last executing test programs: 1.862002764s ago: executing program 0 (id=12530): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1f) 1.782737765s ago: executing program 0 (id=12532): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000900)=@newtaction={0x80, 0x30, 0xb, 0x5, 0x0, {}, [{0x6c, 0x1, [@m_ct={0x68, 0x1, 0x0, 0x0, {{0x7}, {0x40, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x80000001, 0x0, 0x0, 0x0, 0x400}}, @TCA_CT_LABELS={0x14, 0x7, "e142a1dc6b3a3dd0aaeb9317676b63d2"}, @TCA_CT_MARK={0x8, 0x5, 0x9}, @TCA_CT_MARK_MASK={0x8, 0x6, 0x8000}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x8890}, 0x40) 1.620953766s ago: executing program 0 (id=12535): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newchain={0x24, 0x1e, 0x1, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff3}, {0xc, 0xa}, {0x10, 0x6}}}, 0x24}}, 0x40) 1.448580603s ago: executing program 0 (id=12540): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xcc0, &(0x7f00000002c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c000c204e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0", @ANYRES64], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) 1.384887674s ago: executing program 2 (id=12541): r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000100)) 1.301744111s ago: executing program 1 (id=12543): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40002, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x38) 1.176593164s ago: executing program 2 (id=12545): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTACK(r0, 0x0, 0x0, &(0x7f00000007c0), 0x4) 1.115527709s ago: executing program 1 (id=12546): r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x83, 0x0, &(0x7f00000000c0)) 1.014234739s ago: executing program 2 (id=12547): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000400), 0x4) 954.775544ms ago: executing program 1 (id=12549): r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f00000004c0)=@urb_type_iso={0x0, {0x4}, 0x2, 0x2, 0x0, 0x0, 0x9, 0x4, 0x1, 0xdee0, 0x9ff6, 0x0, [{0xb, 0x3, 0x8001}]}) 885.520493ms ago: executing program 2 (id=12550): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40, 0x1400}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x2004}, @IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x1}]}}}]}, 0x44}}, 0x0) 805.974082ms ago: executing program 3 (id=12552): r0 = syz_open_dev$video4linux(&(0x7f0000000740), 0x5, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585604, &(0x7f00000001c0)={0x0, 0x1000000, {0x28, 0x64, 0x2025, 0x5, 0x1, 0x0, 0x1, 0x4}}) 788.687113ms ago: executing program 4 (id=12553): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x10b200, 0x0) ioctl$SW_SYNC_IOC_INC(r0, 0xc0105702, 0x0) 775.755386ms ago: executing program 1 (id=12554): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) accept4(r0, 0x0, 0x0, 0x80800) 697.152653ms ago: executing program 4 (id=12555): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_SET_NOTIFY(r0, 0x7cb, 0x0) 689.204599ms ago: executing program 3 (id=12556): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x45, &(0x7f0000000040)=[{&(0x7f00000000c0)="1c000000180081064e81f782db4cb904231d0800e5007c05e8fe55a1", 0x1c}], 0x1}, 0x0) 550.796879ms ago: executing program 1 (id=12557): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newtaction={0x64, 0x30, 0x1, 0x70bd27, 0x0, {}, [{0x50, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x4, 0x2, 0x4, 0x10}, 0x1}}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x20000000) 489.880794ms ago: executing program 4 (id=12558): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40001, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x99) 484.299921ms ago: executing program 3 (id=12559): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x24, 0x1, 0x1, 0x201, 0x0, 0x0, {0xa}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x435}]}, @CTA_TUPLE_REPLY={0x4}]}, 0x24}}, 0x0) 388.619944ms ago: executing program 1 (id=12560): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") lchown(&(0x7f0000001640)='./file0\x00', 0xffffffffffffffff, 0x0) 381.728282ms ago: executing program 4 (id=12561): r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000080)={0x0, 0x0, 0x1, 0x0}) 369.418973ms ago: executing program 2 (id=12562): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3c, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1, 0x1}}) 281.418404ms ago: executing program 3 (id=12563): r0 = fsopen(&(0x7f0000000000)='nilfs2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000080)='discard', &(0x7f0000000200)='\t', 0x1) 222.557859ms ago: executing program 4 (id=12564): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x24, 0x14, 0x1, 0x0, 0x0, {0x2c}, [@INET_DIAG_REQ_BYTECODE={0xd, 0x1, "f2e4c9d0cd987aae7f"}]}, 0x24}}, 0x0) 165.978438ms ago: executing program 0 (id=12565): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)="d80000001000810468f70082db44b904021d080b01000000e8fe55a11800150006001400000000120800040043000000a80016000a00014006000d00036010fab94dcf5c0461c1d67f6f94000534cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x20000004) 165.843696ms ago: executing program 2 (id=12566): syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000080)='./bus\x00', 0x0, &(0x7f0000000880)=ANY=[], 0x1, 0x1d2, &(0x7f0000000a40)="$eJzsmDGLE0EUx/8zm2xMqoidCAoGjIWb7AZBEItUKWwERbERF7OG6MbIZgsVJLG08ivoRxB7SWFrJ9jqwcE1B9dcc0XmmJ3JZbjs5hLuCIR7v2L2/2bezLy3M3mBBUEQ55at//v/Pn7evsiBUREVFHT/jnUkwQ3/6Pv96pXfLffns193//5o/Tm+3jUAQiy/v1x73LQQa1sIYzbDgTRlII/AUUERgJ3MuqldnoDB0fo5OB5rHYDhqdavDN2X/o7zshsGzot+2JaiLhtXNp5sGmZ8OQC7nxjaRnzMGB+8//DaD8Mgmhd29tBqYtH7S+JrctwDhKVDNM/LGalnHUNUdJ8LDlfrBhgean0HBf1u+Fz+l3P6uISY7pOe/96qSZaWcc7Lq5fpM8TgS/b0SyvEc8HsmQgFzuQU1yDYyZdyYwVGShQwG+Kbnak8qrXtVVZXY30JzuqH+MZww6ifOaN+1OLeW/m81e35naATvClN1MBtr5bUZtUuqH/FpD6VjPXzGb42s/HOj+PIVa20x/5XPRp5aRXXTuofR/W6spnuM0l+dmUm//pQtbSd4kcQBEEQBEEQBEEQBEEQBHE6roJBpDH9LKks70FiHAYAAP//bSVhTA==") creat(&(0x7f0000000040)='./bus\x00', 0x11) 161.931903ms ago: executing program 3 (id=12567): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xfffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in=@empty, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0) 85.324599ms ago: executing program 4 (id=12568): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x2, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x39, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r0, 0xffffffffffffffff, 0x39, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20) 19.613127ms ago: executing program 3 (id=12569): syz_mount_image$minix(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000100)=ANY=[], 0xa, 0x234, &(0x7f0000000900)="$eJzs279rE2Ecx/HPXS7pNdpWrDqIQlGsLjb+mBxE3Tr1H+hU2qjFE6tVsEWwWdRB6OTm4iQIDo4idRMn/wAHwU0pdgg4OfTkzvvR5JLmB5ecpO/X0ueez/Pkee7oJd82iQDsWVc1IUOGCt7BMfvA+riR9ZYA9Ikb/Ny23JgZhgAG282RrHcAIBtb16SXp6Rf1UfzyhXCssCrAL5tStqYfKo1Bbk5JOn1F8mK6oetinTUCnLD1nB9ffFKOh3ON4q14UNbqkjFKN+3IxyWKq7/+GdOhuvv14hGNZb38oMaD9ZfiOYfaVnvWJ2XSAAADBxDU63yXQeYur7olM81zfN+fr5pXvDzCy3yi9HxUNSafTHz4IN7edvLp+bvOAu7bRNAA2YX9//X43E71+L+t5rc//V/JwDov+WV1VtzjuM+lvxG+V7QEzTC/wjEPbnEmFQa4XsObQwO36FMRN5j7OjJJaevTybPPb2zMOONjUnqzYX6jxtqEH2f/ndNoh6zF1e+pnHi558nS8/fvW9n8NsOlzCj37rZjXK1boxMqYfnNZG4C+Ycu73pxprrdrhow6eL+MMBdtrPRAD6rXT/9lJpeWX17GJO0o1yPnzBn/6x6Vf2pZr6Pp/dTgGkLX7Rb5RWEj1u7eHMp8+/q5fePOti5SuSPha7mAgAAAAAAAAAAAAAAOoc0uGstwAAAACgT5Lf/rk7mvZXl7I+RwAAAAAAAAAAAAAAAAAABs3fAAAA///PtQqI") truncate(&(0x7f0000000080)='./file1\x00', 0x3) 0s ago: executing program 0 (id=12570): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000e00)=ANY=[@ANYBLOB="1c000000000605"], 0x1c}}, 0x0) kernel console output (not intermixed with test programs): k: 224 bytes leftover after parsing attributes in process `syz.1.10596'. [ 846.451081][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 846.460779][ T24] usb 5-1: config 0 has an invalid interface number: 104 but max is 1 [ 846.474276][ T24] usb 5-1: config 0 has an invalid interface number: 104 but max is 1 [ 846.495454][ T24] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 846.527813][ T24] usb 5-1: config 0 has no interface number 0 [ 846.547888][ T24] usb 5-1: config 0 interface 104 altsetting 0 endpoint 0x8 has an invalid bInterval 0, changing to 7 [ 846.574218][ T24] usb 5-1: config 0 interface 104 has no altsetting 1 [ 846.590707][ T24] usb 5-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00 [ 846.602871][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 846.631880][T31263] netlink: 'syz.1.10601': attribute type 1 has an invalid length. [ 846.648991][ T24] usb 5-1: Product: syz [ 846.655443][ T24] usb 5-1: Manufacturer: syz [ 846.663473][ T24] usb 5-1: SerialNumber: syz [ 846.681250][ T24] usb 5-1: config 0 descriptor?? [ 846.681258][T31263] netlink: 224 bytes leftover after parsing attributes in process `syz.1.10601'. [ 846.929111][ T24] asix 5-1:0.104 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 846.964499][ T24] asix 5-1:0.104: probe with driver asix failed with error -71 [ 847.005424][ T24] usb 5-1: USB disconnect, device number 30 [ 847.051083][ T5980] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 847.099178][T31305] loop2: detected capacity change from 0 to 256 [ 847.150777][T31305] FAT-fs (loop2): Directory bread(block 64) failed [ 847.157358][T31305] FAT-fs (loop2): Directory bread(block 65) failed [ 847.173866][T31300] loop1: detected capacity change from 0 to 4096 [ 847.187065][T31305] FAT-fs (loop2): Directory bread(block 66) failed [ 847.194701][T31305] FAT-fs (loop2): Directory bread(block 67) failed [ 847.201575][T31305] FAT-fs (loop2): Directory bread(block 68) failed [ 847.208693][T31305] FAT-fs (loop2): Directory bread(block 69) failed [ 847.216394][T31305] FAT-fs (loop2): Directory bread(block 70) failed [ 847.222933][T31305] FAT-fs (loop2): Directory bread(block 71) failed [ 847.230272][T31305] FAT-fs (loop2): Directory bread(block 72) failed [ 847.241122][ T5980] usb 1-1: config 0 has an invalid descriptor of length 26, skipping remainder of the config [ 847.246136][T31305] FAT-fs (loop2): Directory bread(block 73) failed [ 847.263264][ T5980] usb 1-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 847.312257][ T5980] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 847.325689][ T5980] usb 1-1: config 0 descriptor?? [ 847.336938][ T30] audit: type=1800 audit(2000000114.378:218): pid=31305 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.10612" name="file1" dev="loop2" ino=1048746 res=0 errno=0 [ 847.363545][ T5980] usb 1-1: bad CDC descriptors [ 847.564334][ T5980] usb 1-1: USB disconnect, device number 27 [ 847.577987][T31330] usb usb8: usbfs: process 31330 (syz.3.10619) did not claim interface 0 before use [ 847.754833][T31347] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 847.856110][ T30] audit: type=1326 audit(2000000114.858:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31357 comm="syz.2.10627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdccb8eec9 code=0x7ffc0000 [ 847.909974][ T30] audit: type=1326 audit(2000000114.858:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31357 comm="syz.2.10627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdccb8eec9 code=0x7ffc0000 [ 847.987508][ T30] audit: type=1326 audit(2000000114.885:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31357 comm="syz.2.10627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7efdccb8eec9 code=0x7ffc0000 [ 848.061118][ T30] audit: type=1326 audit(2000000114.885:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31357 comm="syz.2.10627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdccb8eec9 code=0x7ffc0000 [ 848.285190][T31387] loop1: detected capacity change from 0 to 8 [ 848.340765][T31387] SQUASHFS error: lzo decompression failed, data probably corrupt [ 848.373476][T31387] SQUASHFS error: Failed to read block 0x1dd: -5 [ 848.379877][T31387] SQUASHFS error: Unable to read metadata cache entry [1db] [ 848.463780][T31387] SQUASHFS error: Unable to read inode 0xa7 [ 848.472807][T31402] netlink: 'syz.4.10643': attribute type 21 has an invalid length. [ 848.535995][T31402] netlink: 128 bytes leftover after parsing attributes in process `syz.4.10643'. [ 848.654896][T31407] bond3 (unregistering): Released all slaves [ 848.701625][T31402] netlink: 'syz.4.10643': attribute type 4 has an invalid length. [ 848.716763][T31402] netlink: 3 bytes leftover after parsing attributes in process `syz.4.10643'. [ 848.773738][T31483] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10649'. [ 848.922751][T31496] netlink: 'syz.2.10653': attribute type 3 has an invalid length. [ 849.341552][T31528] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10666'. [ 849.727429][T31555] loop2: detected capacity change from 0 to 64 [ 849.776219][T31553] loop4: detected capacity change from 0 to 2048 [ 849.805397][T31553] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 849.862953][ T5938] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 850.530482][T31619] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 851.137723][T31666] netlink: 216 bytes leftover after parsing attributes in process `syz.4.10717'. [ 851.263717][T31674] netlink: 'syz.4.10721': attribute type 2 has an invalid length. [ 851.340431][T31674] : entered promiscuous mode [ 851.527851][ T6034] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 851.542137][T31699] QAT: failed to copy from user cfg_data. [ 851.671186][T31712] loop4: detected capacity change from 0 to 64 [ 851.709742][ T6034] usb 1-1: Using ep0 maxpacket: 32 [ 851.739709][ T6034] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 851.778372][ T6034] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 851.826417][ T6034] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 851.850122][ T6034] usb 1-1: config 1 has no interface number 0 [ 851.868900][ T6034] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 851.903042][ T6034] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 851.929208][ T6034] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 851.966572][ T6034] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 852.009224][ T6034] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 852.074710][ T6034] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 852.269719][T31752] loop4: detected capacity change from 0 to 164 [ 852.304707][ T6034] snd_usb_pod 1-1:1.1: cannot start listening: -90 [ 852.323928][ T6034] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 852.354482][ T6034] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -90 [ 852.405907][T31763] netlink: 'syz.1.10747': attribute type 3 has an invalid length. [ 852.414280][T31763] netlink: 224 bytes leftover after parsing attributes in process `syz.1.10747'. [ 852.486405][T31766] ieee802154 phy0 wpan0: encryption failed: -22 [ 852.579964][ T6034] usb 1-1: USB disconnect, device number 28 [ 852.741618][T31788] loop4: detected capacity change from 0 to 256 [ 852.812072][T31797] netlink: 'syz.3.10756': attribute type 1 has an invalid length. [ 852.829608][T31788] FAT-fs (loop4): Directory bread(block 64) failed [ 852.836200][T31788] FAT-fs (loop4): Directory bread(block 65) failed [ 852.869295][T31788] FAT-fs (loop4): Directory bread(block 66) failed [ 852.886508][T31788] FAT-fs (loop4): Directory bread(block 67) failed [ 852.909077][T31788] FAT-fs (loop4): Directory bread(block 68) failed [ 852.932986][T31788] FAT-fs (loop4): Directory bread(block 69) failed [ 852.950160][T31788] FAT-fs (loop4): Directory bread(block 70) failed [ 852.970461][T31788] FAT-fs (loop4): Directory bread(block 71) failed [ 852.977981][T31788] FAT-fs (loop4): Directory bread(block 72) failed [ 852.984533][T31788] FAT-fs (loop4): Directory bread(block 73) failed [ 853.139855][T31814] Scaler: ================= START STATUS ================= [ 853.158372][T31814] Scaler: ================== END STATUS ================== [ 853.322639][T31827] netlink: 'syz.0.10766': attribute type 1 has an invalid length. [ 853.389002][T31827] netlink: 'syz.0.10766': attribute type 1 has an invalid length. [ 853.655742][T31844] loop2: detected capacity change from 0 to 2048 [ 853.675041][T31844] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=27485, location=27485 [ 853.696965][T31844] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 854.131738][T31832] loop1: detected capacity change from 0 to 32768 [ 854.219752][T31832] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 854.304639][T31898] netlink: 'syz.0.10784': attribute type 2 has an invalid length. [ 854.313702][T31898] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10784'. [ 854.395871][T31905] loop2: detected capacity change from 0 to 128 [ 854.424569][T31832] XFS (loop1): Ending clean mount [ 854.424964][T31905] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 854.448491][T31903] netlink: 'syz.4.10785': attribute type 8 has an invalid length. [ 854.480663][T31832] XFS (loop1): Quotacheck needed: Please wait. [ 854.494187][T31905] FAT-fs (loop2): Filesystem has been set read-only [ 854.589460][T31832] XFS (loop1): Quotacheck: Done. [ 854.664245][ T5928] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 854.689619][ T5926] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 854.815193][T31930] netlink: del zone limit has 4 unknown bytes [ 854.960263][T31937] netlink: 'syz.0.10797': attribute type 8 has an invalid length. [ 855.021938][T31946] netlink: 'syz.2.10800': attribute type 1 has an invalid length. [ 855.030395][T31946] netlink: 15 bytes leftover after parsing attributes in process `syz.2.10800'. [ 855.270060][T31961] nbd: must specify a device to reconfigure [ 855.602510][T31984] new mount options do not match the existing superblock, will be ignored [ 856.206665][T31972] loop1: detected capacity change from 0 to 32768 [ 856.283557][T31972] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 856.487519][T31972] XFS (loop1): Ending clean mount [ 856.514337][T31972] XFS (loop1): Quotacheck needed: Please wait. [ 856.515077][T32004] loop2: detected capacity change from 0 to 32768 [ 856.550881][T32004] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 0 transid 8 /dev/loop2 (7:2) scanned by syz.2.10822 (32004) [ 856.708114][T31972] XFS (loop1): Quotacheck: Done. [ 856.727617][T13229] udevd[13229]: incorrect btrfs checksum on /dev/loop2 [ 856.836743][ T5926] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 856.989278][T32072] loop2: detected capacity change from 0 to 164 [ 857.002465][T32072] Unsupported NM flag settings (240) [ 857.202565][ T5980] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 857.307861][T32090] loop4: detected capacity change from 0 to 1024 [ 857.320298][T32090] EXT4-fs: inline encryption not supported [ 857.340940][T32090] EXT4-fs: Ignoring removed i_version option [ 857.382231][T32090] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 857.420946][ T5980] usb 1-1: too many configurations: 89, using maximum allowed: 8 [ 857.430766][T32090] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 2: comm syz.4.10848: lblock 2 mapped to illegal pblock 2 (length 1) [ 857.438806][ T5980] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 857.457355][ T5980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 857.466864][ T5980] usb 1-1: Product: syz [ 857.471121][ T5980] usb 1-1: Manufacturer: syz [ 857.476180][ T5980] usb 1-1: SerialNumber: syz [ 857.485033][T32090] __quota_error: 8 callbacks suppressed [ 857.485047][T32090] Quota error (device loop4): qtree_write_dquot: dquota write failed [ 857.502981][T32090] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 48: comm syz.4.10848: lblock 0 mapped to illegal pblock 48 (length 1) [ 857.524368][ T5980] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 857.543575][T32090] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 857.562422][T32090] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.10848: Failed to acquire dquot type 0 [ 857.613593][ T24] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 857.653389][T32090] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 857.674204][T32090] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.10848: mark_inode_dirty error [ 857.711563][T32090] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 857.739417][T32090] EXT4-fs (loop4): 1 orphan inode deleted [ 857.756641][ T12] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:0: lblock 1 mapped to illegal pblock 1 (length 1) [ 857.768225][T32090] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 857.810123][ T12] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 857.843442][ T12] EXT4-fs error (device loop4): ext4_release_dquot:6981: comm kworker/u8:0: Failed to release dquot type 0 [ 857.902540][T32090] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 857.934628][T32090] EXT4-fs error (device loop4): __ext4_get_inode_loc:4832: comm syz.4.10848: Invalid inode table block 1 in block_group 0 [ 857.988899][T32090] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 858.014816][T32090] EXT4-fs error (device loop4): ext4_quota_off:7229: inode #3: comm syz.4.10848: mark_inode_dirty error [ 858.097234][ T5980] usb 1-1: USB disconnect, device number 29 [ 858.251848][T32149] netlink: 'syz.3.10863': attribute type 11 has an invalid length. [ 858.335834][T32154] loop4: detected capacity change from 0 to 1024 [ 858.519587][ T1093] hfsplus: b-tree write err: -5, ino 4 [ 858.762706][ T24] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 858.769756][ T24] ath9k_htc: Failed to initialize the device [ 858.797424][ T5980] usb 1-1: ath9k_htc: USB layer deinitialized [ 859.389895][T32239] netlink: 'syz.1.10896': attribute type 1 has an invalid length. [ 859.445328][T32239] netlink: 10916 bytes leftover after parsing attributes in process `syz.1.10896'. [ 859.454667][T32239] nbd: couldn't find device at index 53 [ 859.654608][T32255] netlink: 'syz.1.10900': attribute type 21 has an invalid length. [ 859.811589][T32255] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10900'. [ 860.101409][T32247] loop2: detected capacity change from 0 to 32768 [ 860.141065][T32247] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.10897 (32247) [ 860.251960][T32247] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 860.281237][T32247] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 860.404112][T32247] BTRFS info (device loop2): enabling ssd optimizations [ 860.415339][T32247] BTRFS info (device loop2): enabling free space tree [ 860.452853][ T9] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 860.465945][ T30] audit: type=1326 audit(2000000126.497:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32319 comm="syz.0.10916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 860.513178][ T5928] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 860.540270][ T30] audit: type=1326 audit(2000000126.534:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32319 comm="syz.0.10916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 860.568327][ T30] audit: type=1326 audit(2000000126.534:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32319 comm="syz.0.10916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 860.597649][ T30] audit: type=1326 audit(2000000126.534:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32319 comm="syz.0.10916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 860.664586][T32331] qrtr: Invalid version 6 [ 860.691337][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 860.704979][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 860.717818][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 860.758828][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 860.782723][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 860.796593][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 860.807353][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 860.827861][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 860.943858][ T9] usb 2-1: config 0 descriptor?? [ 860.958787][T32290] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 861.270731][ C1] Bluetooth: hci5: Unexpected continuation: 1 bytes [ 861.278420][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.285579][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.293544][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.300471][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.307385][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.314410][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.321449][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.328388][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.335714][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.343482][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.351783][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.362327][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.369415][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.376563][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.383479][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.390471][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.397510][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.404377][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.411507][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.418441][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.425365][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.432396][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.439436][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.446278][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.453723][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.460591][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.467484][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.474486][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.481429][T30949] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 861.501987][ T5931] Bluetooth: hci5: Opcode 0x0c03 failed: -71 [ 861.502905][ T9] usb 2-1: USB disconnect, device number 12 [ 861.690684][T32380] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 861.975357][T32399] @: renamed from vlan0 (while UP) [ 862.190752][T32416] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10945'. [ 862.218973][T32416] netlink: 40 bytes leftover after parsing attributes in process `syz.2.10945'. [ 862.683498][T32450] bond2: option arp_validate: mode dependency failed, not supported in mode balance-tlb(5) [ 862.708341][T32450] bond2 (unregistering): Released all slaves [ 862.740558][T32389] 9pnet_fd: p9_fd_create_tcp (32389): problem connecting socket to 127.0.0.1 [ 862.768704][T32455] netlink: 32 bytes leftover after parsing attributes in process `syz.2.10958'. [ 862.803318][T32451] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 862.852369][T32494] macvtap0: entered allmulticast mode [ 862.857895][T32494] veth0_macvtap: entered allmulticast mode [ 862.922867][T32528] loop2: detected capacity change from 0 to 1764 [ 863.006379][T32528] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 863.360127][T32560] loop4: detected capacity change from 0 to 256 [ 863.375206][T32558] ip6erspan0: entered promiscuous mode [ 863.408679][T32560] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 863.602647][T32586] xt_hashlimit: max too large, truncated to 1048576 [ 863.738216][ T9] usb 5-1: new full-speed USB device number 31 using dummy_hcd [ 863.847000][T32634] netlink: 'syz.2.10986': attribute type 10 has an invalid length. [ 863.892257][T32634] team0: Port device dummy0 added [ 863.936487][ T9] usb 5-1: config 8 has an invalid interface number: 80 but max is 0 [ 863.963602][ T9] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 863.997935][ T9] usb 5-1: config 8 has no interface number 0 [ 864.009959][ T9] usb 5-1: config 8 interface 80 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 864.065111][ T9] usb 5-1: config 8 interface 80 altsetting 0 has an endpoint descriptor with address 0xFA, changing to 0x8A [ 864.082932][ T9] usb 5-1: config 8 interface 80 altsetting 0 endpoint 0x8A has invalid maxpacket 45699, setting to 64 [ 864.119197][ T9] usb 5-1: config 8 interface 80 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 14 [ 864.143219][ T9] usb 5-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c1.6f [ 864.183715][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 864.222378][ T30] audit: type=1326 audit(2000000129.958:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32659 comm="syz.0.10995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 864.259596][T32560] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 864.273290][ T30] audit: type=1326 audit(2000000129.958:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32659 comm="syz.0.10995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 864.274615][ T9] usb 5-1: NFC: intf ffff888060698000 id ffffffff8eb201c0 [ 864.305204][ T30] audit: type=1326 audit(2000000129.976:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32659 comm="syz.0.10995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 864.339582][ T30] audit: type=1326 audit(2000000129.976:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32659 comm="syz.0.10995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 864.354472][T32667] efs: cannot read volume header [ 864.398417][ T30] audit: type=1326 audit(2000000129.976:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32659 comm="syz.0.10995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 864.461662][ T9] nfcmrvl 5-1:8.80: NFC: registered with nci successfully [ 864.487850][T32676] netlink: 'syz.0.10998': attribute type 1 has an invalid length. [ 864.528058][ T9] usb 5-1: USB disconnect, device number 31 [ 864.535997][ T9] usb 5-1: NFC: intf ffff888060698000 [ 864.562209][T32678] loop1: detected capacity change from 0 to 512 [ 864.689460][T32678] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 864.785090][T32678] ext4 filesystem being mounted at /2100/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 864.841713][T32701] netlink: 'syz.3.11002': attribute type 2 has an invalid length. [ 864.865063][T32678] EXT4-fs error (device loop1): ext4_search_dir:1474: inode #2: block 3: comm syz.1.10999: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 864.994041][ T5926] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 865.049177][T32657] loop2: detected capacity change from 0 to 32768 [ 865.079530][T32657] (syz.2.10994,32657,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 865.139054][T32657] (syz.2.10994,32657,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 865.289269][T32657] JBD2: Ignoring recovery information on journal [ 865.442444][T32657] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 865.649805][ T5928] ocfs2: Unmounting device (7,2) on (node local) [ 865.656907][T32750] xt_recent: hitcount (4294901760) is larger than allowed maximum (65535) [ 865.895220][T32765] No source specified [ 865.974785][ T303] loop1: detected capacity change from 0 to 256 [ 866.074796][ T303] FAT-fs (loop1): Directory bread(block 64) failed [ 866.089819][ T315] netlink: 144 bytes leftover after parsing attributes in process `syz.2.11021'. [ 866.094047][ T303] FAT-fs (loop1): Directory bread(block 65) failed [ 866.125264][ T303] FAT-fs (loop1): Directory bread(block 66) failed [ 866.144768][ T303] FAT-fs (loop1): Directory bread(block 67) failed [ 866.169034][ T303] FAT-fs (loop1): Directory bread(block 68) failed [ 866.187968][ T303] FAT-fs (loop1): Directory bread(block 69) failed [ 866.198568][ T303] FAT-fs (loop1): Directory bread(block 70) failed [ 866.205231][ T303] FAT-fs (loop1): Directory bread(block 71) failed [ 866.212703][ T303] FAT-fs (loop1): Directory bread(block 72) failed [ 866.237810][ T303] FAT-fs (loop1): Directory bread(block 73) failed [ 866.294864][ T323] loop2: detected capacity change from 0 to 1024 [ 866.332868][ T323] hfsplus: failed to load root directory [ 866.570416][ T344] bridge4: the hash_elasticity option has been deprecated and is always 16 [ 866.891826][ T373] netlink: 'syz.2.11045': attribute type 1 has an invalid length. [ 866.910781][ T373] netlink: 224 bytes leftover after parsing attributes in process `syz.2.11045'. [ 867.062228][ T24] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 867.104077][ T393] netlink: 'syz.4.11051': attribute type 71 has an invalid length. [ 867.242199][ T407] loop4: detected capacity change from 0 to 8 [ 867.260956][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 867.296206][ T24] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 867.309447][ T407] SQUASHFS error: Unable to read inode 0x87 [ 867.331525][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 867.352324][ T24] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 867.375993][ T5885] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 867.383784][ T24] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 867.419290][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 867.431890][ T418] netlink: 'syz.0.11058': attribute type 3 has an invalid length. [ 867.439167][ T24] usb 2-1: config 0 descriptor?? [ 867.571365][ T5885] usb 4-1: Using ep0 maxpacket: 16 [ 867.593193][ T5885] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 867.614644][ T5885] usb 4-1: config 0 has no interface number 0 [ 867.620815][ T5885] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 867.655757][ T425] loop2: detected capacity change from 0 to 4096 [ 867.668277][ T24] hdpvr 2-1:0.0: firmware version 0x0 dated [ 867.680344][ T24] hdpvr 2-1:0.0: untested firmware, the driver might not work. [ 867.688112][ T5885] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 867.690268][ T425] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 867.698075][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 867.759921][ T5885] usb 4-1: Product: syz [ 867.772149][ T5885] usb 4-1: SerialNumber: syz [ 867.791503][ T5885] usb 4-1: config 0 descriptor?? [ 867.823238][ T425] ntfs3(loop2): ino=3, ntfs_set_state failed, -22. [ 867.829814][ T425] ntfs3(loop2): Failed to initialize $Extend/$Reparse. [ 867.830040][ T5885] cm109 4-1:0.8: invalid payload size 208, expected 4 [ 867.865303][ T5885] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input86 [ 867.898233][ T24] hdpvr 2-1:0.0: device init failed [ 867.917809][ T24] hdpvr 2-1:0.0: probe with driver hdpvr failed with error -12 [ 867.949969][ T425] ntfs3(loop2): ino=1e, mi_enum_attr [ 867.962045][ T425] ntfs3(loop2): ino=1e, mi_enum_attr [ 867.969092][ T425] ntfs3(loop2): ino=1e, mi_enum_attr [ 867.983852][ T24] usb 2-1: USB disconnect, device number 13 [ 868.101336][ T37] ntfs3(loop2): ino=3, ntfs3_write_inode failed, -22. [ 868.110677][ T5928] ntfs3(loop2): ino=3, ntfs_set_state failed, -22. [ 868.122964][ T5928] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 868.130174][ T5928] ntfs3(loop2): ino=3, ntfs_set_state failed, -22. [ 868.326967][ T476] overlayfs: cannot append lower layer [ 868.328363][ C1] cm109 4-1:0.8: cm109_urb_irq_callback: urb status -71 [ 868.340539][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 868.350753][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 868.360630][ T24] usb 4-1: USB disconnect, device number 36 [ 868.366730][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 868.366757][ C1] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 868.436533][ T24] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 868.830736][ T525] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 868.838026][ T525] IPv6: NLM_F_CREATE should be set when creating new route [ 868.845328][ T525] IPv6: NLM_F_CREATE should be set when creating new route [ 869.567000][ T579] tmpfs: Bad value for 'mpol' [ 869.597985][ T586] netlink: 'syz.1.11110': attribute type 10 has an invalid length. [ 869.612105][ T586] team0: Device dummy0 is up. Set it down before adding it as a team port [ 870.129747][ T624] netlink: 'syz.1.11124': attribute type 10 has an invalid length. [ 870.171996][ T624] bond0: (slave wlan1): Opening slave failed [ 870.197828][ T628] netlink: 'syz.2.11127': attribute type 30 has an invalid length. [ 870.225383][ T628] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11127'. [ 870.301466][ T30] audit: type=1326 audit(2000000135.579:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=638 comm="syz.0.11130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 870.401663][ T628] bond3: option arp_missed_max: mode dependency failed, not supported in mode 802.3ad(4) [ 870.432290][ T30] audit: type=1326 audit(2000000135.579:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=638 comm="syz.0.11130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 870.484642][ T628] bond3 (unregistering): Released all slaves [ 870.514912][ T678] loop4: detected capacity change from 0 to 164 [ 870.523487][ T30] audit: type=1326 audit(2000000135.579:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=638 comm="syz.0.11130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 870.598360][ T30] audit: type=1326 audit(2000000135.671:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=638 comm="syz.0.11130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 870.689882][ T30] audit: type=1326 audit(2000000135.671:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=638 comm="syz.0.11130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 870.825632][ T721] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 870.847234][ T30] audit: type=1326 audit(2000000136.077:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=722 comm="syz.0.11136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 870.894254][ T30] audit: type=1326 audit(2000000136.077:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=722 comm="syz.0.11136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 870.921183][ T30] audit: type=1326 audit(2000000136.077:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=722 comm="syz.0.11136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 870.994624][ T30] audit: type=1326 audit(2000000136.077:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=722 comm="syz.0.11136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 871.036524][ T30] audit: type=1326 audit(2000000136.077:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=722 comm="syz.0.11136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab5478eec9 code=0x7ffc0000 [ 871.058824][ C0] vkms_vblank_simulate: vblank timer overrun [ 871.130894][ T743] SET target dimension over the limit! [ 871.177384][ T746] loop1: detected capacity change from 0 to 64 [ 871.206656][ T746] hfs: unable to read tree header [ 871.217287][ T746] hfs: unable to open catalog tree [ 871.236978][ T746] hfs: can't find a HFS filesystem on dev loop1 [ 871.327709][ T757] netlink: 'syz.2.11146': attribute type 1 has an invalid length. [ 871.341449][ T6034] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 871.365875][ T757] netlink: 'syz.2.11146': attribute type 2 has an invalid length. [ 871.389000][ T757] netlink: 'syz.2.11146': attribute type 1 has an invalid length. [ 871.525704][ T6034] usb 5-1: Using ep0 maxpacket: 16 [ 871.543849][ T6034] usb 5-1: config 0 has an invalid interface number: 104 but max is 1 [ 871.579616][ T6034] usb 5-1: config 0 has an invalid interface number: 104 but max is 1 [ 871.591388][ T6034] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 871.600310][ T6034] usb 5-1: config 0 has no interface number 0 [ 871.617051][ T6034] usb 5-1: config 0 interface 104 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 871.629220][ T6034] usb 5-1: config 0 interface 104 has no altsetting 1 [ 871.645090][ T6034] usb 5-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00 [ 871.654174][ T6034] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 871.688037][ T6034] usb 5-1: Product: syz [ 871.691306][ T778] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 871.692262][ T6034] usb 5-1: Manufacturer: syz [ 871.732509][ T6034] usb 5-1: SerialNumber: syz [ 871.755418][ T6034] usb 5-1: config 0 descriptor?? [ 871.875548][ T788] loop1: detected capacity change from 0 to 764 [ 871.915001][ T788] Symlink component flag not implemented [ 871.938530][ T788] Symlink component flag not implemented [ 871.944497][ T788] Symlink component flag not implemented (129) [ 871.981555][ T6034] asix 5-1:0.104 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 871.993326][ T788] Symlink component flag not implemented (6) [ 872.016841][ T6034] asix 5-1:0.104: probe with driver asix failed with error -71 [ 872.055980][ T6034] usb 5-1: USB disconnect, device number 32 [ 872.113724][ T1093] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 872.958041][ T812] loop2: detected capacity change from 0 to 32768 [ 872.978838][ T812] BTRFS error: failed to parse compression option 'zlib:nobarrier' [ 873.138161][ T5973] udevd[5973]: incorrect btrfs checksum on /dev/loop2 [ 873.327353][ T874] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 873.656719][ T866] loop2: detected capacity change from 0 to 32768 [ 873.726895][ T5973] loop2: p9 p11 p16 [ 873.750080][ T866] loop2: p9 p11 p16 [ 874.149275][ T872] loop4: detected capacity change from 0 to 32768 [ 874.182300][ T872] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.11183 (872) [ 874.248160][ T7809] udevd[7809]: inotify_add_watch(7, /dev/loop2p16, 10) failed: No such file or directory [ 874.270710][ T6134] udevd[6134]: inotify_add_watch(7, /dev/loop2p11, 10) failed: No such file or directory [ 874.275502][ T5973] udevd[5973]: inotify_add_watch(7, /dev/loop2p9, 10) failed: No such file or directory [ 874.297571][ T872] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 874.324045][ T947] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not security [ 874.355669][ T7809] udevd[7809]: inotify_add_watch(7, /dev/loop2p16, 10) failed: No such file or directory [ 874.366562][ T6134] udevd[6134]: inotify_add_watch(7, /dev/loop2p11, 10) failed: No such file or directory [ 874.374951][ T872] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm [ 874.388704][ T5973] udevd[5973]: inotify_add_watch(7, /dev/loop2p9, 10) failed: No such file or directory [ 874.674046][ T872] BTRFS info (device loop4): enabling ssd optimizations [ 874.696524][ T872] BTRFS info (device loop4): enabling free space tree [ 874.779642][ T990] ./file0: Can't open blockdev [ 874.882515][ T5938] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 874.992700][ T1001] netlink: 'syz.1.11211': attribute type 7 has an invalid length. [ 874.994243][ T999] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 875.031410][ T1001] netlink: 'syz.1.11211': attribute type 8 has an invalid length. [ 875.224264][ T1013] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11213'. [ 875.249438][ T1016] loop1: detected capacity change from 0 to 64 [ 875.255983][ T1013] netlink: 'syz.4.11213': attribute type 1 has an invalid length. [ 875.546540][ T1041] netlink: 'syz.2.11223': attribute type 28 has an invalid length. [ 875.761730][ T24] usb 5-1: new full-speed USB device number 33 using dummy_hcd [ 875.782272][ T1055] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 875.810836][ T1055] netdevsim netdevsim0 netdevsim0: refused to change device tx_queue_len [ 875.947564][ T24] usb 5-1: unable to get BOS descriptor or descriptor too short [ 875.956079][ T24] usb 5-1: not running at top speed; connect to a high speed hub [ 875.978732][ T24] usb 5-1: config 3 has an invalid interface number: 106 but max is 0 [ 875.986962][ T24] usb 5-1: config 3 has no interface number 0 [ 876.006300][ T24] usb 5-1: config 3 interface 106 altsetting 10 endpoint 0xD has invalid maxpacket 512, setting to 64 [ 876.018494][ T24] usb 5-1: config 3 interface 106 altsetting 10 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 876.029754][ T24] usb 5-1: config 3 interface 106 has no altsetting 0 [ 876.099616][ T24] usb 5-1: New USB device found, idVendor=0d46, idProduct=2011, bcdDevice=e8.8a [ 876.121982][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 876.143895][ T24] usb 5-1: Product: syz [ 876.148099][ T24] usb 5-1: Manufacturer: syz [ 876.170891][ T24] usb 5-1: SerialNumber: syz [ 876.193054][ T1029] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 876.206083][ T1029] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 876.447356][ T1087] netlink: 32 bytes leftover after parsing attributes in process `syz.0.11235'. [ 876.473223][ T24] kobil_sct 5-1:3.106: KOBIL USB smart card terminal converter detected [ 876.512671][ T24] usb 5-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 876.548665][ T24] usb 5-1: USB disconnect, device number 33 [ 876.612080][ T24] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 876.647505][ T24] kobil_sct 5-1:3.106: device disconnected [ 876.830902][ T1131] Cannot find del_set index 2 as target [ 877.007194][ T1143] netlink: 32 bytes leftover after parsing attributes in process `syz.1.11251'. [ 877.122301][ T1151] loop2: detected capacity change from 0 to 16 [ 877.134655][ T1152] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11252'. [ 877.164012][ T1151] erofs (device loop2): mounted with root inode @ nid 36. [ 877.224907][T30949] Bluetooth: hci0: command tx timeout [ 877.272842][ T1163] trusted_key: encrypted_key: keylen parameter is missing [ 877.452508][ T1174] loop2: detected capacity change from 0 to 256 [ 878.326064][ T1235] CIFS: VFS: Malformed UNC in devname [ 878.364754][ T1240] loop4: detected capacity change from 0 to 1024 [ 878.503681][ T1240] hfsplus: invalid extended attribute record [ 878.671015][ T1256] vivid-000: disconnect [ 878.675724][ T1255] vivid-000: reconnect [ 878.681239][ T12] hfsplus: b-tree write err: -5, ino 4 [ 878.964001][ T1278] overlay: Unknown parameter '\' [ 879.091434][ T1284] netlink: 24 bytes leftover after parsing attributes in process `syz.3.11296'. [ 879.114889][ T1285] loop4: detected capacity change from 0 to 256 [ 879.242749][ T1285] FAT-fs (loop4): Directory bread(block 64) failed [ 879.249383][ T1285] FAT-fs (loop4): Directory bread(block 65) failed [ 879.286408][ T1285] FAT-fs (loop4): Directory bread(block 66) failed [ 879.298028][ T1285] FAT-fs (loop4): Directory bread(block 67) failed [ 879.318586][ T1285] FAT-fs (loop4): Directory bread(block 68) failed [ 879.328877][ T1285] FAT-fs (loop4): Directory bread(block 69) failed [ 879.328996][ T1285] FAT-fs (loop4): Directory bread(block 70) failed [ 879.329021][ T1285] FAT-fs (loop4): Directory bread(block 71) failed [ 879.329096][ T1285] FAT-fs (loop4): Directory bread(block 72) failed [ 879.329132][ T1285] FAT-fs (loop4): Directory bread(block 73) failed [ 879.411596][ T1306] loop1: detected capacity change from 0 to 1024 [ 879.477879][ C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 879.547803][ T1093] hfsplus: b-tree write err: -5, ino 4 [ 879.825798][ T1294] loop2: detected capacity change from 0 to 32768 [ 879.869025][ T1294] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.11299 (1294) [ 879.919586][ T1294] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 879.947169][ T1294] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 880.126607][ T1294] BTRFS info (device loop2): enabling ssd optimizations [ 880.149461][ T1294] BTRFS info (device loop2): turning on async discard [ 880.169162][ T1294] BTRFS info (device loop2): enabling free space tree [ 880.239242][ T1294] BTRFS warning (device loop2): can't clear the free_space_tree,compat_ro:1 feature bits while mounted [ 880.374532][ T5928] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 880.630196][ T1383] binder: 1380:1383 ioctl c0306201 0 returned -14 [ 880.786514][ T1395] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11326'. [ 880.854801][ T1400] netlink: 16 bytes leftover after parsing attributes in process `syz.1.11328'. [ 881.387213][ T1437] netlink: 'syz.4.11343': attribute type 46 has an invalid length. [ 881.415231][ T1437] netlink: 44 bytes leftover after parsing attributes in process `syz.4.11343'. [ 881.636602][ T1454] netlink: 892 bytes leftover after parsing attributes in process `syz.0.11350'. [ 881.700819][ T1462] netlink: 40 bytes leftover after parsing attributes in process `syz.4.11351'. [ 881.717828][ T1462] netlink: 88 bytes leftover after parsing attributes in process `syz.4.11351'. [ 881.933996][ T1482] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 882.082915][ T1491] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11363'. [ 882.490304][ T1520] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11375'. [ 882.630252][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 882.630269][ T30] audit: type=1326 audit(2000000146.950:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1527 comm="syz.4.11378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa92638eec9 code=0x7ffc0000 [ 882.661493][ T30] audit: type=1326 audit(2000000146.969:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1527 comm="syz.4.11378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa92638eec9 code=0x7ffc0000 [ 882.757076][ T30] audit: type=1326 audit(2000000146.969:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1527 comm="syz.4.11378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa92638eec9 code=0x7ffc0000 [ 882.779426][ C0] vkms_vblank_simulate: vblank timer overrun [ 882.790331][ T1532] netlink: 224 bytes leftover after parsing attributes in process `syz.3.11380'. [ 882.838809][ T30] audit: type=1326 audit(2000000146.969:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1527 comm="syz.4.11378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa92638eec9 code=0x7ffc0000 [ 882.844899][ T1493] loop1: detected capacity change from 0 to 32768 [ 882.912175][ T30] audit: type=1326 audit(2000000146.978:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1527 comm="syz.4.11378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=244 compat=0 ip=0x7fa92638eec9 code=0x7ffc0000 [ 882.983770][ T30] audit: type=1326 audit(2000000146.978:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1527 comm="syz.4.11378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa92638eec9 code=0x7ffc0000 [ 883.036107][ T30] audit: type=1326 audit(2000000146.978:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1527 comm="syz.4.11378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa92638eec9 code=0x7ffc0000 [ 883.103078][ T30] audit: type=1326 audit(2000000146.987:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1527 comm="syz.4.11378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fa92638eec9 code=0x7ffc0000 [ 883.186699][ T30] audit: type=1326 audit(2000000146.987:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1527 comm="syz.4.11378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fa92638eec9 code=0x7ffc0000 [ 883.396346][ T1554] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11387'. [ 883.592820][ T30] audit: type=1326 audit(2000000147.836:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1569 comm="syz.2.11393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdccb8eec9 code=0x7ffc0000 [ 884.044559][ T1621] loop4: detected capacity change from 0 to 1024 [ 884.347126][ T1649] random: crng reseeded on system resumption [ 884.520961][ T1660] exFAT-fs (nullb0): mounting with "discard" option, but the device does not support discard [ 884.573030][ T1659] loop4: detected capacity change from 0 to 4096 [ 884.581025][ T1660] exFAT-fs (nullb0): invalid boot record signature [ 884.587550][ T1660] exFAT-fs (nullb0): failed to read boot sector [ 884.635420][ T1659] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 884.648812][ T1660] exFAT-fs (nullb0): failed to recognize exfat type [ 884.709071][ T1659] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 884.827369][ T1591] loop1: detected capacity change from 0 to 32768 [ 884.856331][ T5938] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 885.238037][ T1702] tmpfs: Bad value for 'mpol' [ 885.766479][ T1736] netlink: 'syz.1.11439': attribute type 21 has an invalid length. [ 885.791352][ T1741] lo: left promiscuous mode [ 885.842585][ T1741] mac80211_hwsim hwsim8 wlan0: left promiscuous mode [ 886.010290][ T1755] netlink: 'syz.1.11447': attribute type 10 has an invalid length. [ 886.065022][ T1755] macvlan0: entered promiscuous mode [ 886.070362][ T1755] macvlan0: entered allmulticast mode [ 886.107322][ T1755] veth1_vlan: entered allmulticast mode [ 886.139586][ T1755] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 886.406048][ T1781] __nla_validate_parse: 3 callbacks suppressed [ 886.406065][ T1781] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11455'. [ 886.549642][ T1810] netlink: 'syz.0.11464': attribute type 6 has an invalid length. [ 886.569634][ T1783] bond1: Removing last ns target with arp_interval on [ 886.693519][ T1834] netlink: 'syz.1.11461': attribute type 5 has an invalid length. [ 887.123329][ T1869] loop4: detected capacity change from 0 to 256 [ 887.168123][ T1869] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 887.362094][ T1885] loop1: detected capacity change from 0 to 256 [ 887.468429][ T1885] FAT-fs (loop1): Directory bread(block 64) failed [ 887.495447][ T1885] FAT-fs (loop1): Directory bread(block 65) failed [ 887.536738][ T1885] FAT-fs (loop1): Directory bread(block 66) failed [ 887.570928][ T1885] FAT-fs (loop1): Directory bread(block 67) failed [ 887.577977][ T1885] FAT-fs (loop1): Directory bread(block 68) failed [ 887.580103][ T1900] xt_hashlimit: invalid rate [ 887.646792][ T1885] FAT-fs (loop1): Directory bread(block 69) failed [ 887.653441][ T1885] FAT-fs (loop1): Directory bread(block 70) failed [ 887.678461][ T1885] FAT-fs (loop1): Directory bread(block 71) failed [ 887.699293][ T1885] FAT-fs (loop1): Directory bread(block 72) failed [ 887.720307][ T1885] FAT-fs (loop1): Directory bread(block 73) failed [ 888.021300][ T1931] loop2: detected capacity change from 0 to 256 [ 888.052770][ T1931] exfat: Deprecated parameter 'utf8' [ 888.125922][ T1931] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 888.241107][ T1947] netlink: 'syz.4.11503': attribute type 21 has an invalid length. [ 888.280218][ T1947] netlink: 164 bytes leftover after parsing attributes in process `syz.4.11503'. [ 888.674306][ T1980] gre1: entered allmulticast mode [ 888.966559][ T2008] loop1: detected capacity change from 0 to 512 [ 889.060481][ T2008] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 889.075211][ T2017] netlink: 'syz.4.11528': attribute type 2 has an invalid length. [ 889.093619][ T2008] EXT4-fs (loop1): Remounting filesystem read-only [ 889.110661][ T2008] EXT4-fs (loop1): 1 truncate cleaned up [ 889.125741][ T2008] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 889.262228][ T5926] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 889.375225][ T2039] netlink: 'syz.1.11535': attribute type 3 has an invalid length. [ 889.384093][ T2039] netlink: 'syz.1.11535': attribute type 3 has an invalid length. [ 889.395046][ T2039] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11535'. [ 889.478956][ T2047] netlink: 84 bytes leftover after parsing attributes in process `syz.4.11539'. [ 889.510311][ T2047] netlink: 84 bytes leftover after parsing attributes in process `syz.4.11539'. [ 889.849717][ T2076] netlink: 64985 bytes leftover after parsing attributes in process `syz.4.11550'. [ 890.301857][ T2114] sctp: [Deprecated]: syz.0.11564 (pid 2114) Use of struct sctp_assoc_value in delayed_ack socket option. [ 890.301857][ T2114] Use struct sctp_sack_info instead [ 890.571635][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 890.571650][ T30] audit: type=1326 audit(2000000154.279:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2134 comm="syz.1.11571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 890.680386][ T30] audit: type=1326 audit(2000000154.307:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2134 comm="syz.1.11571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 890.749577][ T2145] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11575'. [ 890.754709][ T30] audit: type=1326 audit(2000000154.316:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2134 comm="syz.1.11571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 890.789551][ T2151] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 890.845258][ T30] audit: type=1326 audit(2000000154.316:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2134 comm="syz.1.11571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 890.907515][ T30] audit: type=1326 audit(2000000154.316:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2134 comm="syz.1.11571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 891.352966][ T2197] netlink: 'syz.3.11595': attribute type 21 has an invalid length. [ 891.357803][ T2199] loop4: detected capacity change from 0 to 128 [ 891.381569][ T2197] netlink: 'syz.3.11595': attribute type 20 has an invalid length. [ 891.417125][ T9] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 891.440438][ T2199] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c018, mo2=0002] [ 891.479278][ T2199] System zones: 1-3, 19-19, 35-36 [ 891.486377][ T2199] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 891.511040][ T2199] ext4 filesystem being mounted at /2251/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 891.535973][ T30] audit: type=1326 audit(2000000155.165:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2208 comm="syz.3.11598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35438eec9 code=0x7ffc0000 [ 891.590542][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 891.602237][ T9] usb 2-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 891.611323][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 891.623012][ T30] audit: type=1326 audit(2000000155.165:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2208 comm="syz.3.11598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35438eec9 code=0x7ffc0000 [ 891.632098][ T5938] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 891.666251][ T9] usb 2-1: Product: syz [ 891.678080][ T9] usb 2-1: Manufacturer: syz [ 891.686198][ T9] usb 2-1: SerialNumber: syz [ 891.694241][ T30] audit: type=1326 audit(2000000155.202:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2208 comm="syz.3.11598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7fd35438eec9 code=0x7ffc0000 [ 891.727812][ T9] usb 2-1: config 0 descriptor?? [ 891.761403][ T9] ssu100 2-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 891.805381][ T30] audit: type=1326 audit(2000000155.202:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2208 comm="syz.3.11598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35438eec9 code=0x7ffc0000 [ 891.839690][ T2226] binder: 2225:2226 ioctl 400c620e 200000000540 returned -22 [ 891.878444][ T30] audit: type=1326 audit(2000000155.202:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2208 comm="syz.3.11598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35438eec9 code=0x7ffc0000 [ 892.025125][ T2238] netlink: 'syz.4.11608': attribute type 3 has an invalid length. [ 892.033029][ T2238] netlink: 'syz.4.11608': attribute type 1 has an invalid length. [ 892.053720][ T2238] netlink: 220 bytes leftover after parsing attributes in process `syz.4.11608'. [ 892.203853][ T9] ssu100 2-1:0.0: probe with driver ssu100 failed with error -71 [ 892.222523][ T9] usb 2-1: USB disconnect, device number 14 [ 892.330092][ T2262] netlink: 'syz.0.11616': attribute type 46 has an invalid length. [ 893.094987][ T2257] loop2: detected capacity change from 0 to 32768 [ 893.148899][ T2257] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.11615 (2257) [ 893.234846][ T2290] netlink: 'syz.0.11627': attribute type 7 has an invalid length. [ 893.264245][ T2257] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 893.295249][ T2257] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 893.385256][ T2296] sctp: [Deprecated]: syz.1.11630 (pid 2296) Use of struct sctp_assoc_value in delayed_ack socket option. [ 893.385256][ T2296] Use struct sctp_sack_info instead [ 893.557061][ T2257] BTRFS info (device loop2): enabling ssd optimizations [ 893.573624][ T2257] BTRFS info (device loop2): enabling free space tree [ 893.589849][ T2327] netlink: 224 bytes leftover after parsing attributes in process `syz.1.11635'. [ 893.672827][ T24] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 893.695951][ T5928] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 893.854836][ T5999] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 893.876554][ T24] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 893.885840][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 893.931691][ T24] usb 5-1: config 0 descriptor?? [ 894.061419][ T5999] usb 4-1: Using ep0 maxpacket: 16 [ 894.092838][ T5999] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 894.104642][ T5999] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 894.128086][ T5999] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 894.137634][ T5999] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 894.148700][ T5999] usb 4-1: Product: syz [ 894.173587][ T5999] usb 4-1: Manufacturer: syz [ 894.178280][ T5999] usb 4-1: SerialNumber: syz [ 894.201613][ T24] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 894.307075][ T2368] validate_nla: 1 callbacks suppressed [ 894.307095][ T2368] netlink: 'syz.1.11644': attribute type 2 has an invalid length. [ 894.335589][ T2368] netlink: 119 bytes leftover after parsing attributes in process `syz.1.11644'. [ 894.412642][ T24] [drm:udl_init] *ERROR* Selecting channel failed [ 894.478575][ T24] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 894.494607][ T24] [drm] Initialized udl on minor 2 [ 894.512765][ T24] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 894.535688][ T24] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 894.543869][ T5885] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 894.562748][ T24] usb 5-1: USB disconnect, device number 34 [ 894.572760][ T5885] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 894.669609][ T5999] usb 4-1: cannot find UAC_HEADER [ 894.707568][ T2403] loop1: detected capacity change from 0 to 256 [ 894.712501][ T5999] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 894.735357][ T5999] usb 4-1: USB disconnect, device number 37 [ 894.782147][ T2403] FAT-fs (loop1): Directory bread(block 64) failed [ 894.798264][ T2403] FAT-fs (loop1): Directory bread(block 65) failed [ 894.804899][ T2403] FAT-fs (loop1): Directory bread(block 66) failed [ 894.833471][ T5973] udevd[5973]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 894.868224][ T2403] FAT-fs (loop1): Directory bread(block 67) failed [ 894.882047][ T2403] FAT-fs (loop1): Directory bread(block 68) failed [ 894.927456][ T2403] FAT-fs (loop1): Directory bread(block 69) failed [ 894.935997][ T2403] FAT-fs (loop1): Directory bread(block 70) failed [ 894.951210][ T2403] FAT-fs (loop1): Directory bread(block 71) failed [ 894.957847][ T2403] FAT-fs (loop1): Directory bread(block 72) failed [ 894.970769][ T2403] FAT-fs (loop1): Directory bread(block 73) failed [ 895.076232][ T2428] loop4: detected capacity change from 0 to 16 [ 895.084012][ T2428] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 895.608309][ T2460] loop1: detected capacity change from 0 to 4096 [ 895.651054][ T2460] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 895.661278][ T2423] loop2: detected capacity change from 0 to 32768 [ 895.809115][ T2460] ntfs3(loop1): ino=3, ntfs_set_state failed, -22. [ 895.828584][ T2460] ntfs3(loop1): Failed to initialize $Extend/$Reparse. [ 895.957849][ T2491] netlink: 'syz.2.11670': attribute type 1 has an invalid length. [ 895.988969][ T2491] netlink: 224 bytes leftover after parsing attributes in process `syz.2.11670'. [ 896.010257][T21327] ntfs3(loop1): ino=3, ntfs3_write_inode failed, -22. [ 896.023851][ T5926] ntfs3(loop1): ino=3, ntfs_set_state failed, -22. [ 896.054371][ T5926] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 896.076063][ T5926] ntfs3(loop1): ino=3, ntfs_set_state failed, -22. [ 896.130660][ T36] ntfs3(loop1): ino=3, ntfs3_write_inode failed, -22. [ 896.513956][ T2540] netlink: 'syz.1.11685': attribute type 1 has an invalid length. [ 896.891784][ T2570] xt_cgroup: xt_cgroup: no path or classid specified [ 896.980651][ T2576] netlink: 64 bytes leftover after parsing attributes in process `syz.3.11696'. [ 897.061477][ T2530] loop2: detected capacity change from 0 to 32768 [ 897.080340][ T2530] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.11681 (2530) [ 897.130043][ T2530] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 897.159338][ T2530] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 897.363340][ T2530] BTRFS info (device loop2): enabling ssd optimizations [ 897.400042][ T2530] BTRFS info (device loop2): enabling free space tree [ 897.559357][ T5928] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 897.992187][ T2571] loop4: detected capacity change from 0 to 40427 [ 898.016385][ T2571] F2FS-fs: heap/no_heap options were deprecated [ 898.032719][ T2571] F2FS-fs (loop4): build fault injection rate: 23 [ 898.058651][ T2571] F2FS-fs (loop4): build fault injection type: 0x3bfe8c [ 898.084816][ T2571] F2FS-fs (loop4): invalid crc value [ 898.129025][ T2571] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970 [ 898.384964][ T2571] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 898.439499][ T2571] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 898.485473][ T2571] F2FS-fs (loop4): inject slab alloc in f2fs_alloc_inode of alloc_inode+0x6a/0x1b0 [ 898.587252][ T2681] netlink: 6 bytes leftover after parsing attributes in process `syz.2.11720'. [ 898.633140][ T2681] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 898.666966][ T2683] bridge0: port 4(bond0) entered blocking state [ 898.695784][ T2683] bridge0: port 4(bond0) entered disabled state [ 898.713172][ T2683] bond0: entered allmulticast mode [ 898.726965][ T2683] bond_slave_1: entered allmulticast mode [ 898.735365][ T2683] bond0: entered promiscuous mode [ 898.740451][ T2683] bond_slave_1: entered promiscuous mode [ 898.753251][ T2683] bridge0: port 4(bond0) entered blocking state [ 898.759679][ T2683] bridge0: port 4(bond0) entered listening state [ 899.085319][ T2699] bond6: entered promiscuous mode [ 899.111898][ T2699] 8021q: adding VLAN 0 to HW filter on device bond6 [ 899.276733][ T2754] loop2: detected capacity change from 0 to 64 [ 899.436780][ T2763] netlink: 148 bytes leftover after parsing attributes in process `syz.0.11731'. [ 899.462357][ T2763] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 899.682339][ T2787] loop1: detected capacity change from 0 to 2048 [ 899.694014][ T2789] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11739'. [ 899.731983][ T2787] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 899.826647][ T2799] nfs: Deprecated parameter 'nointr' [ 900.008014][ T2865] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 900.347590][ T2888] vim2m vim2m.0: Fourcc format (0x31384142) invalid. [ 900.478879][ T2897] ip6t_srh: unknown srh match flags 4000 [ 900.674276][ T2907] netlink: 76 bytes leftover after parsing attributes in process `syz.4.11760'. [ 900.693570][ T2909] netlink: 'syz.0.11762': attribute type 21 has an invalid length. [ 900.702111][ T2907] netlink: 76 bytes leftover after parsing attributes in process `syz.4.11760'. [ 900.733304][ T2909] netlink: 'syz.0.11762': attribute type 1 has an invalid length. [ 900.745373][ T2909] netlink: 144 bytes leftover after parsing attributes in process `syz.0.11762'. [ 900.781643][ T2904] loop2: detected capacity change from 0 to 4096 [ 901.030264][ T2933] bridge8: entered promiscuous mode [ 901.048003][ T2891] loop1: detected capacity change from 0 to 32768 [ 901.074047][ T2891] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.11755 (2891) [ 901.114958][ T6034] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 901.156661][ T2891] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 901.188961][ T2891] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm [ 901.200748][ T9] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 901.308776][ T6034] usb 5-1: Using ep0 maxpacket: 32 [ 901.321873][ T6034] usb 5-1: config 0 has an invalid interface number: 66 but max is 1 [ 901.353088][ T6034] usb 5-1: config 0 has no interface number 1 [ 901.364441][ T2891] BTRFS info (device loop1): enabling ssd optimizations [ 901.376565][ T6034] usb 5-1: too many endpoints for config 0 interface 0 altsetting 5: 69, using maximum allowed: 30 [ 901.395631][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 901.405888][ T2891] BTRFS info (device loop1): enabling free space tree [ 901.428282][ T6034] usb 5-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 69 [ 901.452468][ T9] usb 3-1: New USB device found, idVendor=1ac7, idProduct=0001, bcdDevice=cc.19 [ 901.470864][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 901.479872][ T6034] usb 5-1: too many endpoints for config 0 interface 66 altsetting 107: 137, using maximum allowed: 30 [ 901.492442][ T9] usb 3-1: Product: syz [ 901.504756][ T9] usb 3-1: Manufacturer: syz [ 901.509395][ T9] usb 3-1: SerialNumber: syz [ 901.514120][ T6034] usb 5-1: config 0 interface 66 altsetting 107 has 0 endpoint descriptors, different from the interface descriptor's value: 137 [ 901.533364][ T6034] usb 5-1: config 0 interface 0 has no altsetting 0 [ 901.539387][ T5926] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 901.544951][ T9] usb 3-1: config 0 descriptor?? [ 901.563207][ T6034] usb 5-1: config 0 interface 66 has no altsetting 0 [ 901.579344][ T9] usbtouchscreen 3-1:0.0: probe with driver usbtouchscreen failed with error -32 [ 901.606252][ T6034] usb 5-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00 [ 901.633748][ T6034] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 901.648732][ T6034] usb 5-1: SerialNumber: syz [ 901.678049][ T6034] usb 5-1: config 0 descriptor?? [ 901.714039][ T6034] usb-storage 5-1:0.0: USB Mass Storage device detected [ 901.757662][ T6034] usb-storage 5-1:0.0: Quirks match for vid 152d pid 0539: 4000000 [ 901.886874][ T5999] usb 3-1: USB disconnect, device number 23 [ 901.943614][ T6034] usb-storage 5-1:0.66: USB Mass Storage device detected [ 901.982583][ T6034] usb-storage 5-1:0.66: Quirks match for vid 152d pid 0539: 4000000 [ 902.079295][ T3010] loop1: detected capacity change from 0 to 2048 [ 902.089119][ T6034] usb 5-1: USB disconnect, device number 35 [ 902.184733][ T3010] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 903.026177][ T3069] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11800'. [ 903.238376][ T30] audit: type=1326 audit(2000000165.983:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3080 comm="syz.3.11805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35438eec9 code=0x7ffc0000 [ 903.291806][ T3040] loop2: detected capacity change from 0 to 32768 [ 903.304540][ T30] audit: type=1326 audit(2000000166.001:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3080 comm="syz.3.11805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35438eec9 code=0x7ffc0000 [ 903.397227][ T30] audit: type=1326 audit(2000000166.010:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3080 comm="syz.3.11805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7fd35438eec9 code=0x7ffc0000 [ 903.425227][ T3093] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.11807'. [ 903.439936][ T3093] openvswitch: netlink: Missing key (keys=40, expected=80) [ 903.454020][ T30] audit: type=1326 audit(2000000166.010:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3080 comm="syz.3.11805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35438eec9 code=0x7ffc0000 [ 903.529884][ T30] audit: type=1326 audit(2000000166.010:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3080 comm="syz.3.11805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35438eec9 code=0x7ffc0000 [ 904.248011][ T3147] bridge3: entered promiscuous mode [ 904.312440][ T3156] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11833'. [ 904.506771][ T3174] netlink: 168 bytes leftover after parsing attributes in process `syz.0.11837'. [ 904.842421][ T3198] loop2: detected capacity change from 0 to 2048 [ 904.919481][ T3198] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 905.053579][ T3198] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.11843: bg 0: block 234: padding at end of block bitmap is not set [ 905.085561][ T3224] netlink: 'syz.4.11854': attribute type 21 has an invalid length. [ 905.096399][ T3226] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11852'. [ 905.110456][ T3224] netlink: 156 bytes leftover after parsing attributes in process `syz.4.11854'. [ 905.169515][ T3229] netlink: 'syz.3.11853': attribute type 12 has an invalid length. [ 905.229753][ T5928] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 905.693142][ T3269] loop2: detected capacity change from 0 to 2048 [ 905.720844][ T3269] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 905.789370][ T3269] syz.2.11863: attempt to access beyond end of device [ 905.789370][ T3269] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 905.804257][ T3282] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 905.884419][ T3269] NILFS error (device loop2): nilfs_check_folio: bad entry in directory #2: directory entry across blocks - offset=104, inode=16, rec_len=1816, name_len=0 [ 905.912416][ T3269] Remounting filesystem read-only [ 906.307268][ T3316] netlink: 20 bytes leftover after parsing attributes in process `syz.1.11877'. [ 906.712252][ T3343] netlink: 256 bytes leftover after parsing attributes in process `syz.4.11889'. [ 906.732765][ T30] audit: type=1326 audit(2000000169.195:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3344 comm="syz.2.11888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdccb8eec9 code=0x7ffc0000 [ 906.801676][ T30] audit: type=1326 audit(2000000169.195:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3344 comm="syz.2.11888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdccb8eec9 code=0x7ffc0000 [ 906.872647][ T30] audit: type=1326 audit(2000000169.222:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3344 comm="syz.2.11888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7efdccb8eec9 code=0x7ffc0000 [ 906.960387][ T30] audit: type=1326 audit(2000000169.222:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3344 comm="syz.2.11888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdccb8eec9 code=0x7ffc0000 [ 907.033619][ T30] audit: type=1326 audit(2000000169.222:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3344 comm="syz.2.11888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efdccb8eec9 code=0x7ffc0000 [ 907.227527][ T6034] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 907.408559][ T6034] usb 2-1: Using ep0 maxpacket: 8 [ 907.424640][ T6034] usb 2-1: unable to get BOS descriptor or descriptor too short [ 907.452338][ T6034] usb 2-1: config 8 interface 0 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 8 [ 907.464708][ T6034] usb 2-1: config 8 interface 0 has no altsetting 0 [ 907.475006][ T6034] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 907.490018][ T6034] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 907.506141][ T6034] usb 2-1: Product: syz [ 907.515241][ T6034] usb 2-1: Manufacturer: syz [ 907.520250][ T6034] usb 2-1: SerialNumber: syz [ 907.537430][ T3358] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 907.785330][ T6034] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 907.805174][ T6034] usb 2-1: selecting invalid altsetting 0 [ 907.962354][ T6034] usb 2-1: USB disconnect, device number 15 [ 908.513705][ T24] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 908.610012][ T3495] loop2: detected capacity change from 0 to 1024 [ 908.686953][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 908.701215][ T24] usb 5-1: config 0 has an invalid interface number: 74 but max is 1 [ 908.703292][ T3505] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11934'. [ 908.730452][ T24] usb 5-1: config 0 has no interface number 1 [ 908.731924][ T30] audit: type=1326 audit(2000000171.041:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3502 comm="syz.1.11933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ff00000 [ 908.743388][ T24] usb 5-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=8e.fa [ 908.772983][ T30] audit: type=1326 audit(2000000171.041:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3502 comm="syz.1.11933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ff00000 [ 908.792928][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 908.830474][ T24] usb 5-1: Product: syz [ 908.840300][ T24] usb 5-1: Manufacturer: syz [ 908.852127][ T30] audit: type=1326 audit(2000000171.041:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3502 comm="syz.1.11933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ff00000 [ 908.857814][ T24] usb 5-1: SerialNumber: syz [ 908.874475][ C0] vkms_vblank_simulate: vblank timer overrun [ 908.905754][ T3512] netlink: 'syz.2.11936': attribute type 3 has an invalid length. [ 908.910197][ T30] audit: type=1326 audit(2000000171.041:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3502 comm="syz.1.11933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ff00000 [ 908.937624][ T24] usb 5-1: config 0 descriptor?? [ 908.961647][ T30] audit: type=1326 audit(2000000171.041:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3502 comm="syz.1.11933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ff00000 [ 908.987802][ T30] audit: type=1326 audit(2000000171.041:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3502 comm="syz.1.11933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ff00000 [ 909.018522][ T24] snd-usb-audio 5-1:0.74: probe with driver snd-usb-audio failed with error -22 [ 909.056409][ T30] audit: type=1326 audit(2000000171.041:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3502 comm="syz.1.11933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ff00000 [ 909.081499][ T5973] udevd[5973]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.74/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 909.112259][ T30] audit: type=1326 audit(2000000171.041:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3502 comm="syz.1.11933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ff00000 [ 909.159152][ T30] audit: type=1326 audit(2000000171.041:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3502 comm="syz.1.11933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ff00000 [ 909.228155][ T30] audit: type=1326 audit(2000000171.041:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3502 comm="syz.1.11933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ff00000 [ 909.284901][ T24] usb 5-1: USB disconnect, device number 36 [ 909.714932][ T3566] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 910.214020][ T3600] loop4: detected capacity change from 0 to 16 [ 910.245315][ T3600] erofs (device loop4): mounted with root inode @ nid 36. [ 910.590518][ T3620] loop1: detected capacity change from 0 to 4096 [ 910.617792][ T3620] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 910.733155][ T3620] ntfs3(loop1): ino=19, mi_enum_attr [ 910.757360][ T3620] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 910.810655][ T9] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 910.994698][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 911.002741][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 911.013266][ T9] usb 3-1: config 0 has an invalid interface number: 88 but max is 0 [ 911.033027][ T9] usb 3-1: config 0 has no interface number 0 [ 911.045312][ T9] usb 3-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 911.061823][ T3652] loop1: detected capacity change from 0 to 24 [ 911.070032][ T3652] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 911.078098][ T9] usb 3-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0 [ 911.099878][ T3652] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 911.114101][ T9] usb 3-1: config 0 interface 88 has no altsetting 0 [ 911.129719][ T9] usb 3-1: language id specifier not provided by device, defaulting to English [ 911.133098][ T3652] romfs: read error for inode 0x30000 [ 911.143619][ T9] usb 3-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 911.154890][ T9] usb 3-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 911.163682][ T9] usb 3-1: Product: syz [ 911.171294][ T9] usb 3-1: SerialNumber: syz [ 911.189948][ T9] usb 3-1: config 0 descriptor?? [ 911.332564][ T3668] loop1: detected capacity change from 0 to 1024 [ 911.422424][ T3668] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 911.443488][ T3624] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 911.510376][ T9] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.88/input/input91 [ 911.556238][ T3687] netlink: 44 bytes leftover after parsing attributes in process `syz.4.11981'. [ 911.582190][ T9] usb 3-1: USB disconnect, device number 24 [ 911.630079][ T5926] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 911.692953][ T6134] udevd[6134]: Error opening device "/dev/input/event4": No such file or directory [ 911.707600][ T3694] IPVS: set_ctl: invalid protocol: 108 172.20.20.170:20003 [ 911.750733][ T6134] udevd[6134]: Unable to EVIOCGABS device "/dev/input/event4" [ 911.806614][ T6134] udevd[6134]: Unable to EVIOCGABS device "/dev/input/event4" [ 912.007390][ T3724] bond3: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 912.020088][ T3724] bond3 (unregistering): Released all slaves [ 912.067518][ T5980] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 912.242525][ T5980] usb 2-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 912.276196][ T5980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 912.318592][ T5980] usb 2-1: config 0 descriptor?? [ 912.353266][ T5980] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 912.366453][ T3810] loop2: detected capacity change from 0 to 256 [ 912.383646][ T3810] exfat: Deprecated parameter 'namecase' [ 912.400463][ T3810] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 912.439181][ T3810] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d) [ 912.454718][ T3818] snd_dummy snd_dummy.0: control 2:16:0:syz0:-3 is already present [ 912.773805][ T5980] gspca_sunplus: reg_w_riv err -71 [ 912.781265][ T5980] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 912.811945][ T5980] usb 2-1: USB disconnect, device number 16 [ 913.012810][ T3812] loop4: detected capacity change from 0 to 32768 [ 913.045198][ T3812] jfs_lookup: iget failed on inum 4 [ 913.363659][ T3865] loop2: detected capacity change from 0 to 736 [ 913.676213][ T3881] loop2: detected capacity change from 0 to 512 [ 913.693217][ T3881] EXT4-fs: Ignoring removed i_version option [ 913.713603][ T3881] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 913.761337][ T3881] EXT4-fs (loop2): 1 truncate cleaned up [ 913.780813][ T3881] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 914.011826][ T5928] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 914.121382][ T3908] loop2: detected capacity change from 0 to 256 [ 914.160664][ T3908] exfat: Deprecated parameter 'namecase' [ 914.166539][ T3908] exfat: Deprecated parameter 'utf8' [ 914.234329][ T3908] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 914.269580][ T3867] loop4: detected capacity change from 0 to 32768 [ 914.287581][ T3916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12031'. [ 914.318841][ T3867] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.12015 (3867) [ 914.415072][ T3867] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 914.472440][ T3867] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm [ 914.650007][ T3867] BTRFS info (device loop4): enabling ssd optimizations [ 914.667507][ T3867] BTRFS info (device loop4): enabling free space tree [ 914.864670][ T5938] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 915.173678][ T3977] netlink: 17 bytes leftover after parsing attributes in process `syz.1.12046'. [ 915.185431][ T3976] netlink: 'syz.4.12041': attribute type 21 has an invalid length. [ 915.424709][ T3992] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12051'. [ 915.523981][ T3997] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 915.537098][ C0] bridge0: port 4(bond0) entered learning state [ 915.605108][ T3999] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 915.831358][ T30] kauditd_printk_skb: 114 callbacks suppressed [ 915.831375][ T30] audit: type=1326 audit(2000000177.603:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4006 comm="syz.4.12057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa92638eec9 code=0x7ffc0000 [ 915.951141][ T30] audit: type=1326 audit(2000000177.612:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4006 comm="syz.4.12057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=198 compat=0 ip=0x7fa92638eec9 code=0x7ffc0000 [ 916.024575][ T30] audit: type=1326 audit(2000000177.612:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4006 comm="syz.4.12057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa92638eec9 code=0x7ffc0000 [ 916.035414][ T4024] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12062'. [ 916.086636][ T5980] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 916.111140][ T30] audit: type=1326 audit(2000000177.612:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4006 comm="syz.4.12057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa92638eec9 code=0x7ffc0000 [ 916.260059][ T5980] usb 4-1: Using ep0 maxpacket: 16 [ 916.285654][ T5980] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 916.312399][ T5980] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 916.337799][ T5980] usb 4-1: New USB device found, idVendor=1870, idProduct=0001, bcdDevice=94.47 [ 916.347320][ T5980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 916.351887][ T4045] netlink: 16 bytes leftover after parsing attributes in process `syz.1.12070'. [ 916.355319][ T5980] usb 4-1: Product: syz [ 916.355337][ T5980] usb 4-1: Manufacturer: syz [ 916.355350][ T5980] usb 4-1: SerialNumber: syz [ 916.384913][ T5980] usb 4-1: config 0 descriptor?? [ 916.405275][ T4009] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 916.574403][ T4060] netlink: 'syz.2.12074': attribute type 1 has an invalid length. [ 916.721126][ T5980] usb 4-1: USB disconnect, device number 38 [ 916.870870][ T4081] loop2: detected capacity change from 0 to 64 [ 917.180889][ T9] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 917.354894][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 917.365134][ T9] usb 1-1: config 0 interface 0 has no altsetting 0 [ 917.375533][ T9] usb 1-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82 [ 917.383077][ T30] audit: type=1326 audit(2000000179.025:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4114 comm="syz.3.12088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35438eec9 code=0x7ffc0000 [ 917.407001][ T9] usb 1-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10 [ 917.426039][ T9] usb 1-1: Product: syz [ 917.430715][ T9] usb 1-1: Manufacturer: syz [ 917.444744][ T30] audit: type=1326 audit(2000000179.080:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4114 comm="syz.3.12088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=74 compat=0 ip=0x7fd35438eec9 code=0x7ffc0000 [ 917.448578][ T9] usb 1-1: SerialNumber: syz [ 917.468953][ T30] audit: type=1326 audit(2000000179.080:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4114 comm="syz.3.12088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35438eec9 code=0x7ffc0000 [ 917.498635][ T24] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 917.516210][ T9] usb 1-1: config 0 descriptor?? [ 917.551669][ T30] audit: type=1326 audit(2000000179.080:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4114 comm="syz.3.12088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35438eec9 code=0x7ffc0000 [ 917.646142][ T4133] tmpfs: Bad value for 'mpol' [ 917.692386][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 917.699626][ T24] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 917.724527][ T24] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 917.744241][ T24] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 917.761683][ T24] usb 2-1: Product: syz [ 917.770514][ T24] usb 2-1: Manufacturer: syz [ 917.779804][ T24] usb 2-1: SerialNumber: syz [ 917.811335][ T24] usb 2-1: config 0 descriptor?? [ 917.824949][ T4102] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 917.828298][ T9] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 917.840035][ T24] hub 2-1:0.0: bad descriptor, ignoring hub [ 917.858478][ T24] hub 2-1:0.0: probe with driver hub failed with error -5 [ 917.917400][ T5973] udevd[5973]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 918.102757][ T24] usb 1-1: USB disconnect, device number 30 [ 918.244600][ T5980] usb 2-1: USB disconnect, device number 17 [ 918.578485][ T5980] usb 5-1: new full-speed USB device number 37 using dummy_hcd [ 918.760684][ T5980] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 918.804708][ T5980] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 918.814743][ T5980] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 918.845948][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 918.893427][ T5980] hub 5-1:4.0: USB hub found [ 919.050039][ T4238] loop1: detected capacity change from 0 to 128 [ 919.106110][ T5980] hub 5-1:4.0: 13 ports detected [ 919.115356][ T4240] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 919.131491][ T5980] usb 5-1: selecting invalid altsetting 1 [ 919.137241][ T5980] hub 5-1:4.0: Using single TT (err -22) [ 919.144505][ T5980] hub 5-1:4.0: insufficient power available to use all downstream ports [ 919.338088][ T5980] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 919.345077][ T5980] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 919.434589][ T5980] usb 5-1: USB disconnect, device number 37 [ 919.755326][ T4292] xt_cgroup: path and classid specified [ 920.482619][ T4359] fuse: Invalid rootmode [ 920.549643][ T4364] loop1: detected capacity change from 0 to 1024 [ 920.582371][ T4364] hfsplus: Filesystem is marked locked, mounting read-only. [ 920.608812][ T4364] hfsplus: invalid catalog entry type in lookup [ 920.637015][ T6034] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 920.658750][ T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 920.685638][ T4373] loop4: detected capacity change from 0 to 128 [ 920.705321][ T4373] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 920.744659][ T4373] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 920.821475][ T6034] usb 4-1: Using ep0 maxpacket: 8 [ 920.844750][ T6034] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 920.857380][ T9] usb 3-1: config 0 has an invalid interface number: 205 but max is 0 [ 920.875811][ T6034] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 920.886028][ T9] usb 3-1: config 0 has no interface number 0 [ 920.905832][ T6034] usb 4-1: Product: syz [ 920.914267][ T6034] usb 4-1: Manufacturer: syz [ 920.922757][ T9] usb 3-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=d9.bc [ 920.937383][ T6034] usb 4-1: SerialNumber: syz [ 920.948344][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 920.960720][ T9] usb 3-1: Product: syz [ 920.970237][ T9] usb 3-1: Manufacturer: syz [ 920.976645][ T6034] usb 4-1: config 0 descriptor?? [ 920.982346][ T9] usb 3-1: SerialNumber: syz [ 921.006772][ T6034] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 921.021407][ T9] usb 3-1: config 0 descriptor?? [ 921.031719][ T9] gspca_main: stk014-2.14.0 probing 05e1:0893 [ 921.038987][ T9] usb 3-1: selecting invalid altsetting 1 [ 921.250555][ T9] gspca_stk014: init reg: 0x00 [ 921.262224][ T9] stk014 3-1:0.205: probe with driver stk014 failed with error -5 [ 921.322546][ T981] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 921.325120][ T4425] loop1: detected capacity change from 0 to 256 [ 921.354570][ T24] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 921.374393][ T4425] FAT-fs (loop1): Directory bread(block 64) failed [ 921.380962][ T4425] FAT-fs (loop1): Directory bread(block 65) failed [ 921.388859][ T4425] FAT-fs (loop1): Directory bread(block 66) failed [ 921.397381][ T4425] FAT-fs (loop1): Directory bread(block 67) failed [ 921.403990][ T4425] FAT-fs (loop1): Directory bread(block 68) failed [ 921.411191][ T4425] FAT-fs (loop1): Directory bread(block 69) failed [ 921.418258][ T4425] FAT-fs (loop1): Directory bread(block 70) failed [ 921.424792][ T4425] FAT-fs (loop1): Directory bread(block 71) failed [ 921.431629][ T4425] FAT-fs (loop1): Directory bread(block 72) failed [ 921.438165][ T4425] FAT-fs (loop1): Directory bread(block 73) failed [ 921.440519][ T6034] gspca_sonixj: reg_r err -71 [ 921.455745][ T6034] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 921.469428][ T6034] usb 4-1: USB disconnect, device number 39 [ 921.485532][ T5999] usb 3-1: USB disconnect, device number 25 [ 921.494824][ T981] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 921.509320][ T981] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 921.536219][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 921.543374][ T981] usb 5-1: config 0 descriptor?? [ 921.552800][ T24] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 921.563003][ T981] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 921.581076][ T24] usb 1-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config [ 921.593613][ T24] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 921.603133][ T24] usb 1-1: config 1 has no interface number 1 [ 921.609660][ T24] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 921.623344][ T24] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 52, changing to 7 [ 921.636517][ T24] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 9272, setting to 1024 [ 921.650238][ T24] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 921.666534][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 921.675642][ T24] usb 1-1: Product: syz [ 921.687617][ T24] usb 1-1: Manufacturer: syz [ 921.693773][ T24] usb 1-1: SerialNumber: syz [ 921.934937][ T24] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor [ 921.943100][ T24] usb 1-1: found format II with max.bitrate = 0, frame size=0 [ 921.948068][ T6034] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 921.950811][ T24] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 921.978438][ T24] usb 1-1: USB disconnect, device number 31 [ 921.992008][ T981] gspca_stv06xx: I2C: Read error writing address: -71 [ 922.006310][ T981] usb 5-1: USB disconnect, device number 38 [ 922.011500][ T5973] udevd[5973]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 922.123074][ T6034] usb 2-1: Using ep0 maxpacket: 16 [ 922.131309][ T4480] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 922.135057][ T6034] usb 2-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=ff.76 [ 922.138435][ T4480] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 922.162602][ T6034] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 922.172530][ T6034] usb 2-1: Product: syz [ 922.177129][ T6034] usb 2-1: Manufacturer: syz [ 922.181737][ T6034] usb 2-1: SerialNumber: syz [ 922.192480][ T6034] usb 2-1: config 0 descriptor?? [ 922.299476][ T4490] bond3: option primary_reselect: invalid value (13) [ 922.308665][ T4490] bond3 (unregistering): Released all slaves [ 922.462071][ T6034] usb_8dev 2-1:0.0 can0: sending command message failed [ 922.481296][ T6034] usb_8dev 2-1:0.0 can0: can't get firmware version [ 922.545387][ T6034] usb_8dev 2-1:0.0: probe with driver usb_8dev failed with error -22 [ 922.596698][ T6034] usb 2-1: USB disconnect, device number 18 [ 922.717161][ T24] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 922.922212][ T4600] loop2: detected capacity change from 0 to 4096 [ 922.942203][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 922.951392][ T24] usb 4-1: New USB device found, idVendor=25c6, idProduct=9002, bcdDevice=41.ba [ 922.971761][ T4600] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 922.985109][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 923.012056][ T24] usb 4-1: Product: syz [ 923.016252][ T24] usb 4-1: Manufacturer: syz [ 923.038775][ T4600] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 923.049805][ T24] usb 4-1: SerialNumber: syz [ 923.070783][ T24] usb 4-1: config 0 descriptor?? [ 923.168813][ T4609] loop1: detected capacity change from 0 to 512 [ 923.239302][ T4609] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 923.338341][ T4609] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 923.374895][ T4597] loop4: detected capacity change from 0 to 32768 [ 923.387174][ T24] snd-usb-hiface 4-1:0.0: probe with driver snd-usb-hiface failed with error -22 [ 923.445059][ T4609] ext4 filesystem being mounted at /2336/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 923.493099][ T4597] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 923.569211][ T4609] EXT4-fs error (device loop1): ext4_get_verity_descriptor_location:335: inode #15: comm syz.1.12192: verity file corrupted; can't find descriptor [ 923.601834][ T6034] usb 4-1: USB disconnect, device number 40 [ 923.658810][ T4597] XFS (loop4): Ending clean mount [ 923.731866][ T4609] EXT4-fs (loop1): Remounting filesystem read-only [ 923.799744][ T4609] fs-verity (loop1, inode 15): Error -117 getting verity descriptor size [ 923.813533][ T5938] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 923.885519][ T5926] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 924.806794][ T4654] loop4: detected capacity change from 0 to 32768 [ 924.882820][ T4654] JBD2: Ignoring recovery information on journal [ 924.940410][ T4671] loop2: detected capacity change from 0 to 32768 [ 924.993853][ T4671] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 925.036096][ T4654] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 925.152239][ T4716] netlink: 'syz.0.12220': attribute type 21 has an invalid length. [ 925.175152][ T4654] OCFS2: ERROR (device loop4): int ocfs2_xattr_find_entry(struct inode *, int, const char *, struct ocfs2_xattr_search *): corrupted xattr entries [ 925.175327][ T4654] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 925.263291][ T4654] OCFS2: File system is now read-only. [ 925.287874][ T4654] (syz.4.12200,4654,1):ocfs2_calc_xattr_init:638 ERROR: status = -117 [ 925.311614][ T4654] (syz.4.12200,4654,1):ocfs2_mknod:337 ERROR: status = -117 [ 925.319414][ T4671] XFS (loop2): Ending clean mount [ 925.351027][ T4654] (syz.4.12200,4654,1):ocfs2_mknod:505 ERROR: status = -117 [ 925.485318][ T5938] ocfs2: Unmounting device (7,4) on (node local) [ 925.493849][ T5928] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 925.564699][ T4734] netlink: 9 bytes leftover after parsing attributes in process `syz.0.12228'. [ 925.590599][ T4734] 0·: renamed from hsr0 (while UP) [ 925.638740][ T4734] 0·: entered allmulticast mode [ 925.653467][ T4734] hsr_slave_0: entered allmulticast mode [ 925.708634][ T4734] hsr_slave_1: entered allmulticast mode [ 925.730055][ T4734] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 925.757957][ T4744] netlink: 'syz.3.12230': attribute type 32 has an invalid length. [ 925.929639][ T4751] loop2: detected capacity change from 0 to 164 [ 925.984641][ T4751] ISOFS: unable to read i-node block [ 925.999996][ T4751] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 927.084063][ T24] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 927.260433][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 927.291506][ T24] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 927.311793][ T24] usb 5-1: config 0 has no interface number 0 [ 927.320658][ T24] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 927.354425][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 927.362452][ T24] usb 5-1: Product: syz [ 927.386759][ T24] usb 5-1: Manufacturer: syz [ 927.391438][ T24] usb 5-1: SerialNumber: syz [ 927.417787][ T24] usb 5-1: config 0 descriptor?? [ 927.435849][ T24] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 927.462858][ T24] usb 5-1: selecting invalid altsetting 1 [ 927.468615][ T24] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 927.513142][ T24] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 927.549774][ T24] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 927.558095][ T24] usb 5-1: media controller created [ 927.618177][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 927.705732][ T24] usb 5-1: DVB: registering adapter 2 frontend 0 (Zarlink ZL10353 DVB-T)... [ 927.726222][ T24] dvbdev: dvb_create_media_entity: media entity 'Zarlink ZL10353 DVB-T' registered. [ 927.836990][ T24] DVB: Unable to find symbol mxl5005s_attach() [ 927.890074][ T4854] loop1: detected capacity change from 0 to 32768 [ 927.909812][ T4854] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.12267 (4854) [ 927.922957][ T24] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 927.944800][ T4854] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 927.988807][ T4854] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 928.051579][ T24] usb 5-1: USB disconnect, device number 39 [ 928.192134][ T4854] BTRFS info (device loop1): enabling ssd optimizations [ 928.215566][ T4854] BTRFS info (device loop1): enabling free space tree [ 928.264466][ T4854] BTRFS info (device loop1): use zstd compression, level 3 [ 928.418422][ T5926] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 928.894505][ T4963] netlink: 20 bytes leftover after parsing attributes in process `syz.1.12286'. [ 928.925566][ T24] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 929.103159][ T24] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 929.131672][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 929.156956][ T24] usb 5-1: Product: syz [ 929.161155][ T24] usb 5-1: Manufacturer: syz [ 929.178495][ T24] usb 5-1: SerialNumber: syz [ 929.204196][ T24] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 929.240348][ T5999] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 929.330439][ T4955] loop2: detected capacity change from 0 to 32768 [ 929.380472][ T4955] ERROR: (device loop2): dbAllocNext: Corrupt dmap page [ 929.380472][ T4955] [ 929.488713][ T981] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 929.505490][ C1] usb 5-1: ath: unknown panic pattern! [ 929.521323][ T6034] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 929.630682][ T5000] loop2: detected capacity change from 0 to 4096 [ 929.675804][ T981] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 929.690440][ T5004] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 929.694914][ T981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 929.716639][ T6034] usb 1-1: too many configurations: 241, using maximum allowed: 8 [ 929.742501][ T24] usb 5-1: USB disconnect, device number 40 [ 929.748433][ T981] usb 4-1: Product: syz [ 929.763215][ T981] usb 4-1: Manufacturer: syz [ 929.768375][ T981] usb 4-1: SerialNumber: syz [ 929.785659][ T6034] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 929.806621][ T6034] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 929.818506][ T981] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 929.821659][ T5000] NILFS (loop2): nilfs_palloc_commit_free_entry (ino=6): entry number 14 already freed [ 929.836224][ T6034] usb 1-1: Product: syz [ 929.846735][ T6034] usb 1-1: Manufacturer: syz [ 929.863058][ T6034] usb 1-1: SerialNumber: syz [ 929.873094][ T9] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 929.909816][ T6034] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 929.938297][ T981] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 930.215869][ C0] usb 1-1: ath9k_htc: invalid pkt_len (fffb) [ 930.380376][ T6034] usb 4-1: USB disconnect, device number 41 [ 930.446328][ T5999] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 930.466788][ T5870] usb 1-1: USB disconnect, device number 32 [ 930.485977][ T5999] ath9k_htc: Failed to initialize the device [ 930.517158][ T24] usb 5-1: ath9k_htc: USB layer deinitialized [ 930.782264][ T5035] loop2: detected capacity change from 0 to 32768 [ 930.796150][ T5035] (syz.2.12309,5035,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 930.811333][ T5035] (syz.2.12309,5035,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 930.862450][ T5035] JBD2: Ignoring recovery information on journal [ 930.938688][ T5077] netlink: 220 bytes leftover after parsing attributes in process `syz.4.12318'. [ 931.035566][ T5035] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 931.102892][ T30] audit: type=1326 audit(2000000191.679:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5080 comm="syz.1.12319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 931.144503][ T981] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 931.182728][ T981] ath9k_htc: Failed to initialize the device [ 931.203233][ T30] audit: type=1326 audit(2000000191.679:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5080 comm="syz.1.12319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 931.203427][ T5870] usb 1-1: ath9k_htc: USB layer deinitialized [ 931.254254][ T5086] netlink: 'syz.3.12320': attribute type 2 has an invalid length. [ 931.310383][ T9] usb 4-1: Service connection timeout for: 256 [ 931.318380][ T9] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services [ 931.346781][ T30] audit: type=1326 audit(2000000191.688:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5080 comm="syz.1.12319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 931.375257][ T9] ath9k_htc: Failed to initialize the device [ 931.395913][ T6034] usb 4-1: ath9k_htc: USB layer deinitialized [ 931.434927][ T5928] ocfs2: Unmounting device (7,2) on (node local) [ 931.501878][ T30] audit: type=1326 audit(2000000191.688:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5080 comm="syz.1.12319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 931.633767][ T30] audit: type=1326 audit(2000000191.688:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5080 comm="syz.1.12319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 931.728431][ T30] audit: type=1326 audit(2000000191.864:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5090 comm="syz.1.12323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 931.807688][ T30] audit: type=1326 audit(2000000191.864:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5090 comm="syz.1.12323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 931.886746][ T30] audit: type=1326 audit(2000000191.873:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5090 comm="syz.1.12323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=30 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 931.958739][ T30] audit: type=1326 audit(2000000191.873:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5090 comm="syz.1.12323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 932.036994][ T30] audit: type=1326 audit(2000000191.873:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5090 comm="syz.1.12323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f762778eec9 code=0x7ffc0000 [ 932.157784][ T5150] loop4: detected capacity change from 0 to 256 [ 932.186366][ C0] bridge0: port 4(bond0) entered forwarding state [ 932.192824][ C0] bridge0: topology change detected, propagating [ 932.294880][ T9] usb 1-1: new full-speed USB device number 33 using dummy_hcd [ 932.364097][ T5165] xt_limit: Overflow, try lower: 268435456/134217728 [ 932.524752][ T9] usb 1-1: config index 0 descriptor too short (expected 69, got 36) [ 932.533231][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 932.580374][ T9] usb 1-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 932.589797][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 932.597811][ T9] usb 1-1: Product: syz [ 932.629508][ T9] usb 1-1: Manufacturer: syz [ 932.635149][ T9] usb 1-1: SerialNumber: syz [ 932.664979][ T9] usb 1-1: config 0 descriptor?? [ 932.682707][ T5187] loop1: detected capacity change from 0 to 1024 [ 932.684013][ T9] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 932.716594][ T5187] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 932.991391][ T5204] bridge0: port 2(bridge_slave_1) entered disabled state [ 933.000199][ T5204] bridge0: port 1(bridge_slave_0) entered disabled state [ 933.027365][ T5211] loop4: detected capacity change from 0 to 64 [ 933.077736][ T5204] team0: Port device bridge0 removed [ 933.118811][ T9] gspca_pac7302: reg_w() failed i: 78 v: 00 error -71 [ 933.138593][ T9] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 933.165448][ T5204] team0: Port device dummy0 removed [ 933.196660][ T5204] bridge_slave_0: left allmulticast mode [ 933.205929][ T9] usb 1-1: USB disconnect, device number 33 [ 933.216134][ T5204] bridge_slave_0: left promiscuous mode [ 933.246924][ T5204] bridge0: port 1(bridge_slave_0) entered disabled state [ 933.295893][ T5232] netlink: 'syz.4.12358': attribute type 21 has an invalid length. [ 933.306229][ T5204] bridge_slave_1: left allmulticast mode [ 933.322910][ T5204] bridge_slave_1: left promiscuous mode [ 933.340403][ T5204] bridge0: port 2(bridge_slave_1) entered disabled state [ 933.354488][ T5204] bond0: (slave bond_slave_0): Releasing backup interface [ 933.376085][ T5204] bond0: (slave bond_slave_1): Releasing backup interface [ 933.405398][ T5204] team0: Port device team_slave_0 removed [ 933.430301][ T5204] team0: Port device team_slave_1 removed [ 933.442292][ T5204] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 933.450521][ T5204] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 933.461367][ T5204] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 933.469586][ T5204] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 933.483007][ T5204] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 933.511025][ T5232] netlink: 132 bytes leftover after parsing attributes in process `syz.4.12358'. [ 933.542655][ T5235] geneve2: entered allmulticast mode [ 933.552484][ T12] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 933.566822][ T12] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 933.604094][ T12] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 933.639112][ T12] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 933.674642][ T5250] loop1: detected capacity change from 0 to 16 [ 933.707066][ T5250] erofs (device loop1): mounted with root inode @ nid 36. [ 933.750640][ T5250] erofs (device loop1): readahead error at folio 2 @ nid 89 [ 933.768430][ T5999] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 933.774754][T30949] erofs (device loop1): failed to decompress -5 in[4096, 0] out[4868] [ 933.793341][ T5250] erofs (device loop1): failed to decompress -5 in[4096, 0] out[4096] [ 933.834723][ T5262] loop2: detected capacity change from 0 to 8 [ 933.842641][ T5250] erofs (device loop1): read error -117 @ 0 of nid 89 [ 933.877540][ T5262] SQUASHFS error: zstd decompression error: 10 [ 933.909106][ T5262] SQUASHFS error: zstd decompression failed, data probably corrupt [ 933.944370][ T5999] usb 4-1: config 0 has an invalid interface number: 83 but max is 0 [ 933.952561][ T5262] SQUASHFS error: Failed to read block 0x62b: -5 [ 933.952605][ T5262] SQUASHFS error: Unable to read metadata cache entry [629] [ 933.952620][ T5262] SQUASHFS error: Unable to read directory block [629:ff26] [ 934.017377][ T5999] usb 4-1: config 0 has no interface number 0 [ 934.023595][ T5999] usb 4-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61 [ 934.032774][ T5999] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 934.047952][ T5999] usb 4-1: config 0 descriptor?? [ 934.077336][ T5999] ttusbir 4-1:0.83: cannot find expected altsetting [ 934.099385][ T5279] loop1: detected capacity change from 0 to 256 [ 934.197018][ T5279] FAT-fs (loop1): Directory bread(block 64) failed [ 934.211482][ T5279] FAT-fs (loop1): Directory bread(block 65) failed [ 934.258696][ T5279] FAT-fs (loop1): Directory bread(block 66) failed [ 934.265251][ T5279] FAT-fs (loop1): Directory bread(block 67) failed [ 934.299440][ T5279] FAT-fs (loop1): Directory bread(block 68) failed [ 934.305996][ T5279] FAT-fs (loop1): Directory bread(block 69) failed [ 934.323657][ T5999] usb 4-1: USB disconnect, device number 42 [ 934.362322][ T5279] FAT-fs (loop1): Directory bread(block 70) failed [ 934.391693][ T5279] FAT-fs (loop1): Directory bread(block 71) failed [ 934.423271][ T5279] FAT-fs (loop1): Directory bread(block 72) failed [ 934.433024][ T5279] FAT-fs (loop1): Directory bread(block 73) failed [ 934.539057][ T5313] loop2: detected capacity change from 0 to 256 [ 934.549656][ T5313] exfat: Deprecated parameter 'namecase' [ 934.591251][ T5313] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d) [ 934.794591][ T5333] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12386'. [ 934.837694][ T5333] netlink: 40 bytes leftover after parsing attributes in process `syz.0.12386'. [ 935.124697][ T5355] netlink: 84 bytes leftover after parsing attributes in process `syz.0.12394'. [ 935.136207][ T5357] libceph: resolve '4..' (ret=-3): failed [ 935.331592][ T5343] loop1: detected capacity change from 0 to 32768 [ 935.350094][ T5343] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.12389 (5343) [ 935.420169][ T5343] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 935.455279][ T5343] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm [ 935.483727][ T5376] xt_socket: unknown flags 0x4c [ 935.534489][ T5343] BTRFS info (device loop1): enabling ssd optimizations [ 935.541885][ T5343] BTRFS info (device loop1): enabling free space tree [ 935.623717][ T5926] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 936.403259][ T5436] wireguard0: entered promiscuous mode [ 936.440240][ T5436] wireguard0: entered allmulticast mode [ 936.455604][ T5443] netlink: 76 bytes leftover after parsing attributes in process `syz.4.12421'. [ 936.691684][ T5462] loop1: detected capacity change from 0 to 128 [ 936.699035][ T5461] netlink: 'syz.4.12427': attribute type 39 has an invalid length. [ 936.732562][ T5462] FAT-fs (loop1): Directory bread(block 162) failed [ 936.764247][ T5467] loop2: detected capacity change from 0 to 64 [ 936.775308][ T5462] FAT-fs (loop1): Directory bread(block 163) failed [ 936.801730][ T5462] FAT-fs (loop1): Directory bread(block 164) failed [ 936.831454][ T5462] FAT-fs (loop1): Directory bread(block 165) failed [ 936.851226][ T5462] FAT-fs (loop1): Directory bread(block 166) failed [ 936.866682][ T5462] FAT-fs (loop1): Directory bread(block 167) failed [ 936.900783][ T5462] FAT-fs (loop1): Directory bread(block 168) failed [ 936.933885][ T5462] FAT-fs (loop1): Directory bread(block 169) failed [ 937.005770][ T5462] FAT-fs (loop1): Directory bread(block 162) failed [ 937.040115][ T5462] FAT-fs (loop1): Directory bread(block 163) failed [ 937.047151][ T5462] syz.1.12426: attempt to access beyond end of device [ 937.047151][ T5462] loop1: rw=3, sector=226, nr_sectors = 6 limit=128 [ 937.082742][ T5462] syz.1.12426: attempt to access beyond end of device [ 937.082742][ T5462] loop1: rw=2051, sector=232, nr_sectors = 2 limit=128 [ 937.120737][ T5497] ip6t_srh: unknown srh invflags 4000 [ 937.220875][ T5502] bond3: down delay (262144) is not a multiple of miimon (5), value rounded to 262140 ms [ 937.608890][ T5486] loop4: detected capacity change from 0 to 32768 [ 937.644443][ T5486] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.12435 (5486) [ 937.691439][ T5486] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 937.703253][ T5486] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm [ 937.766190][ T5999] usb 2-1: new low-speed USB device number 19 using dummy_hcd [ 937.826757][ T5486] BTRFS info (device loop4): enabling ssd optimizations [ 937.845165][ T5486] BTRFS info (device loop4): enabling free space tree [ 937.866361][ T5591] loop2: detected capacity change from 0 to 164 [ 937.933571][ T5591] Unable to read rock-ridge attributes [ 937.954303][ T5999] usb 2-1: config 0 has an invalid interface number: 3 but max is 0 [ 937.997177][ T5591] Unable to read rock-ridge attributes [ 937.998120][ T5999] usb 2-1: config 0 has no interface number 0 [ 938.007491][ T5591] syz.2.12451: attempt to access beyond end of device [ 938.007491][ T5591] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 938.044651][ T5999] usb 2-1: config 0 interface 3 altsetting 0 endpoint 0x6 has invalid maxpacket 64, setting to 8 [ 938.059375][ T5938] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 938.079544][ T5591] syz.2.12451: attempt to access beyond end of device [ 938.079544][ T5591] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 938.082257][ T5999] usb 2-1: config 0 interface 3 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 938.128620][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 938.128635][ T30] audit: type=1800 audit(2000000198.177:447): pid=5591 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.12451" name="file0" dev="loop2" ino=1862 res=0 errno=0 [ 938.168850][ T5999] usb 2-1: config 0 interface 3 altsetting 0 endpoint 0x8 has invalid maxpacket 1024, setting to 8 [ 938.203200][ T5999] usb 2-1: config 0 interface 3 altsetting 0 endpoint 0x4 has invalid maxpacket 1023, setting to 8 [ 938.260415][ T5999] usb 2-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59 [ 938.294052][ T5999] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 938.342086][ T5999] usb 2-1: config 0 descriptor?? [ 938.394642][ T5552] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 938.411261][ T5999] hub 2-1:0.3: bad descriptor, ignoring hub [ 938.438590][ T5999] hub 2-1:0.3: probe with driver hub failed with error -5 [ 938.446690][ T5999] sierra 2-1:0.3: Sierra USB modem converter detected [ 938.563336][ T5621] loop4: detected capacity change from 0 to 8 [ 938.668307][ T5999] usb 2-1: Sierra USB modem converter now attached to ttyUSB0 [ 938.711155][ T5999] usb 2-1: USB disconnect, device number 19 [ 938.738222][ T5999] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 938.779804][ T5999] sierra 2-1:0.3: device disconnected [ 939.572335][ T5687] loop2: detected capacity change from 0 to 2048 [ 939.645120][ T5687] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 940.255674][ T5728] loop2: detected capacity change from 0 to 64 [ 940.631834][ T5750] loop2: detected capacity change from 0 to 4096 [ 940.670481][ T5750] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 940.779128][ T5750] ntfs3(loop2): ino=1a, mi_enum_attr [ 940.796858][ T5750] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 940.831266][ T5750] ntfs3(loop2): ino=1a, mi_enum_attr [ 940.841926][ T5750] ntfs3(loop2): Failed to initialize $Extend/$Reparse. [ 940.910778][ T5750] ntfs3(loop2): ino=5, "/" indx_read [ 941.184669][ T5741] loop1: detected capacity change from 0 to 32768 [ 941.203562][ T5741] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.12491 (5741) [ 941.253397][ T5741] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 941.308001][ T5741] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm [ 941.526201][ T5741] BTRFS info (device loop1): enabling ssd optimizations [ 941.533299][ T5741] BTRFS info (device loop1): enabling free space tree [ 941.688317][ T5926] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 942.046847][ T5784] loop2: detected capacity change from 0 to 32768 [ 942.079436][ T5784] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.12505 (5784) [ 942.133446][ T5784] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 942.175678][ T5784] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 942.250565][ T5847] netlink: 'syz.0.12519': attribute type 32 has an invalid length. [ 942.385590][ T5784] BTRFS info (device loop2): enabling ssd optimizations [ 942.403346][ T5784] BTRFS info (device loop2): enabling free space tree [ 942.493922][ T5865] kAFS: unable to lookup cell '@mTsyz0' [ 942.529799][ T5829] loop4: detected capacity change from 0 to 32768 [ 942.625013][ T5829] ERROR: (device loop4): xtSearch: xt_getpage: xtree page corrupt [ 942.625013][ T5829] [ 942.641621][ T5829] ERROR: (device loop4): remounting filesystem as read-only [ 942.652925][ T5829] xtLookup: xtSearch returned -5 [ 942.669116][ T5928] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 944.106411][ T6016] bond4 (unregistering): Released all slaves [ 944.447929][ T6114] loop1: detected capacity change from 0 to 512 [ 944.600247][ T6114] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 944.613484][ T6125] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 944.620279][ T6129] loop2: detected capacity change from 0 to 16 [ 944.635514][ T6114] ext4 filesystem being mounted at /2410/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 944.704029][ T6129] erofs (device loop2): mounted with root inode @ nid 36. [ 944.735739][ T6114] [ 944.738099][ T6114] ====================================================== [ 944.745117][ T6114] WARNING: possible circular locking dependency detected [ 944.752144][ T6114] syzkaller #0 Not tainted [ 944.756550][ T6114] ------------------------------------------------------ [ 944.763548][ T6114] syz.1.12560/6114 is trying to acquire lock: [ 944.769592][ T6114] ffff88805b620ea8 (&dquot->dq_lock){+.+.}-{4:4}, at: dqget+0x72a/0xf10 [ 944.777934][ T6114] [ 944.777934][ T6114] but task is already holding lock: [ 944.785275][ T6114] ffff8880609a1d78 (&ei->xattr_sem){++++}-{4:4}, at: ext4_setattr+0x855/0x1bc0 [ 944.794220][ T6114] [ 944.794220][ T6114] which lock already depends on the new lock. [ 944.794220][ T6114] [ 944.804601][ T6114] [ 944.804601][ T6114] the existing dependency chain (in reverse order) is: [ 944.813613][ T6114] [ 944.813613][ T6114] -> #5 (&ei->xattr_sem){++++}-{4:4}: [ 944.821154][ T6114] lock_acquire+0x120/0x360 [ 944.826163][ T6114] down_read+0x46/0x2e0 [ 944.830826][ T6114] ext4_setattr+0x855/0x1bc0 [ 944.835920][ T6114] notify_change+0xc1a/0xf40 [ 944.841019][ T6114] chown_common+0x40c/0x5c0 [ 944.846027][ T6114] do_fchownat+0x161/0x270 [ 944.850946][ T6114] __x64_sys_chown+0x82/0xa0 [ 944.856039][ T6114] do_syscall_64+0xfa/0xfa0 [ 944.861053][ T6114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.867447][ T6114] [ 944.867447][ T6114] -> #4 (jbd2_handle){++++}-{0:0}: [ 944.874724][ T6114] lock_acquire+0x120/0x360 [ 944.879733][ T6114] start_this_handle+0x1fa7/0x21c0 [ 944.885346][ T6114] jbd2__journal_start+0x2c1/0x5b0 [ 944.890958][ T6114] jbd2_journal_start+0x2a/0x40 [ 944.896311][ T6114] ocfs2_start_trans+0x376/0x6d0 [ 944.901755][ T6114] ocfs2_shutdown_local_alloc+0x200/0xa10 [ 944.907975][ T6114] ocfs2_dismount_volume+0x201/0x8d0 [ 944.913770][ T6114] generic_shutdown_super+0x135/0x2c0 [ 944.919640][ T6114] kill_block_super+0x44/0x90 [ 944.924816][ T6114] deactivate_locked_super+0xbc/0x130 [ 944.930688][ T6114] cleanup_mnt+0x425/0x4c0 [ 944.935608][ T6114] task_work_run+0x1d4/0x260 [ 944.940740][ T6114] exit_to_user_mode_loop+0xe9/0x130 [ 944.946552][ T6114] do_syscall_64+0x2bd/0xfa0 [ 944.951671][ T6114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.958072][ T6114] [ 944.958072][ T6114] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 944.966580][ T6114] lock_acquire+0x120/0x360 [ 944.971602][ T6114] down_read+0x46/0x2e0 [ 944.976352][ T6114] ocfs2_start_trans+0x36a/0x6d0 [ 944.981795][ T6114] ocfs2_shutdown_local_alloc+0x200/0xa10 [ 944.988017][ T6114] ocfs2_dismount_volume+0x201/0x8d0 [ 944.993806][ T6114] generic_shutdown_super+0x135/0x2c0 [ 944.999679][ T6114] kill_block_super+0x44/0x90 [ 945.004861][ T6114] deactivate_locked_super+0xbc/0x130 [ 945.010740][ T6114] cleanup_mnt+0x425/0x4c0 [ 945.015661][ T6114] task_work_run+0x1d4/0x260 [ 945.020753][ T6114] exit_to_user_mode_loop+0xe9/0x130 [ 945.026546][ T6114] do_syscall_64+0x2bd/0xfa0 [ 945.031639][ T6114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.038033][ T6114] [ 945.038033][ T6114] -> #2 (sb_internal#3){.+.+}-{0:0}: [ 945.045495][ T6114] lock_acquire+0x120/0x360 [ 945.050505][ T6114] ocfs2_start_trans+0x26b/0x6d0 [ 945.055949][ T6114] ocfs2_acquire_dquot+0x455/0xb30 [ 945.061563][ T6114] dqget+0x7b1/0xf10 [ 945.065964][ T6114] dquot_set_dqblk+0x2b/0xfa0 [ 945.071141][ T6114] quota_setquota+0x4b7/0x540 [ 945.076324][ T6114] __se_sys_quotactl+0x279/0x950 [ 945.081762][ T6114] do_syscall_64+0xfa/0xfa0 [ 945.086769][ T6114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.093161][ T6114] [ 945.093161][ T6114] -> #1 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}: [ 945.102002][ T6114] lock_acquire+0x120/0x360 [ 945.107008][ T6114] down_write+0x96/0x1f0 [ 945.111752][ T6114] ocfs2_create_local_dquot+0x19d/0x1a40 [ 945.117888][ T6114] ocfs2_acquire_dquot+0x80f/0xb30 [ 945.123511][ T6114] dqget+0x7b1/0xf10 [ 945.127913][ T6114] dquot_set_dqblk+0x2b/0xfa0 [ 945.133100][ T6114] quota_setquota+0x4b7/0x540 [ 945.138291][ T6114] __se_sys_quotactl+0x279/0x950 [ 945.143742][ T6114] do_syscall_64+0xfa/0xfa0 [ 945.148762][ T6114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.155177][ T6114] [ 945.155177][ T6114] -> #0 (&dquot->dq_lock){+.+.}-{4:4}: [ 945.162809][ T6114] validate_chain+0xb9b/0x2140 [ 945.168085][ T6114] __lock_acquire+0xab9/0xd20 [ 945.173270][ T6114] lock_acquire+0x120/0x360 [ 945.178285][ T6114] __mutex_lock+0x187/0x1350 [ 945.183392][ T6114] dqget+0x72a/0xf10 [ 945.187810][ T6114] dquot_transfer+0x4b8/0x6d0 [ 945.193010][ T6114] ext4_setattr+0x865/0x1bc0 [ 945.198115][ T6114] notify_change+0xc1a/0xf40 [ 945.203223][ T6114] chown_common+0x40c/0x5c0 [ 945.208234][ T6114] do_fchownat+0x161/0x270 [ 945.213166][ T6114] __x64_sys_lchown+0x85/0xa0 [ 945.218358][ T6114] do_syscall_64+0xfa/0xfa0 [ 945.223367][ T6114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.229760][ T6114] [ 945.229760][ T6114] other info that might help us debug this: [ 945.229760][ T6114] [ 945.239966][ T6114] Chain exists of: [ 945.239966][ T6114] &dquot->dq_lock --> jbd2_handle --> &ei->xattr_sem [ 945.239966][ T6114] [ 945.252553][ T6114] Possible unsafe locking scenario: [ 945.252553][ T6114] [ 945.260006][ T6114] CPU0 CPU1 [ 945.265350][ T6114] ---- ---- [ 945.270695][ T6114] rlock(&ei->xattr_sem); [ 945.275098][ T6114] lock(jbd2_handle); [ 945.281665][ T6114] lock(&ei->xattr_sem); [ 945.288496][ T6114] lock(&dquot->dq_lock); [ 945.292914][ T6114] [ 945.292914][ T6114] *** DEADLOCK *** [ 945.292914][ T6114] [ 945.301033][ T6114] 3 locks held by syz.1.12560/6114: [ 945.306213][ T6114] #0: ffff88807b256420 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 945.315352][ T6114] #1: ffff8880609a2090 (&type->i_mutex_dir_key#3){++++}-{4:4}, at: chown_common+0x313/0x5c0 [ 945.325519][ T6114] #2: ffff8880609a1d78 (&ei->xattr_sem){++++}-{4:4}, at: ext4_setattr+0x855/0x1bc0 [ 945.334896][ T6114] [ 945.334896][ T6114] stack backtrace: [ 945.340767][ T6114] CPU: 1 UID: 0 PID: 6114 Comm: syz.1.12560 Not tainted syzkaller #0 PREEMPT(full) [ 945.340797][ T6114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 945.340814][ T6114] Call Trace: [ 945.340821][ T6114] [ 945.340829][ T6114] dump_stack_lvl+0x189/0x250 [ 945.340847][ T6114] ? __pfx_dump_stack_lvl+0x10/0x10 [ 945.340860][ T6114] ? __pfx__printk+0x10/0x10 [ 945.340874][ T6114] ? print_lock_name+0xde/0x100 [ 945.340888][ T6114] print_circular_bug+0x2ee/0x310 [ 945.340911][ T6114] check_noncircular+0x134/0x160 [ 945.340932][ T6114] validate_chain+0xb9b/0x2140 [ 945.340950][ T6114] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 945.340966][ T6114] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 945.340982][ T6114] ? look_up_lock_class+0x74/0x170 [ 945.340999][ T6114] ? register_lock_class+0x51/0x320 [ 945.341017][ T6114] __lock_acquire+0xab9/0xd20 [ 945.341035][ T6114] ? dqget+0x72a/0xf10 [ 945.341051][ T6114] lock_acquire+0x120/0x360 [ 945.341066][ T6114] ? dqget+0x72a/0xf10 [ 945.341087][ T6114] __mutex_lock+0x187/0x1350 [ 945.341103][ T6114] ? dqget+0x72a/0xf10 [ 945.341123][ T6114] ? dqget+0x72a/0xf10 [ 945.341140][ T6114] ? __pfx___mutex_lock+0x10/0x10 [ 945.341167][ T6114] dqget+0x72a/0xf10 [ 945.341187][ T6114] dquot_transfer+0x4b8/0x6d0 [ 945.341208][ T6114] ? __pfx_dquot_transfer+0x10/0x10 [ 945.341226][ T6114] ? ext4_journal_check_start+0x1cf/0x2b0 [ 945.341246][ T6114] ? down_read+0x1ad/0x2e0 [ 945.341263][ T6114] ext4_setattr+0x865/0x1bc0 [ 945.341283][ T6114] ? __pfx_current_time+0x10/0x10 [ 945.341302][ T6114] ? try_break_deleg+0x79/0x130 [ 945.341314][ T6114] ? __pfx_ext4_setattr+0x10/0x10 [ 945.341331][ T6114] notify_change+0xc1a/0xf40 [ 945.341347][ T6114] chown_common+0x40c/0x5c0 [ 945.341367][ T6114] ? __pfx_chown_common+0x10/0x10 [ 945.341387][ T6114] ? mnt_get_write_access+0x213/0x280 [ 945.341407][ T6114] do_fchownat+0x161/0x270 [ 945.341425][ T6114] ? __pfx_do_fchownat+0x10/0x10 [ 945.341444][ T6114] __x64_sys_lchown+0x85/0xa0 [ 945.341462][ T6114] do_syscall_64+0xfa/0xfa0 [ 945.341478][ T6114] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.341491][ T6114] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 945.341506][ T6114] ? clear_bhb_loop+0x60/0xb0 [ 945.341521][ T6114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.341535][ T6114] RIP: 0033:0x7f762778eec9 [ 945.341549][ T6114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 945.341562][ T6114] RSP: 002b:00007f76286fb038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e [ 945.341577][ T6114] RAX: ffffffffffffffda RBX: 00007f76279e5fa0 RCX: 00007f762778eec9 [ 945.341588][ T6114] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000001640 [ 945.341598][ T6114] RBP: 00007f7627811f91 R08: 0000000000000000 R09: 0000000000000000 [ 945.341607][ T6114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 945.341616][ T6114] R13: 00007f76279e6038 R14: 00007f76279e5fa0 R15: 00007ffea2ac6a18 [ 945.341632][ T6114] [ 945.658677][ T6129] erofs (device loop2): corrupted dir block 0 @ nid 36 [ 945.710100][ T6142] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12570'. [ 945.744784][ T5926] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 952.977318][ C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!