130.293056][ T6404] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 130.328047][ T6404] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 130.350107][ T9] usb 2-1: 0:2 : does not exist [ 130.363278][ T6404] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 130.376339][ T9] usb 2-1: unit 9 not found! [ 130.388674][ T6404] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 130.402014][ T9] usb 2-1: 4:0: cannot get min/max values for control 1 (id 4) [ 130.433664][ T9] usb 2-1: 4:0: cannot get min/max values for control 3 (id 4) [ 130.451872][ T9] usb 2-1: 4:0: cannot get min/max values for control 4 (id 4) [ 130.489491][ T9] usb 2-1: 4:0: cannot get min/max values for control 5 (id 4) [ 130.529699][ T9] usb 2-1: 4:0: cannot get min/max values for control 6 (id 4) [ 130.557006][ T9] usb 2-1: 4:0: cannot get min/max values for control 7 (id 4) [ 130.565069][ T5810] usb 4-1: new low-speed USB device number 7 using dummy_hcd [ 130.588842][ T9] usb 2-1: 4:0: cannot get min/max values for control 8 (id 4) [ 130.669133][ T9] usb 2-1: USB disconnect, device number 6 [ 130.758738][ T6404] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.782172][ T5810] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 130.790282][ T5810] usb 4-1: config 0 has no interface number 0 [ 130.870956][ T5810] usb 4-1: config 0 interface 1 altsetting 19 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 130.946686][ T6404] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.954123][ T5810] usb 4-1: config 0 interface 1 altsetting 19 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.017115][ T5810] usb 4-1: config 0 interface 1 has no altsetting 0 [ 131.024323][ T5781] Bluetooth: hci0: command tx timeout [ 131.045681][ T6494] loop2: detected capacity change from 0 to 32768 [ 131.072699][ T5810] usb 4-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00 [ 131.082238][ T6494] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 131.091016][ T6494] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 131.101115][ T5810] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.117379][ T5810] usb 4-1: config 0 descriptor?? [ 131.129929][ T3466] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.137188][ T3466] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.153758][ T3466] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.161029][ T3466] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.175540][ T6494] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 131.187793][ T5858] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 131.195055][ T5858] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 131.241140][ T5858] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 46ms [ 131.268882][ T5858] gfs2: fsid=syz:syz.0: jid=0: Done [ 131.312771][ T6494] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 131.552986][ T6494] gfs2: fsid=syz:syz.0: found 1 quota changes [ 131.676032][ T6502] loop1: detected capacity change from 0 to 256 [ 131.682185][ T6494] syz.2.219: attempt to access beyond end of device [ 131.682185][ T6494] loop2: rw=12288, sector=6755399441055880, nr_sectors = 8 limit=32768 [ 131.715913][ T6502] exfat: Deprecated parameter 'namecase' [ 131.777224][ T6502] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 131.811672][ T5810] uclogic 0003:2179:0053.0004: pen parameters not found [ 131.818731][ T5810] uclogic 0003:2179:0053.0004: interface is invalid, ignoring [ 132.019585][ T5768] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error [ 132.019585][ T5768] inode = 11 2339 [ 132.019585][ T5768] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 421 [ 132.072640][ T5810] usb 4-1: USB disconnect, device number 7 [ 132.131397][ T5768] gfs2: fsid=syz:syz.0: G: s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 132.153443][ T5768] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5768 [syz-executor] gfs2_quota_sync+0x411/0x5a0 [ 132.165536][ T5768] gfs2: fsid=syz:syz.0: I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0 [ 132.174516][ T5768] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 132.214300][ T5768] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 132.224238][ T6404] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 132.234052][ T5768] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 132.248774][ T5768] gfs2: fsid=syz:syz.0: File system withdrawn [ 132.264059][ T5768] CPU: 0 PID: 5768 Comm: syz-executor Not tainted syzkaller #0 [ 132.271703][ T5768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 132.281834][ T5768] Call Trace: [ 132.285179][ T5768] [ 132.288167][ T5768] dump_stack_lvl+0x18c/0x250 [ 132.292953][ T5768] ? kobject_uevent_env+0x363/0x8b0 [ 132.298211][ T5768] ? show_regs_print_info+0x20/0x20 [ 132.303462][ T5768] ? load_image+0x420/0x420 [ 132.308016][ T5768] ? kobject_uevent_env+0x363/0x8b0 [ 132.313263][ T5768] gfs2_withdraw+0xb24/0x13d0 [ 132.318000][ T5768] ? gfs2_lm+0x240/0x240 [ 132.322374][ T5768] ? queue_delayed_work_on+0x114/0x200 [ 132.327879][ T5768] ? gfs2_consist_inode_i+0xf5/0x110 [ 132.333300][ T5768] gfs2_inode_refresh+0xc50/0x1160 [ 132.338457][ T5768] ? gfs2_inode_metasync+0xf0/0xf0 [ 132.343604][ T5768] ? gfs2_glock_nq+0xd4f/0x1420 [ 132.348498][ T5768] gfs2_instantiate+0x162/0x220 [ 132.353409][ T5768] gfs2_glock_wait+0x1d4/0x2a0 [ 132.358216][ T5768] do_sync+0x4c6/0xe50 [ 132.362324][ T5768] ? gfs2_quota_sync+0x411/0x5a0 [ 132.367361][ T5768] ? bh_get+0x760/0x760 [ 132.371582][ T5768] ? __lock_acquire+0x7d40/0x7d40 [ 132.376694][ T5768] ? do_raw_spin_lock+0x11f/0x2c0 [ 132.381768][ T5768] ? gfs2_quota_sync+0x411/0x5a0 [ 132.386751][ T5768] ? do_raw_spin_unlock+0x121/0x230 [ 132.391991][ T5768] gfs2_quota_sync+0x411/0x5a0 [ 132.396809][ T5768] gfs2_sync_fs+0x4c/0xb0 [ 132.401272][ T5768] sync_filesystem+0xea/0x220 [ 132.405989][ T5768] generic_shutdown_super+0x6f/0x2b0 [ 132.411313][ T5768] kill_block_super+0x44/0x90 [ 132.416080][ T5768] deactivate_locked_super+0x97/0x100 [ 132.421952][ T5768] cleanup_mnt+0x43b/0x4d0 [ 132.426418][ T5768] task_work_run+0x1d4/0x260 [ 132.431055][ T5768] ? task_work_cancel+0x220/0x220 [ 132.436127][ T5768] ? exit_to_user_mode_loop+0x3b/0x110 [ 132.441652][ T5768] exit_to_user_mode_loop+0xe6/0x110 [ 132.446979][ T5768] exit_to_user_mode_prepare+0xee/0x180 [ 132.452567][ T5768] syscall_exit_to_user_mode+0x1a/0x50 [ 132.458057][ T5768] do_syscall_64+0x61/0xa0 [ 132.462500][ T5768] ? clear_bhb_loop+0x40/0x90 [ 132.467211][ T5768] ? clear_bhb_loop+0x40/0x90 [ 132.471942][ T5768] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 132.478133][ T5768] RIP: 0033:0x7f73fb99e017 [ 132.482594][ T5768] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 132.502247][ T5768] RSP: 002b:00007ffe3aeb2618 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 132.510716][ T5768] RAX: 0000000000000000 RBX: 00007f73fba32120 RCX: 00007f73fb99e017 [ 132.518718][ T5768] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe3aeb26d0 [ 132.526724][ T5768] RBP: 00007ffe3aeb26d0 R08: 00007ffe3aeb36d0 R09: 00000000ffffffff [ 132.534729][ T5768] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe3aeb3760 [ 132.542761][ T5768] R13: 00007f73fba32120 R14: 00000000000202bc R15: 00007ffe3aeb37a0 [ 132.550791][ T5768] [ 133.052050][ T5781] Bluetooth: hci0: command tx timeout [ 133.085357][ T6529] openvswitch: netlink: Actions may not be safe on all matching packets [ 133.216394][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.226635][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.287675][ T6531] loop2: detected capacity change from 0 to 512 [ 133.360244][ T6531] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 133.388945][ T6404] veth0_vlan: entered promiscuous mode [ 133.424824][ T6404] veth1_vlan: entered promiscuous mode [ 133.454164][ T6531] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 133.491355][ T6531] EXT4-fs (loop2): orphan cleanup on readonly fs [ 133.527205][ T6531] __quota_error: 24 callbacks suppressed [ 133.527221][ T6531] Quota error (device loop2): v2_read_file_info: Can't read info structure [ 133.572977][ T6404] veth0_macvtap: entered promiscuous mode [ 133.611542][ T6531] EXT4-fs warning (device loop2): ext4_enable_quotas:7188: Failed to enable quota tracking (type=1, err=-5, ino=4). Please run e2fsck to fix. [ 133.635178][ T6521] loop1: detected capacity change from 0 to 32768 [ 133.654308][ T6404] veth1_macvtap: entered promiscuous mode [ 133.670835][ T6531] EXT4-fs (loop2): Cannot turn on quotas: error -5 [ 133.716254][ T6531] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.221: bg 0: block 64: padding at end of block bitmap is not set [ 133.740109][ T6404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.774198][ T6531] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 133.791932][ T6404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.806198][ T6531] EXT4-fs (loop2): 1 truncate cleaned up [ 133.817371][ T6539] program syz.3.226 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 133.823557][ T6404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.833377][ T6531] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 133.851122][ T6404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.865158][ T6404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 133.898312][ T6404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.962051][ T6404] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 134.009519][ T6404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 134.048172][ T6404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.059950][ T6404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 134.079585][ T6404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.089869][ T6404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 134.125364][ T6404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 134.137599][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.149121][ T6404] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 134.233018][ T6404] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.253481][ T6404] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.288920][ T6404] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.324539][ T6404] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.355741][ T6545] netlink: 4 bytes leftover after parsing attributes in process `syz.2.229'. [ 134.542837][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.594273][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.675764][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.692143][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.600779][ T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 135.674231][ T6583] loop4: detected capacity change from 0 to 512 [ 135.823957][ T9] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 135.849696][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 135.880796][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 135.910806][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 135.959471][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 135.970552][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 136.011231][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 136.019446][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 136.046686][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 136.072799][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 136.104770][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 136.125317][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 136.170300][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 136.198773][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 136.220747][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 136.259088][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 136.276506][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 136.294549][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 136.331880][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 136.340232][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 136.359970][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 136.395831][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 136.418143][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 136.433055][ T9] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 136.444969][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 136.454606][ T9] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 136.469022][ T9] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 136.477620][ T9] usb 3-1: Product: syz [ 136.482044][ T9] usb 3-1: Manufacturer: syz [ 136.486693][ T9] usb 3-1: SerialNumber: syz [ 136.500089][ T9] usb 3-1: config 0 descriptor?? [ 136.538227][ T9] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 136.827900][ T5858] usb 3-1: USB disconnect, device number 8 [ 136.853980][ T5858] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 136.876919][ T6585] loop1: detected capacity change from 0 to 32768 [ 136.909956][ T6585] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 137.084774][ T6585] XFS (loop1): Ending clean mount [ 137.138558][ T6585] XFS (loop1): Quotacheck needed: Please wait. [ 137.277965][ T6585] XFS (loop1): Quotacheck: Done. [ 137.313956][ T6618] loop3: detected capacity change from 0 to 4096 [ 137.426020][ T6623] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 138.038882][ T5766] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 138.138304][ T6632] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 138.363700][ T6615] loop4: detected capacity change from 0 to 32768 [ 138.555390][ T6615] JBD2: Ignoring recovery information on journal [ 138.606920][ T6639] Bluetooth: MGMT ver 1.22 [ 138.618031][ T6615] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 139.251308][ T6404] ocfs2: Unmounting device (7,4) on (node local) [ 139.466740][ T6669] sctp: [Deprecated]: syz.2.260 (pid 6669) Use of int in max_burst socket option deprecated. [ 139.466740][ T6669] Use struct sctp_assoc_value instead [ 139.836320][ T5858] Process accounting resumed [ 140.053073][ T6689] netlink: 508 bytes leftover after parsing attributes in process `syz.1.267'. [ 140.700164][ T6712] loop4: detected capacity change from 0 to 256 [ 140.728182][ T6712] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xa05bf55d, utbl_chksum : 0xe619d30d) [ 140.847340][ T6716] loop2: detected capacity change from 0 to 1024 [ 140.874028][ T6716] EXT4-fs: Ignoring removed nomblk_io_submit option [ 140.934522][ T6716] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 140.950762][ T6716] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 141.050390][ T6716] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.150843][ T787] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 141.280030][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.373021][ T787] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 141.400725][ T787] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 141.430716][ T787] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 141.500729][ T787] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 141.520069][ T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.545384][ T787] usb 4-1: config 0 descriptor?? [ 141.740857][ T5816] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 141.937716][ T5816] usb 3-1: config 0 has an invalid interface number: 64 but max is 0 [ 141.950664][ T5816] usb 3-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config [ 141.975426][ T5816] usb 3-1: config 0 has no interface number 0 [ 141.994328][ T5816] usb 3-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 142.003827][ T9] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 142.021646][ T787] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 142.043579][ T5816] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.065601][ T5816] usb 3-1: Product: syz [ 142.069881][ T5816] usb 3-1: Manufacturer: syz [ 142.089476][ T5816] usb 3-1: SerialNumber: syz [ 142.093582][ T787] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 142.120989][ T5816] usb 3-1: config 0 descriptor?? [ 142.232585][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 142.264674][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.288905][ T787] usb 4-1: USB disconnect, device number 8 [ 142.297470][ T9] usb 5-1: New USB device found, idVendor=0925, idProduct=8066, bcdDevice= 0.00 [ 142.340679][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.382708][ T9] usb 5-1: config 0 descriptor?? [ 142.401636][ T5816] usb 3-1: USB disconnect, device number 9 [ 142.512822][ T6742] loop1: detected capacity change from 0 to 40427 [ 142.536378][ T6742] F2FS-fs (loop1): heap/no_heap options were deprecated [ 142.551976][ T6742] F2FS-fs (loop1): heap/no_heap options were deprecated [ 142.571478][ T6742] F2FS-fs (loop1): invalid crc value [ 142.585595][ T6742] F2FS-fs (loop1): Found nat_bits in checkpoint [ 142.711836][ T6742] F2FS-fs (loop1): Start checkpoint disabled! [ 142.758746][ T6742] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 142.817610][ T9] hid-generic 0003:0925:8066.0006: unbalanced collection at end of report description [ 142.870558][ T9] hid-generic: probe of 0003:0925:8066.0006 failed with error -22 [ 143.055381][ T6445] usb 5-1: USB disconnect, device number 2 [ 143.065491][ T6760] loop2: detected capacity change from 0 to 16 [ 143.132131][ T6760] erofs: (device loop2): mounted with root inode @ nid 36. [ 143.251077][ T4245] kworker/u4:8: attempt to access beyond end of device [ 143.251077][ T4245] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 143.290275][ T4245] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 143.305972][ T4245] kworker/u4:8: attempt to access beyond end of device [ 143.305972][ T4245] loop1: rw=2049, sector=40984, nr_sectors = 8 limit=40427 [ 143.323800][ T4245] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 143.470002][ T6769] loop2: detected capacity change from 0 to 256 [ 143.506231][ T6769] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d) [ 143.938822][ T6777] netlink: 12 bytes leftover after parsing attributes in process `syz.2.293'. [ 143.990212][ T6777] bridge0: port 3(vlan2) entered blocking state [ 143.997372][ T6774] loop4: detected capacity change from 0 to 4096 [ 144.030851][ T6774] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 144.041389][ T6777] bridge0: port 3(vlan2) entered disabled state [ 144.067824][ T6777] vlan2: entered allmulticast mode [ 144.100203][ T6777] gretap0: entered allmulticast mode [ 144.153619][ T6777] vlan2: entered promiscuous mode [ 144.190743][ T6777] gretap0: entered promiscuous mode [ 144.211947][ T6777] bridge0: port 3(vlan2) entered blocking state [ 144.218948][ T6777] bridge0: port 3(vlan2) entered forwarding state [ 144.339710][ T28] audit: type=1800 audit(1777378484.947:39): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.291" name="file1" dev="loop4" ino=33 res=0 errno=0 [ 144.650073][ T6790] loop2: detected capacity change from 0 to 16 [ 144.684413][ T6790] erofs: (device loop2): mounted with root inode @ nid 36. [ 144.762129][ T6790] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -2 in[1, 1416] out[3560] [ 144.783617][ T6790] erofs: (device loop2): erofs_readdir: fail to readdir of logical block 80 of nid 36 [ 144.961942][ T6779] loop1: detected capacity change from 0 to 32768 [ 145.131924][ T6800] loop2: detected capacity change from 0 to 512 [ 145.225420][ T6800] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 145.239512][ T6800] EXT4-fs error (device loop2): ext4_iget_extra_inode:4739: inode #15: comm syz.2.301: corrupted in-inode xattr: e_value size too large [ 145.260467][ T6800] EXT4-fs error (device loop2): ext4_orphan_get:1409: comm syz.2.301: couldn't read orphan inode 15 (err -117) [ 145.300650][ T6800] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.466015][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.782389][ T6814] loop1: detected capacity change from 0 to 256 [ 146.198231][ T6826] loop4: detected capacity change from 0 to 1024 [ 146.270642][ T5810] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 146.355936][ T12] hfsplus: b-tree write err: -5, ino 25 [ 146.371177][ T12] hfsplus: b-tree write err: -5, ino 4 [ 146.376907][ T12] hfsplus: b-tree write err: -5, ino 2 [ 146.383623][ T12] hfsplus: b-tree write err: -5, ino 26 [ 146.482713][ T5810] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 146.503409][ T5810] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 146.519729][ T6832] netlink: 36 bytes leftover after parsing attributes in process `syz.1.316'. [ 146.546275][ T5810] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 146.568585][ T5810] usb 4-1: config 220 has no interface number 2 [ 146.575000][ T5810] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 146.620037][ T5810] usb 4-1: config 220 interface 0 has no altsetting 0 [ 146.633271][ T5810] usb 4-1: config 220 interface 76 has no altsetting 0 [ 146.640476][ T5810] usb 4-1: config 220 interface 1 has no altsetting 0 [ 146.652060][ T5810] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 146.661703][ T5810] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.670551][ T5810] usb 4-1: Product: syz [ 146.675155][ T5810] usb 4-1: Manufacturer: syz [ 146.679818][ T5810] usb 4-1: SerialNumber: syz [ 146.934995][ T5810] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 146.955387][ T5810] usb 4-1: No valid video chain found. [ 146.961007][ T5810] usb 4-1: selecting invalid altsetting 0 [ 147.014762][ T5810] usb 4-1: selecting invalid altsetting 0 [ 147.020595][ T5810] usbtest: probe of 4-1:220.1 failed with error -22 [ 147.052967][ T5810] usb 4-1: USB disconnect, device number 9 [ 147.127554][ T6830] loop2: detected capacity change from 0 to 32768 [ 147.262387][ T6830] syz.2.314: attempt to access beyond end of device [ 147.262387][ T6830] loop2: rw=1, sector=4680032, nr_sectors = 8 limit=32768 [ 147.299494][ T6830] metapage_write_end_io: I/O error [ 147.330352][ T6830] ERROR: (device loop2): diWrite: ixpxd invalid [ 147.330352][ T6830] [ 147.386820][ T6830] ERROR: (device loop2): remounting filesystem as read-only [ 147.400166][ T6830] ERROR: (device loop2): txCommit: [ 147.400166][ T6830] [ 147.429134][ T6830] blkno = 8ed2c, nblocks = 1 [ 147.434458][ T6830] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map [ 147.434458][ T6830] [ 147.469231][ T6842] bond1: entered promiscuous mode [ 147.690948][ T112] blkno = 8ed23, nblocks = 1 [ 147.695725][ T112] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map [ 147.695725][ T112] [ 147.734699][ T112] blkno = 8ed2c, nblocks = 4 [ 147.749149][ T112] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map [ 147.749149][ T112] [ 147.780541][ T5768] syz-executor: attempt to access beyond end of device [ 147.780541][ T5768] loop2: rw=1, sector=4680032, nr_sectors = 8 limit=32768 [ 147.797162][ T5768] metapage_write_end_io: I/O error [ 147.805401][ T5768] JFS: metapage_get_blocks failed [ 147.810691][ T5768] JFS: metapage_get_blocks failed [ 147.817483][ T5768] JFS: metapage_get_blocks failed [ 147.822961][ T5768] JFS: metapage_get_blocks failed [ 147.828051][ T5768] JFS: metapage_get_blocks failed [ 148.317920][ T6864] loop3: detected capacity change from 0 to 128 [ 148.390035][ T6864] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 148.916982][ T6871] loop2: detected capacity change from 0 to 2048 [ 149.132401][ T6871] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 149.249007][ T6857] loop4: detected capacity change from 0 to 32768 [ 149.328790][ T6857] [ 149.328790][ T6857] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 149.328790][ T6857] [ 149.736984][ T6885] program syz.3.332 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 150.298249][ T6879] loop1: detected capacity change from 0 to 131072 [ 150.303362][ T787] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 150.332279][ T6879] F2FS-fs (loop1): Invalid log sectorsize (67108873) [ 150.339875][ T6879] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 150.387024][ T6879] F2FS-fs (loop1): invalid crc value [ 150.398595][ T6404] [ 150.398595][ T6404] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 150.398595][ T6404] [ 150.421358][ T6404] [ 150.421358][ T6404] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 150.421358][ T6404] [ 150.426534][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.446237][ T6879] F2FS-fs (loop1): Found nat_bits in checkpoint [ 150.509319][ T787] usb 4-1: Using ep0 maxpacket: 32 [ 150.524410][ T6879] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 150.531593][ T6879] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 150.567890][ T787] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 150.577027][ T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.668072][ T787] usb 4-1: config 0 descriptor?? [ 150.686360][ T787] gspca_main: sunplus-2.14.0 probing 041e:400b [ 150.751169][ T6893] Bluetooth: MGMT ver 1.22 [ 151.507115][ T787] gspca_sunplus: reg_w_riv err -71 [ 151.534309][ T787] sunplus: probe of 4-1:0.0 failed with error -71 [ 151.561930][ T787] usb 4-1: USB disconnect, device number 10 [ 152.086260][ T6897] loop4: detected capacity change from 0 to 32768 [ 152.099435][ T6897] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 152.125583][ T6897] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 152.158979][ T6897] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 152.410664][ T6897] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 152.605900][ T6917] loop2: detected capacity change from 0 to 64 [ 152.717353][ T28] audit: type=1800 audit(1777378493.543:40): pid=6917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.342" name="file1" dev="loop2" ino=21 res=0 errno=0 [ 152.812613][ T787] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 153.019906][ T787] usb 2-1: Using ep0 maxpacket: 8 [ 153.030842][ T6923] loop2: detected capacity change from 0 to 128 [ 153.059778][ T787] usb 2-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=f9.64 [ 153.071525][ T6923] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 153.087471][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67 [ 153.104198][ T787] usb 2-1: Product: syz [ 153.122974][ T787] usb 2-1: Manufacturer: syz [ 153.138255][ T787] usb 2-1: SerialNumber: syz [ 153.153230][ T6923] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 153.166362][ T787] usb 2-1: config 0 descriptor?? [ 153.190399][ T787] gspca_main: sn9c2028-2.14.0 probing 0c45:8003 [ 153.367038][ T6910] loop3: detected capacity change from 0 to 40427 [ 153.400502][ T6910] F2FS-fs (loop3): invalid crc value [ 153.409278][ T6910] F2FS-fs (loop3): Found nat_bits in checkpoint [ 153.452029][ T787] gspca_sn9c2028: read1 error -32 [ 153.469102][ T6930] loop4: detected capacity change from 0 to 512 [ 153.500723][ T787] gspca_sn9c2028: read1 error -32 [ 153.541398][ T6930] EXT4-fs: inline encryption not supported [ 153.547334][ T6930] EXT4-fs: Ignoring removed mblk_io_submit option [ 153.618144][ T6930] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 153.645480][ T6910] F2FS-fs (loop3): Start checkpoint disabled! [ 153.652146][ T6930] EXT4-fs (loop4): Test dummy encryption mode enabled [ 153.663108][ T6910] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 153.681154][ T6930] EXT4-fs (loop4): orphan cleanup on readonly fs [ 153.690817][ T6930] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.343: inode #13: comm syz.4.343: iget: illegal inode # [ 153.770154][ T5816] usb 2-1: USB disconnect, device number 7 [ 153.800898][ T6930] EXT4-fs error (device loop4): ext4_orphan_get:1409: comm syz.4.343: couldn't read orphan inode 13 (err -117) [ 153.868078][ T6930] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 153.974814][ T6930] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 153.999069][ T6930] EXT4-fs error (device loop4): __ext4_remount:6756: comm syz.4.343: Abort forced by user [ 154.044511][ T6930] EXT4-fs (loop4): Remounting filesystem read-only [ 154.055802][ T6930] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 154.138771][ T6404] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.265999][ T4245] kworker/u4:8: attempt to access beyond end of device [ 154.265999][ T4245] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 154.285936][ T4245] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 154.336129][ T6943] warning: `syz.4.347' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 154.527869][ T6946] netlink: 8 bytes leftover after parsing attributes in process `syz.1.348'. [ 155.797161][ T6987] loop4: detected capacity change from 0 to 256 [ 155.816716][ T6987] FAT-fs (loop4): "posix" option is obsolete, not supported now [ 156.058509][ T6445] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 156.102523][ T6958] loop2: detected capacity change from 0 to 32768 [ 156.214553][ T6958] ERROR: (device loop2): dtReadFirst: stbl[0] out of bound [ 156.214553][ T6958] [ 156.247185][ T6958] ERROR: (device loop2): remounting filesystem as read-only [ 156.263909][ T6445] usb 4-1: Using ep0 maxpacket: 8 [ 156.307391][ T6445] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 156.338708][ T6445] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 156.369164][ T6445] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 156.430545][ T6445] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 156.460737][ T6999] loop1: detected capacity change from 0 to 2048 [ 156.468385][ T6445] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 156.499354][ T6445] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 156.520854][ T6445] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.548149][ T6999] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 156.571321][ T6999] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 156.579286][ T6999] UDF-fs: Scanning with blocksize 512 failed [ 156.672061][ T6999] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 156.809448][ T6445] usb 4-1: GET_CAPABILITIES returned 0 [ 156.841048][ T6445] usbtmc 4-1:16.0: can't read capabilities [ 157.074302][ T1187] usb 4-1: USB disconnect, device number 11 [ 157.228369][ T7017] netlink: 8 bytes leftover after parsing attributes in process `syz.4.370'. [ 157.801811][ T7038] Driver unsupported XDP return value 0 on prog (id 22) dev N/A, expect packet loss! [ 158.330145][ T7026] loop2: detected capacity change from 0 to 32768 [ 158.469538][ T7026] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 158.469538][ T7026] [ 158.490551][ T6445] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 158.514120][ T7026] ERROR: (device loop2): remounting filesystem as read-only [ 158.554304][ T7026] xtLookup: xtSearch returned -5 [ 158.589893][ T7026] free_index: error reading directory table [ 158.633745][ T7026] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 158.633745][ T7026] [ 158.679920][ T7026] xtLookup: xtSearch returned -5 [ 158.692447][ T6445] usb 5-1: Using ep0 maxpacket: 16 [ 158.700524][ T6445] usb 5-1: unable to get BOS descriptor or descriptor too short [ 158.710371][ T6445] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 158.718788][ T7026] free_index: error reading directory table [ 158.732024][ T6445] usb 5-1: config 1 interface 0 altsetting 127 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 158.757822][ T7026] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 158.757822][ T7026] [ 158.786058][ T6445] usb 5-1: config 1 interface 0 has no altsetting 0 [ 158.801252][ T7026] xtLookup: xtSearch returned -5 [ 158.816390][ T7026] free_index: error reading directory table [ 158.825937][ T6445] usb 5-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40 [ 158.843243][ T7026] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 158.843243][ T7026] [ 158.855983][ T6445] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.890185][ T7026] xtLookup: xtSearch returned -5 [ 158.895266][ T7026] free_index: error reading directory table [ 158.907614][ T6445] usb 5-1: Product: syz [ 158.925034][ T7026] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 158.925034][ T7026] [ 158.928098][ T6445] usb 5-1: Manufacturer: syz [ 158.954751][ T7026] xtLookup: xtSearch returned -5 [ 158.960076][ T6445] usb 5-1: SerialNumber: syz [ 158.988920][ T7026] free_index: error reading directory table [ 158.994908][ T7026] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 158.994908][ T7026] [ 159.012111][ T6445] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input10 [ 159.055523][ T7026] xtLookup: xtSearch returned -5 [ 159.066865][ T7026] add_index: get/read_metapage failed! [ 159.082974][ T7026] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 159.082974][ T7026] [ 159.103428][ T7026] xtLookup: xtSearch returned -5 [ 159.117084][ T7026] free_index: error reading directory table [ 159.131716][ T7026] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 159.131716][ T7026] [ 159.156536][ T7026] xtLookup: xtSearch returned -5 [ 159.176392][ T7026] free_index: error reading directory table [ 159.189768][ T7026] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 159.189768][ T7026] [ 159.212471][ T5121] bcm5974 5-1:1.0: could not read from device [ 159.230198][ T7026] xtLookup: xtSearch returned -5 [ 159.235225][ T7026] free_index: error reading directory table [ 159.258163][ T6445] bcm5974 5-1:1.0: could not read from device [ 159.264976][ T7073] loop3: detected capacity change from 0 to 8192 [ 159.272569][ T7026] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 159.272569][ T7026] [ 159.289595][ T7026] xtLookup: xtSearch returned -5 [ 159.294608][ T7026] free_index: error reading directory table [ 159.354282][ T7026] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 159.354282][ T7026] [ 159.359937][ T5121] bcm5974 5-1:1.0: could not read from device [ 159.374961][ T7073] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 159.401358][ T6445] input: failed to attach handler mousedev to device input10, error: -5 [ 159.406327][ T7026] xtLookup: xtSearch returned -5 [ 159.416539][ T7077] loop1: detected capacity change from 0 to 512 [ 159.433534][ T7073] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 159.451875][ T5121] bcm5974 5-1:1.0: could not read from device [ 159.461990][ T7026] free_index: error reading directory table [ 159.465604][ T7073] REISERFS (device loop3): using ordered data mode [ 159.491197][ T7077] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #12: comm syz.1.389: missing EA_INODE flag [ 159.507609][ T5121] bcm5974 5-1:1.0: could not read from device [ 159.522917][ T6445] usb 5-1: USB disconnect, device number 3 [ 159.527986][ T7073] reiserfs: using flush barriers [ 159.545827][ T7073] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 159.565183][ T7073] REISERFS (device loop3): checking transaction log (loop3) [ 159.592372][ T7026] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 159.592372][ T7026] [ 159.619111][ T7077] EXT4-fs error (device loop1): ext4_xattr_inode_iget:446: comm syz.1.389: error while reading EA inode 12 err=-117 [ 159.637012][ T7026] xtLookup: xtSearch returned -5 [ 159.643688][ T7077] EXT4-fs (loop1): 1 orphan inode deleted [ 159.649705][ T7026] add_index: get/read_metapage failed! [ 159.656009][ T7073] REISERFS (device loop3): Using r5 hash to sort names [ 159.696967][ T7077] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.721898][ T7073] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 159.786537][ T7073] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 159.811343][ T7077] syz.1.389 (pid 7077) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 159.927271][ T7073] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 159.952376][ T7073] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 159.993460][ T5766] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.006520][ T7073] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 160.188768][ T7086] loop1: detected capacity change from 0 to 256 [ 160.336072][ T7086] FAT-fs (loop1): Directory bread(block 64) failed [ 160.349820][ T7086] FAT-fs (loop1): Directory bread(block 65) failed [ 160.358744][ T7086] FAT-fs (loop1): Directory bread(block 66) failed [ 160.371771][ T7086] FAT-fs (loop1): Directory bread(block 67) failed [ 160.379017][ T7086] FAT-fs (loop1): Directory bread(block 68) failed [ 160.393051][ T7086] FAT-fs (loop1): Directory bread(block 69) failed [ 160.399900][ T7086] FAT-fs (loop1): Directory bread(block 70) failed [ 160.431777][ T7086] FAT-fs (loop1): Directory bread(block 71) failed [ 160.432498][ T7090] loop4: detected capacity change from 0 to 1024 [ 160.438749][ T7086] FAT-fs (loop1): Directory bread(block 72) failed [ 160.545017][ T7086] FAT-fs (loop1): Directory bread(block 73) failed [ 161.204239][ T7106] block nbd0: server does not support multiple connections per device. [ 161.242930][ T7106] block nbd0: shutting down sockets [ 161.369079][ T7116] bridge0: port 2(bridge_slave_1) entered listening state [ 161.416001][ T7116] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.943346][ T7133] netlink: 20 bytes leftover after parsing attributes in process `syz.3.404'. [ 162.728376][ T6445] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 162.924506][ T6445] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 162.957058][ T6445] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 162.969827][ T5816] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 162.998580][ T6445] usb 2-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 163.007800][ T6445] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.089059][ T6445] usb 2-1: config 0 descriptor?? [ 163.168368][ T5816] usb 5-1: Using ep0 maxpacket: 8 [ 163.193574][ T5816] usb 5-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=f9.64 [ 163.220542][ T5816] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67 [ 163.245020][ T5816] usb 5-1: Product: syz [ 163.255468][ T5816] usb 5-1: Manufacturer: syz [ 163.276868][ T5816] usb 5-1: SerialNumber: syz [ 163.307738][ T5816] usb 5-1: config 0 descriptor?? [ 163.325871][ T5816] gspca_main: sn9c2028-2.14.0 probing 0c45:8003 [ 163.543490][ T5816] gspca_sn9c2028: read1 error -32 [ 163.565004][ T5816] gspca_sn9c2028: read1 error -32 [ 163.675910][ T7159] loop3: detected capacity change from 0 to 32768 [ 163.720464][ T6445] razer 0003:1532:010E.0007: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.1-1/input0 [ 163.791265][ T7159] XFS (loop3): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 163.832477][ T6445] usb 5-1: USB disconnect, device number 4 [ 163.999757][ T5816] usb 2-1: USB disconnect, device number 8 [ 164.092857][ T7159] XFS (loop3): Ending clean mount [ 164.131268][ T7187] fido_id[7187]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 164.446313][ T7177] loop2: detected capacity change from 0 to 32768 [ 164.468780][ T5767] XFS (loop3): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 164.495666][ T7177] (syz.2.417,7177,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 164.577931][ T7177] (syz.2.417,7177,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 164.776283][ T7177] JBD2: Ignoring recovery information on journal [ 165.023446][ T7210] bond1: entered promiscuous mode [ 165.034749][ T7177] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 165.428269][ T7177] (syz.2.417,7177,0):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options [ 165.491340][ T7225] loop4: detected capacity change from 0 to 16 [ 165.541307][ T7229] loop3: detected capacity change from 0 to 512 [ 165.597134][ T7225] erofs: (device loop4): mounted with root inode @ nid 36. [ 165.669684][ T7225] syz.4.423: attempt to access beyond end of device [ 165.669684][ T7225] loop4: rw=0, sector=8, nr_sectors = 32 limit=16 [ 165.770011][ T7233] syz.4.423: attempt to access beyond end of device [ 165.770011][ T7233] loop4: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 165.790575][ T5768] ocfs2: Unmounting device (7,2) on (node local) [ 166.446167][ T7254] netlink: 87 bytes leftover after parsing attributes in process `syz.2.435'. [ 166.518878][ T5816] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 166.591620][ T7258] loop3: detected capacity change from 0 to 128 [ 166.649342][ T7258] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 166.728349][ T5816] usb 5-1: Using ep0 maxpacket: 16 [ 166.734893][ T7258] ext4 filesystem being mounted at /108/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 166.743852][ T5816] usb 5-1: config index 0 descriptor too short (expected 65, got 36) [ 166.790819][ T5816] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.816901][ T5816] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 166.840228][ T5767] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 166.843856][ T5816] usb 5-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 166.863174][ T5816] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.880749][ T5816] usb 5-1: config 0 descriptor?? [ 166.929091][ T5816] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input11 [ 167.236298][ T1187] usb 5-1: USB disconnect, device number 5 [ 167.574397][ T23] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 167.761004][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.772455][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.783065][ T23] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 167.792628][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.806970][ T23] usb 4-1: config 0 descriptor?? [ 168.245111][ T23] playstation 0003:054C:0DF2.0008: unknown main item tag 0x0 [ 168.275214][ T23] playstation 0003:054C:0DF2.0008: unknown main item tag 0x0 [ 168.293763][ T23] playstation 0003:054C:0DF2.0008: unknown main item tag 0x0 [ 168.301593][ T23] playstation 0003:054C:0DF2.0008: unknown main item tag 0x0 [ 168.313806][ T23] playstation 0003:054C:0DF2.0008: unknown main item tag 0x0 [ 168.340354][ T23] playstation 0003:054C:0DF2.0008: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.3-1/input0 [ 168.455250][ T23] playstation 0003:054C:0DF2.0008: Invalid byte count transferred, expected 20 got 0 [ 168.477283][ T23] playstation 0003:054C:0DF2.0008: Failed to retrieve DualSense pairing info: -22 [ 168.507006][ T23] playstation 0003:054C:0DF2.0008: Failed to get MAC address from DualSense [ 168.517897][ T23] playstation 0003:054C:0DF2.0008: Failed to create dualsense. [ 168.540818][ T7288] ================================================================== [ 168.540840][ T23] playstation: probe of 0003:054C:0DF2.0008 failed with error -22 [ 168.548935][ T7288] BUG: KASAN: slab-use-after-free in read_report_descriptor+0xb2/0xf0 [ 168.548984][ T7288] Read of size 5 at addr ffff888143776b40 by task fido_id/7288 [ 168.549000][ T7288] [ 168.549006][ T7288] CPU: 0 PID: 7288 Comm: fido_id Not tainted syzkaller #0 [ 168.549023][ T7288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 168.549034][ T7288] Call Trace: [ 168.549051][ T7288] [ 168.549059][ T7288] dump_stack_lvl+0x18c/0x250 [ 168.549091][ T7288] ? read_lock_is_recursive+0x20/0x20 [ 168.549115][ T7288] ? show_regs_print_info+0x20/0x20 [ 168.549144][ T7288] ? load_image+0x420/0x420 [ 168.549170][ T7288] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 168.549196][ T7288] ? __virt_addr_valid+0x18c/0x540 [ 168.549220][ T7288] ? __virt_addr_valid+0x469/0x540 [ 168.634144][ T7288] print_report+0xa8/0x210 [ 168.638624][ T7288] ? read_report_descriptor+0xb2/0xf0 [ 168.644053][ T7288] kasan_report+0x117/0x150 [ 168.648607][ T7288] ? read_report_descriptor+0xb2/0xf0 [ 168.654065][ T7288] kasan_check_range+0x241/0x290 [ 168.659057][ T7288] ? read_report_descriptor+0xb2/0xf0 [ 168.664498][ T7288] __asan_memcpy+0x29/0x70 [ 168.668969][ T7288] read_report_descriptor+0xb2/0xf0 [ 168.674234][ T7288] ? sysfs_kf_bin_open+0xd0/0xd0 [ 168.679390][ T7288] kernfs_fop_read_iter+0x42d/0x670 [ 168.684658][ T7288] vfs_read+0x46a/0x970 [ 168.688882][ T7288] ? kernel_read+0x1e0/0x1e0 [ 168.693549][ T7288] ? do_sys_openat2+0x170/0x1d0 [ 168.698454][ T7288] ? __fdget_pos+0x2ba/0x330 [ 168.703104][ T7288] ksys_read+0x150/0x260 [ 168.707404][ T7288] ? vfs_write+0x990/0x990 [ 168.711881][ T7288] ? lockdep_hardirqs_on+0x98/0x150 [ 168.717131][ T7288] do_syscall_64+0x55/0xa0 [ 168.721599][ T7288] ? clear_bhb_loop+0x40/0x90 [ 168.726326][ T7288] ? clear_bhb_loop+0x40/0x90 [ 168.731053][ T7288] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 168.737000][ T7288] RIP: 0033:0x7f2479aa7407 [ 168.741460][ T7288] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 168.761203][ T7288] RSP: 002b:00007ffffeca66a0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000 [ 168.769680][ T7288] RAX: ffffffffffffffda RBX: 00007f247a211880 RCX: 00007f2479aa7407 [ 168.777749][ T7288] RDX: 0000000000001000 RSI: 00007ffffeca66f0 RDI: 0000000000000004 [ 168.785765][ T7288] RBP: 000056425f605730 R08: 0000000000000000 R09: 0000000000000000 [ 168.793873][ T7288] R10: 0000000000000000 R11: 0000000000000202 R12: 000056425f604930 [ 168.801892][ T7288] R13: 00007ffffeca66f0 R14: 0000000000000004 R15: 000056423262f4d8 [ 168.809916][ T7288] [ 168.812981][ T7288] [ 168.815331][ T7288] Allocated by task 23: [ 168.819535][ T7288] kasan_set_track+0x4e/0x70 [ 168.824211][ T7288] __kasan_kmalloc+0x8f/0xa0 [ 168.828849][ T7288] __kmalloc_node_track_caller+0xb2/0x230 [ 168.834621][ T7288] kmemdup+0x2b/0x70 [ 168.838567][ T7288] hid_open_report+0x1cd/0xee0 [ 168.843375][ T7288] ps_probe+0x25/0x4250 [ 168.847573][ T7288] hid_device_probe+0x293/0x5b0 [ 168.852555][ T7288] really_probe+0x25b/0xb20 [ 168.857100][ T7288] __driver_probe_device+0x18c/0x330 [ 168.862518][ T7288] driver_probe_device+0x4f/0x420 [ 168.867591][ T7288] __device_attach_driver+0x2ca/0x510 [ 168.873016][ T7288] bus_for_each_drv+0x252/0x2e0 [ 168.878014][ T7288] __device_attach+0x2c2/0x420 [ 168.882819][ T7288] bus_probe_device+0x180/0x260 [ 168.887730][ T7288] device_add+0x85b/0xc20 [ 168.892109][ T7288] hid_add_device+0x38d/0x530 [ 168.896925][ T7288] usbhid_probe+0xe02/0x1220 [ 168.901573][ T7288] usb_probe_interface+0x5c9/0xb20 [ 168.906767][ T7288] really_probe+0x25b/0xb20 [ 168.911318][ T7288] __driver_probe_device+0x18c/0x330 [ 168.916650][ T7288] driver_probe_device+0x4f/0x420 [ 168.921718][ T7288] __device_attach_driver+0x2ca/0x510 [ 168.927154][ T7288] bus_for_each_drv+0x252/0x2e0 [ 168.932055][ T7288] __device_attach+0x2c2/0x420 [ 168.936894][ T7288] bus_probe_device+0x180/0x260 [ 168.941824][ T7288] device_add+0x85b/0xc20 [ 168.946196][ T7288] usb_set_configuration+0x1a79/0x20c0 [ 168.951725][ T7288] usb_generic_driver_probe+0x8d/0x150 [ 168.957227][ T7288] usb_probe_device+0x13d/0x270 [ 168.962128][ T7288] really_probe+0x25b/0xb20 [ 168.966673][ T7288] __driver_probe_device+0x18c/0x330 [ 168.972004][ T7288] driver_probe_device+0x4f/0x420 [ 168.977109][ T7288] __device_attach_driver+0x2ca/0x510 [ 168.982532][ T7288] bus_for_each_drv+0x252/0x2e0 [ 168.987436][ T7288] __device_attach+0x2c2/0x420 [ 168.992242][ T7288] bus_probe_device+0x180/0x260 [ 168.997143][ T7288] device_add+0x85b/0xc20 [ 169.001516][ T7288] usb_new_device+0xa3c/0x1660 [ 169.005865][ T6445] usb 4-1: USB disconnect, device number 12 [ 169.006316][ T7288] hub_event+0x29bf/0x49f0 [ 169.016690][ T7288] process_scheduled_works+0xa5d/0x15d0 [ 169.022283][ T7288] worker_thread+0xa55/0xfc0 [ 169.026922][ T7288] kthread+0x2fa/0x390 [ 169.031039][ T7288] ret_from_fork+0x48/0x80 [ 169.035497][ T7288] ret_from_fork_asm+0x11/0x20 [ 169.040311][ T7288] [ 169.042688][ T7288] Freed by task 23: [ 169.046524][ T7288] kasan_set_track+0x4e/0x70 [ 169.051160][ T7288] kasan_save_free_info+0x2e/0x50 [ 169.056229][ T7288] ____kasan_slab_free+0x126/0x1e0 [ 169.061389][ T7288] slab_free_freelist_hook+0x130/0x1a0 [ 169.066885][ T7288] __kmem_cache_free+0xba/0x1e0 [ 169.071785][ T7288] hid_close_report+0x605/0x6d0 [ 169.076761][ T7288] hid_device_probe+0x3da/0x5b0 [ 169.081651][ T7288] really_probe+0x25b/0xb20 [ 169.086190][ T7288] __driver_probe_device+0x18c/0x330 [ 169.091519][ T7288] driver_probe_device+0x4f/0x420 [ 169.096593][ T7288] __device_attach_driver+0x2ca/0x510 [ 169.102010][ T7288] bus_for_each_drv+0x252/0x2e0 [ 169.106923][ T7288] __device_attach+0x2c2/0x420 [ 169.111755][ T7288] bus_probe_device+0x180/0x260 [ 169.116664][ T7288] device_add+0x85b/0xc20 [ 169.121049][ T7288] hid_add_device+0x38d/0x530 [ 169.125775][ T7288] usbhid_probe+0xe02/0x1220 [ 169.130409][ T7288] usb_probe_interface+0x5c9/0xb20 [ 169.135574][ T7288] really_probe+0x25b/0xb20 [ 169.140116][ T7288] __driver_probe_device+0x18c/0x330 [ 169.145448][ T7288] driver_probe_device+0x4f/0x420 [ 169.150518][ T7288] __device_attach_driver+0x2ca/0x510 [ 169.156015][ T7288] bus_for_each_drv+0x252/0x2e0 [ 169.160929][ T7288] __device_attach+0x2c2/0x420 [ 169.165748][ T7288] bus_probe_device+0x180/0x260 [ 169.170658][ T7288] device_add+0x85b/0xc20 [ 169.175048][ T7288] usb_set_configuration+0x1a79/0x20c0 [ 169.180564][ T7288] usb_generic_driver_probe+0x8d/0x150 [ 169.186073][ T7288] usb_probe_device+0x13d/0x270 [ 169.190996][ T7288] really_probe+0x25b/0xb20 [ 169.195540][ T7288] __driver_probe_device+0x18c/0x330 [ 169.200894][ T7288] driver_probe_device+0x4f/0x420 [ 169.205987][ T7288] __device_attach_driver+0x2ca/0x510 [ 169.211402][ T7288] bus_for_each_drv+0x252/0x2e0 [ 169.216314][ T7288] __device_attach+0x2c2/0x420 [ 169.221131][ T7288] bus_probe_device+0x180/0x260 [ 169.226068][ T7288] device_add+0x85b/0xc20 [ 169.230443][ T7288] usb_new_device+0xa3c/0x1660 [ 169.235262][ T7288] hub_event+0x29bf/0x49f0 [ 169.239725][ T7288] process_scheduled_works+0xa5d/0x15d0 [ 169.245318][ T7288] worker_thread+0xa55/0xfc0 [ 169.249961][ T7288] kthread+0x2fa/0x390 [ 169.254069][ T7288] ret_from_fork+0x48/0x80 [ 169.258619][ T7288] ret_from_fork_asm+0x11/0x20 [ 169.263434][ T7288] [ 169.265800][ T7288] The buggy address belongs to the object at ffff888143776b40 [ 169.265800][ T7288] which belongs to the cache kmalloc-8 of size 8 [ 169.279594][ T7288] The buggy address is located 0 bytes inside of [ 169.279594][ T7288] freed 8-byte region [ffff888143776b40, ffff888143776b48) [ 169.293082][ T7288] [ 169.295450][ T7288] The buggy address belongs to the physical page: [ 169.301904][ T7288] page:ffffea00050ddd80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x143776 [ 169.312284][ T7288] flags: 0x57ff00000000800(slab|node=1|zone=2|lastcpupid=0x7ff) [ 169.319974][ T7288] page_type: 0xffffffff() [ 169.324342][ T7288] raw: 057ff00000000800 ffff888017c41280 dead000000000100 dead000000000122 [ 169.333096][ T7288] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000 [ 169.341712][ T7288] page dumped because: kasan: bad access detected [ 169.348193][ T7288] page_owner tracks the page as allocated [ 169.353956][ T7288] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 16962249754, free_ts 0 [ 169.370515][ T7288] post_alloc_hook+0x1c1/0x200 [ 169.375433][ T7288] get_page_from_freelist+0x1951/0x19e0 [ 169.381017][ T7288] __alloc_pages+0x1f0/0x460 [ 169.385658][ T7288] alloc_page_interleave+0x24/0x1e0 [ 169.390917][ T7288] alloc_slab_page+0x5d/0x160 [ 169.395611][ T7288] new_slab+0x87/0x2d0 [ 169.399738][ T7288] ___slab_alloc+0xc5d/0x12f0 [ 169.404483][ T7288] __kmem_cache_alloc_node+0x19e/0x250 [ 169.410077][ T7288] kmalloc_trace+0x2a/0xe0 [ 169.414511][ T7288] usb_control_msg+0x74/0x3e0 [ 169.419219][ T7288] hub_power_on+0x1b0/0x400 [ 169.423744][ T7288] hub_activate+0x35d/0x1a60 [ 169.428401][ T7288] hub_probe+0x290f/0x37e0 [ 169.432868][ T7288] usb_probe_interface+0x5c9/0xb20 [ 169.438005][ T7288] really_probe+0x25b/0xb20 [ 169.442533][ T7288] __driver_probe_device+0x18c/0x330 [ 169.447863][ T7288] page_owner free stack trace missing [ 169.453266][ T7288] [ 169.455628][ T7288] Memory state around the buggy address: [ 169.461275][ T7288] ffff888143776a00: 06 fc fc fc fc 00 fc fc fc fc 00 fc fc fc fc fa [ 169.469435][ T7288] ffff888143776a80: fc fc fc fc fa fc fc fc fc 05 fc fc fc fc 07 fc [ 169.477507][ T7288] >ffff888143776b00: fc fc fc 06 fc fc fc fc fa fc fc fc fc 00 fc fc [ 169.485751][ T7288] ^ [ 169.492015][ T7288] ffff888143776b80: fc fc fa fc fc fc fc 05 fc fc fc fc fa fc fc fc [ 169.500259][ T7288] ffff888143776c00: fc fa fc fc fc fc fa fc fc fc fc fa fc fc fc fc [ 169.508338][ T7288] ================================================================== [ 169.548505][ T7288] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 169.555783][ T7288] CPU: 0 PID: 7288 Comm: fido_id Not tainted syzkaller #0 [ 169.562939][ T7288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 169.573121][ T7288] Call Trace: [ 169.576456][ T7288] [ 169.579429][ T7288] dump_stack_lvl+0x18c/0x250 [ 169.584164][ T7288] ? show_regs_print_info+0x20/0x20 [ 169.589434][ T7288] ? load_image+0x420/0x420 [ 169.593991][ T7288] panic+0x2dc/0x730 [ 169.597924][ T7288] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 169.604135][ T7288] ? bpf_jit_dump+0xd0/0xd0 [ 169.608698][ T7288] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 169.614718][ T7288] ? _raw_spin_unlock+0x40/0x40 [ 169.619649][ T7288] ? read_report_descriptor+0xb2/0xf0 [ 169.625075][ T7288] check_panic_on_warn+0x84/0xa0 [ 169.630068][ T7288] ? read_report_descriptor+0xb2/0xf0 [ 169.635488][ T7288] end_report+0x6f/0x130 [ 169.639769][ T7288] kasan_report+0x128/0x150 [ 169.644448][ T7288] ? read_report_descriptor+0xb2/0xf0 [ 169.649864][ T7288] kasan_check_range+0x241/0x290 [ 169.654834][ T7288] ? read_report_descriptor+0xb2/0xf0 [ 169.660238][ T7288] __asan_memcpy+0x29/0x70 [ 169.664712][ T7288] read_report_descriptor+0xb2/0xf0 [ 169.669947][ T7288] ? sysfs_kf_bin_open+0xd0/0xd0 [ 169.674913][ T7288] kernfs_fop_read_iter+0x42d/0x670 [ 169.680153][ T7288] vfs_read+0x46a/0x970 [ 169.684343][ T7288] ? kernel_read+0x1e0/0x1e0 [ 169.688982][ T7288] ? do_sys_openat2+0x170/0x1d0 [ 169.693869][ T7288] ? __fdget_pos+0x2ba/0x330 [ 169.698575][ T7288] ksys_read+0x150/0x260 [ 169.702848][ T7288] ? vfs_write+0x990/0x990 [ 169.707295][ T7288] ? lockdep_hardirqs_on+0x98/0x150 [ 169.712532][ T7288] do_syscall_64+0x55/0xa0 [ 169.716993][ T7288] ? clear_bhb_loop+0x40/0x90 [ 169.721697][ T7288] ? clear_bhb_loop+0x40/0x90 [ 169.726419][ T7288] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 169.732352][ T7288] RIP: 0033:0x7f2479aa7407 [ 169.736877][ T7288] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 169.756512][ T7288] RSP: 002b:00007ffffeca66a0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000 [ 169.764953][ T7288] RAX: ffffffffffffffda RBX: 00007f247a211880 RCX: 00007f2479aa7407 [ 169.772953][ T7288] RDX: 0000000000001000 RSI: 00007ffffeca66f0 RDI: 0000000000000004 [ 169.780944][ T7288] RBP: 000056425f605730 R08: 0000000000000000 R09: 0000000000000000 [ 169.788942][ T7288] R10: 0000000000000000 R11: 0000000000000202 R12: 000056425f604930 [ 169.796938][ T7288] R13: 00007ffffeca66f0 R14: 0000000000000004 R15: 000056423262f4d8 [ 169.804943][ T7288] [ 169.808561][ T7288] Kernel Offset: disabled [ 169.812904][ T7288] Rebooting in 86400 seconds..