last executing test programs: 4m26.547323932s ago: executing program 1 (id=13833): syz_mount_image$udf(&(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000200)={[{@shortad}, {@partition={'partition', 0x3d, 0x5}}, {@noadinicb}, {@uid}, {@gid}, {@volume={'volume', 0x3d, 0x6}}]}, 0x1, 0x489, &(0x7f0000000580)="$eJzs29trHOUfx/HPd7K72Wz7+3XbpmmVgquCSsWaQ4/Gix5iqNCkOTQiRYWYbOLSnMimkhTR4o233ngjIgoKUkULIt54pb3zD1AQBL3wQgT3wgMIgszszM5ks2nS7iHd9v2CdifPfGfmOewzz7M7zwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEinnjrZ2WVbnQsAANBIg6Mjnd2M/wAA3FXO8/kfAADgbmJy9L1MfSMFG/D+Lkqezc1dWh7r6698WJt5R7Z48e6/ZFd3z6HDR44eC15vfHyt3aNzo+dPZk7Pzy4sZvP57GRmbC43MT+Z3fQZqj2+3AGvAjKzFy9NTk3lM90He1btXk7/0rqtI917tOOEE8SO9fX3j0ZiYvFbvvoa683wE3K0T6bfHvrUBiU5qr4uNnjv1FubV4gDXiHG+vq9gszkxueW3J1DQUU4fll9iaCOGtAWVWmX3HxZojaf2eJydEKmjp8Ldk5SS1APj3pfDK9/YKwml79lbj6fl/SAmqDNbmOtcvSjTLM7khra+mZFg8XkaFmmP3oLNuzdD9z+5N42zz6TeXpuaj4SO2R+j2r28aGRbvN7U1KOBr07fsFGtjozaDh3svSWTHs+ftmbV8ibl+7oPfrEcE90hrF3g/O4sQf9+eNmxuS4HztkQ2ZO7csFAAAAAAAAQGo1R9/JVPgqEyamTU7kkXFSxQdDma3JIoB6MUdvyzQ8UvC+ho+uS2mJrO8pafZnf/XNf1vy9PzCymJu+qWlivtTyZMv5pcWxycq71abe59tiaZstI6lSnFzlJDpuT8/stJ1i/d/fylAmJsPnwzXzCTLr++9b/5fXM8UPEM6fmFvdLtilm/i+ah7TTNHSzKd2rXPX6uS0po6UzHuc5l+f2+/H+ck3MwHp00XzziVm8l2urFfy/T+v0GstyxK2/zY3WFslxtrMr05sDp2ux/bHsZ2u7H9Ml1/oXLsnjC2x419XaaFXzNBbMqNvc+P7QhjD07Mz0xWqkrgZrn9/yeZ3m3PWNA3YsX339r+/0o4FlwpP9E6fb7a/p+OpF3x+/UFt///tc/ry17/dyr3/zdk+uSL/X5cse8l/P07vf/D/v+sTNPfro5N+bG7wtiuTVdsk3Dbf79MZ/ZcK9WN3/5+C4StFm3/e8vfHXVq/52RtLR/3dbaFB2S8iuXL47PzGQX2WCDDTZKG1t9Z0IjuOP/Z+4s6ssfSvMdf/z3P6aEM6u/Xw3H/97yE9Vp/N8VSev1ZyPxmJRcml2I75WS+ZXLj+Vmx6ez09m5Q51HOg8fOt51/Fg8EUzuwq2q6+pO5Lb/NzL9s+1q6fPu6vlf5fl/qvxEdWr/3ZG01Kr5StVFh9/+V2W6//q10vcSN5r/B9//PPJg8bXUP+vU/u2RtLR/3f/VpugAAAAAAAAAAAAAAAAA0NTi5ugDmc48HrPgt2abWf+35gdodVr/1RFJm2zQ7xWqrlQAaAKOHL0j08Mq2GtuwnZpIPqKO9p/AQAA//9HASOO") mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) 4m26.178908294s ago: executing program 1 (id=13837): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc0205647, &(0x7f0000000040)={0xf010000}) 4m25.944861297s ago: executing program 1 (id=13840): syz_mount_image$hfsplus(&(0x7f0000000380), &(0x7f0000000340)='./file1\x00', 0x1804810, &(0x7f0000000180)=ANY=[], 0xf6, 0x692, &(0x7f0000000cc0)="$eJzs3c1vHGcdB/DvbDYbb1qC2yZtQJVqNRIgIhI7VgrmQkAI5RChqhw4W4nTWNmkxXGRWyHq8HrtoX9AOeSCOCFxj1Q4cIFbb8jHSkhceqk5LZrZWXu9fuluE7+kfD7R+nlmnnme+c3v2Z3dHceaAP+3rp5P82GKXD1/baVcXnsw21l7MHunX09yIslq0kzSSFJ82u12P0yuJMXGMMVQuc37i3OvffTJ2se9pWb9qLZv7NVvSL3d6tDq1f66qSTH6vIRbBnv+iOPV2xEfiXJubqEQ3c8SXeLn/396Y2WAe2dek8cSIzA/ip675vbTCYn6xd6+Tmg/87bONjoRndixO2GP0EAAADAk2aU78BfXs96VopTBxAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfCGs9u7/363vG1jU9/cvy2IqRf/+/616Xer60fLSeJs/3K84AAAAAAAAAOAAvbSe9azkVH+5W1S/83+5Wjhd/Xwqb+VeFrKUC1nJfJaznKXMJJmsOzXqcnlpZoSelwZ6llor88vLS5c+I9D6PyWk/XiOGwAAAAAAAAC+YH6Vq5u//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKOgSI71ihT3B1ZPptFMMpGkVa5YTf7Zrz/JHh52AAAAAHAATiTrWcmp/nK3yOkkz1fXACbyVu5mOYtZTicLuVFdF+h962+sPZjtrD2YvVM+to/7/f+MFUY1YnrXHnbe89lqi3ZuZrFacyHX80Y6uZFG1bN0to6nP+pAXBNJ7pcxFd+rjRjZjbosj/y9qjy2faN3xzrY3Yx5MWWyysjxjYxM17NTZuOZ/szsNEPFuIEN72kmjY1gTw/tqZV82u0pm/vXkM6Ok/OTA4H+bnvA18aN//EZzsSlgWff83vlvPT1v/zpp9N1few5OGT9J301qWlvz8TsQCZeGCUTtzp3b9+6ee/8k5aJbaarTJzZWL6aH+UnOZ+pvJqlLObnmc9yFjKVH1a1+Xryi4GX/C6ZurJl6dXPiqRVP0N7kzVeTC9XfU9lMT/OG7mRhbxS/buUmXw7l3M5cwMzfGbvGa7OtI1dzrTdL+0Y/Llv1JV2kt/X5dFQ5vWZgbwOnnMnq7bBNZtZenaELI35ftT8al0p9/HrujwahjMxM5CJ54YzMbGl6x+q08q9zt3bS7fm3xxtd8++V1fK19Fvk6nDPZG0hurPlpNVLW19dpRtz+3YNlO1nd5oa2xrO7PR1nulru76Sm3Vn+G2j3Spanthx7bZqu3sQNtOn7cAOPJOfvNkq/3v9j/aH7R/077VvjbxgxPfOfFiK8f/evy7zeljX2u8WPw5H+SXm9//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAACAz+/e2+/cnu90FpZ6lVaSqtLtdt/d2jRupVnv4XN2f4RKpv71VLnnHZr6tzM7wHi+8nRycMd+VCv/7Xa79Zpil23++Lcjk6j6RobdfdxFI8n+jLz+eII/vHMScDAuLt958+K9t9/51uKd+dcXXl+4O3f58tz03OVXZi/eXOwsTPd+HnaUwH7YfNM/7EgAAAAAAAAAAACAUR3E31Qc9jECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT7ar59N8mCIz0xemy+W1B7Od8tGvb27ZTNJIUvwiKT5M2v2GyYHhit328/7i3GsffbL28eZYzf72jb36jWa1fmQqybFeef9xjXe9LvdU7HUIxcYRXklyri7h0P0vAAD//5QoDFI=") lchown(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) 4m25.492429804s ago: executing program 1 (id=13844): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000300)='./file0\x00', 0x2000004, &(0x7f0000000500)=ANY=[@ANYBLOB="00e3078fbb81fca067351e718b1742354077ee6bdefb8addaf7c0c235850b66dac0ba564a370a77264f1a57d44c84efc49fa6c64b9351ea8fd59a458a7791fedcc466b0eab6ca6dd32fcc642517fa3219450b91e3118bf2b9d3cfa562ea44c058252d29181c81c637c6ba7d179122eee61e5c9f68165b6abd469da8d90c0632f7265bb040411d5748c475bb33a7ce77afb2ea533f1653d8cb67dad989bb0a1c16881f0d91d6cbd3751c289aecf4a00"/185, @ANYBLOB="b12398658f5ec6488081d04c33b5a507b1cac8c4376c1895046a1e6e068e53d002eb4279796b4c014f4febee026f87bd0eea7d27598f7ff2687552fdd651", @ANYRESOCT=0x0, @ANYRES64], 0x1, 0x497, &(0x7f0000002480)="$eJzs281vG8Ufx/HPbGJnk/b3w31yC6qEJSSKiiix05I+gRRa0iL1gbYJAqEWhcYJVhMnitOqraCtxKFHoEggJA7l0AtCVZHgAgcOcOM/4MKtBy6YEycQms2sd+26JK0fEjfvl5R4vPv17uzM7OysdywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACC9/MpQf9Ysdy4AAEA7HTt1sj/H9R8AgFVlhPt/AACA1cTI0ycy+uHTsjkavF/gHykUz18cPThc/2O9JvhkVxBv//xsbmDnrhcGd4ev//35Zntcx0+NDGUOzEzPzuVLpfx4ZrRYODsznl/yFhr9fK3tQQFkps+dH5+YKGVyOwaqVl9M3e1Zk07tG0zvfzqMHT04PHwqFtOdeOi93+N+I/ykPF2XUfnj2+aYJE+Nl8UibafVeoOD2B4cxOjB4eBApgpjxXm70oQF4VWXSTIsozbURUM2SjZfJtmce7aEPJVktCldNscldYXl8GzwxfDiG/Cako0HZvN5WlJGHVBnK1iPPO2S0Y09Kb1myyys/27p/eXOHFquW55uy2jbS2VzIugP7Plku80jr2deLU7MxGKNcWdUp18f2mmF902+PB0LzviyObncmUHb2cHSaRntHLkQjCsUjEsf2zd46PBIfISxeZHt2NgdLr2Ua3IiNnQwyzSGAAAAAAAAAB51vvGC7+I+/8YP3mfcMyCsEsbT8zL683A5eDQen5fQFZvfUdHpz35am/9e/8DM7KW5wuS783XX9/lD75Tm58bO1l+tXnvyVX0dvtg8hgYljKfdMrr6z51ovylj064biHZ0a3+UN9/UrA3azf8X5rOEzxD2Dm+Op+tm+QGej6XcfumfgOYwxtOQjCa+3+LmfvTpnj7IxX0roz9ubnVxXtIGhadpKvjvTxSm8v029icZffl3GBtMM9MaF7shis3aWE9GHx2tjl3rYjdGsTkbe0hGP5+pH7spih2wsR/IaPb3TBjbZ2OfdLHpKHbH2Zmp8ZYV8Apn+/8rMlr/YsaEdenKy3WzXZXYW+9F/f212g3dp89vtP9PxZZdc+3wrm2vZ7YEbS9or1799npdRl9/t9XFLbSVpFu/Lvgftdc3ZDT5S3Vsn4tdH8Vml1ywHcLW/9syyhXvVMrG1b+rgdj1P1b/T9S2jhbV/7rYspTbb09zDh2SSpcunxubmsrPkSBBYgmJHq2IbCySCPvlh9/OMndMaAt7/f9MRm+e+LUy3nHXfzesjsZ/f12Jrv97azfUouv/+tiyvW40kuiW/Pnp2URa8kuXLj9XmB6bzE/miwO57J7+PTsHs4lkOLaLUg0X1SMp4e7VLnz4VeX+rHr8V3/831e7oRbV/waXzXCfUSfVlMNf9Wz9/yajt368U7mPtvV/sxJRPf4P77OeeWrhtXJ+tqj+N8aWpdx+/9eE4wYAAAAAAAAAAAAAAACATpcwnm7IyD/dbcLfRi1l/t89P5hq0fyvdGzZeJt+r9BwoQJAB/Dk6QsZbVPZXLUL1kpH4694pP0bAAD//3VdHM0=") mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x80, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 4m24.692406281s ago: executing program 1 (id=13850): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2002, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x38) 4m22.31549543s ago: executing program 1 (id=13884): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000023980000000c0a01010000000000000000010000000900020073797a32000000006c0003806800008008000340000000025c000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000050c00024000000000000000002c0001800a0001006c696d69740000001c0002800c00024000000002000000000c00014000000000000000020900010073797a30"], 0x11c}}, 0x0) 4m21.82289064s ago: executing program 32 (id=13884): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000023980000000c0a01010000000000000000010000000900020073797a32000000006c0003806800008008000340000000025c000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000050c00024000000000000000002c0001800a0001006c696d69740000001c0002800c00024000000002000000000c00014000000000000000020900010073797a30"], 0x11c}}, 0x0) 3m56.786862399s ago: executing program 4 (id=14155): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000880)={0x3ff, {{0x2, 0x4e23, @multicast2}}}, 0x90) 3m56.480091077s ago: executing program 4 (id=14159): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001e40)=ANY=[@ANYBLOB="b702000026000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304020000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed69000000000000000000000000009a6d1852cfe790362ca800000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeae3b0ba38d8bb1bf032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c095162b3b5fb3832ee68e2b53d44bd84bf6770157e96bbb96b5e1f165c87e7a9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3df3572a7d9ef5f6103997f1f9e4b0c3970bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c238e545b28211a92000000001501aed8d72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c9534229d6133fa814a0a67385fea04220423"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r0, 0x18000000000002a0, 0x11, 0x0, &(0x7f0000000000)="76389e147cf2457800dd389f88a8ffffff", 0x0, 0x1ff, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 3m56.2596741s ago: executing program 4 (id=14161): r0 = io_uring_setup(0x2238, &(0x7f0000001cc0)={0x0, 0x6cbe, 0x1000, 0x0, 0x210}) io_uring_register$IORING_REGISTER_FILES2(r0, 0xd, &(0x7f0000003200)={0x0, 0x1, 0x0, 0x0, 0x0}, 0x20) 3m56.057061972s ago: executing program 4 (id=14163): syz_mount_image$iso9660(&(0x7f0000000380), &(0x7f00000000c0)='./file0\x00', 0x204818, &(0x7f00000003c0)={[{@map_off}, {@check_strict}, {@overriderock}, {@map_off}, {@unhide}, {@iocharset={'iocharset', 0x3d, 'cp437'}}, {@map_off}, {@mode={'mode', 0x3d, 0x483}}]}, 0x1, 0x544, &(0x7f0000001000)="$eJzs3V9v01YfwPGfS/sQ5ZGqRw8TQlWBQ9mkIpXgJBAUceU5J+mBxI5sB7VXqKIpqkhhokxae8O4YZu0vQh2uRexd4T2EjbZTvqHJjHQv6u+nwjOiX3s8zup5Z/cxscCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADEcmu2XbSkabzOkhrNrQV+a/dtf+sDC+TWvmJMvyJW/E9yObmSLrry1e7qy/F/czKbvpuVXFzkZPu/l//34NLkxGD7MQF/lt+/cE+bW9vPV3q97qujCuQMunpx9LqG9kzom5bT0MqEvqpWKvadxXqo6qapw+Uw0i3lBtqJ/EDNu7dUsVotK11Y9jteo+Y09WDh/dsl266oh4W2doLQ9+48LITuomk2jddI2sSr4zb34wPxkYlUpJ2WUmvrvW45awBxo+KnNCplNSrZpVKxWCoVK/eq9+7b9uSBBfZH5ECLozto8e90hGdv4HAm+vlfmmLEk44siRr6cqUmgfjSGrG+b5D/v7mjx/a7N/8PsvyV3dUzkuT/a+m7a6Py/4hYTu61KVuyLc9lRXrSk668OvWITvbVEC2eGAnFFyMtcZIlqr9ESVUqUhFbnsii1CUUJXUx0hQtoSxLKJHo5IhyJRAtjkTiSyBK5sWVW6KkKFWpSlmUaCnIsvjSEU8aUhMn2cuarCefe1mUNSrGnUbFkcPID467rpTGjJb8j8M70vM3cBh/D/I/AAAAAAA4t6zkt+/x9f+UXE1qddPU9mmHBQAAAAAAjlDyl//ZuJiKa1fF4vofAAAAAIDzxkrusbNEJC/X09qaWMntUvwSAAAAAACAcyL5+/+1uEjmQLku1s50KVz/AwAAAABwTvycOcd+2L5o/fmXBMGU9ba99LW1kczN62xcSLe78PEeo/qMNd3fSVJU0mJy0tWzVi5ttDMJ5od+sZYVh7UbgLMTwI+fE8ClSflVbqRtbqym5epgTdpLvm6auuD6zQdFcZzpiUgvRd+/WP9BkuH/4rWmrZys97qFpy97q0ksb+O9vN3oT6B4YB7FMbG8TuZbSO65GDriqeRGjH6/eUvW1ntde+/4J9LNJ/b3+GZ6TJ/vZC5tNdef8Ta/f/y5uM9iYdTo+1EUDznyd3IzbXNz/mZaDImilBVFaW8Uwz+Lw0dRzoqifMgoAOC0rGVkIUsO5N0vOMt9WXaXz8zu72Q+bTM/k5xYJ2eGnNHtrDO6fcjs9seBZyCNyrFxv799lFXfxxu8H9lv2CxZ8Ud44fXGd3J5c2v79vrGyrPus+6LUqlcse/a9r2STCXD6BfkHgDAEHufsWMNzf+ZT+Gx7mZcVf9/5ysFBXkqL6Unq7KQ3G2QfONg6F7ze76GsJBx1ZpP0mT6hJeFMVd1/0nuchjstzS27f4YyifwkwAA4OTMZeThT8n/CxnX3ftz+fir4/yep7UBAIDjoYMPVj76yQoC035SrFaLTrSoVeC7j1Rgag2tjBfpwF10vIZW7cCPfNdvxpXHpqZDFXbabT+IVN0PVNsPzVIyfaDqP/o91C3Hi4wbtpvaCbVyfS9y3EjVTOiqdufbpgkXdZBsHLa1a+rGdSLjeyr0O4GrC0qFWu9paGrai0zdxFVPtQPTcoKceuw3Oy2tajp0A9OO/HSHg76MV/eDVrLbwml/2AAAnBGbW9vPV3q97qtjrAztOHfiQwUAAH0ZWRoAAAAAAAAAAAAAAAAAAAAAAJwBJ3H/H5VzXhlMBX1W4qFyBJXMU8ebYz85AThW/wQAAP//rVVPjw==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) 3m55.705883792s ago: executing program 4 (id=14167): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_GET_RESERVED_SIZE(r0, 0x5385, 0x0) 3m54.654927525s ago: executing program 4 (id=14176): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, 0x140f, 0x1, 0x801, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x0, 0x1, 0x1}]}, 0x20}}, 0x0) 3m54.140295814s ago: executing program 33 (id=14176): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, 0x140f, 0x1, 0x801, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x0, 0x1, 0x1}]}, 0x20}}, 0x0) 1.829563933s ago: executing program 3 (id=17519): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=@newlink={0x50, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8400}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @loopback}}]}}}, @IFLA_MTU={0x8}]}, 0xb0}}, 0x0) 1.737313108s ago: executing program 0 (id=17521): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x44, 0x1, 0x2, 0x101, 0x0, 0x0, {0xa, 0x0, 0xb}, [@CTA_EXPECT_MASTER={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast2}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000044}, 0x4000000) 1.530256241s ago: executing program 0 (id=17524): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x6, 0x8, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x15, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.522223001s ago: executing program 5 (id=17525): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}, @IPSET_ATTR_MAXELEM={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x60}}, 0x0) 1.455450085s ago: executing program 2 (id=17526): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0) 1.36767899s ago: executing program 6 (id=17527): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r0, 0x89f4, &(0x7f0000000180)={'sit0\x00', 0x0}) 1.349430181s ago: executing program 5 (id=17528): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@newlink={0x78, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4}, [@IFLA_LINKINFO={0x58, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x48, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0xfff}, @IFLA_BR_MCAST_ROUTER={0x5, 0x16, 0x1}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x4}, @IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x1, 0x1}}, @IFLA_BR_MCAST_LAST_MEMBER_CNT={0x8, 0x1c, 0x101}, @IFLA_BR_MCAST_STARTUP_QUERY_CNT={0x8, 0x1d, 0x401}, @IFLA_BR_MCAST_HASH_ELASTICITY={0x8, 0x1a, 0x17c3}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x1}, 0x0) 1.254821097s ago: executing program 0 (id=17529): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000002840)=ANY=[@ANYBLOB="b7000000fdffffffbfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff000000000f040000000000001d4002000000000065040000000000000f030000000000001d440000000000007a0a00fe000000000f14000000000000b5000000000000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b1100886475923906f88b53987ad0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d64364f56e24e6d2105bd901128c7e0ec82770c8204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7dfcb59b854e9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c22ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b702396df7e0c1e02b884114f244a9bf93f04bf072f0861f5c0b000000004000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae315c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c2811e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96735600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca311a28ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da7418fd3aa81cff202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0d0274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbf34c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cbf5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200"/2745], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) 1.210093389s ago: executing program 2 (id=17530): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x8800, &(0x7f00000001c0)={[{@usrquota}, {@nombcache}, {@minixdf}, {@bsdgroups}, {@min_batch_time={'min_batch_time', 0x3d, 0xbbbd}}]}, 0x1, 0x51c, &(0x7f0000000580)="$eJzs3c9vI1cdAPCvvXHiZNNNWnoABO3SFha0WifxtlHVA5QjQpUQPYK0DYk3imLHUeyUJuwhPXNFohIneuQP4NwTB25cENy4lAMSPyJQg8Rh0IwnqTdrb6wmsdP485FG897MrL/f5+y8t/Oy9gtgbN2OiIOImIyIdyJiLj9eyLd4s7Ol131y+Gj16PDRaiGS5O1/FrLz6bHo+jOpm/lrliPihx9G/KTwZNzW3v7mSr1e28nrC+3G9kJrb//eRmNlvbZe26pWl5eWF1+//1r1wtr6YmMyL3314z8cfOtnaVqz+ZHudlykTtNLJ3FSExHx/csINgI38vZMjjoRPpNiRDwXES9l9/9c3Mh+mgDAdZYkc5HMddcBgOuumM2BFYqVfC5gNorFSqUzh/d8zBTrzVb77sPm7tZaZ65sPkrFhxv12mI+VzgfpUJaX8rKn9arp+r3I+LZiPjF1HRWr6w262uj/IcPAIyxm6fG//9MdcZ/AOCaK486AQBg6PqM/wfDzgMAGB7P/wAwfoz/ADB+ytl3OEyPOg0AYIg8/wPA+DH+A8BY+cFbb6VbcpR///Xau3u7m813763VWpuVxu5qZbW5s11ZbzbXs+/saZz1evVmc3vp1dh9b/7b2632Qmtv/0GjubvVfpB9r/eDWim7yicLAGCUnn3xoz8X0hH5jelsi661HEojzQy4bMVRJwCMzI0+ZeD6s9oXjK9zPOObHoBroscSvY8pR48PCCVJklxeSsAlu/Ml8/8wrrrm//0vYBgz5vxhfJn/h/GVJIVB1/yPQS8EAK42c/xAn9//P5fvf5P/cuDHa6ev+OAyswIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICr7Xj930q+FvhsFIuVSsQzETEfpcLDjXptMSJuRcSfpkpTaX1pxDkDAOdV/FshX//rztwrs4+deuHmSXEyIn76q7d/+d5Ku73zx4jJwr+mjo+3P8iPV4efPQBwtuNxOtt3Pch/cvho9XgbZj5//25ElDvxjw4n4+gk/kRMZPtylCJi5t+FvN5R6Jq7OI+D9yPii73aX4jZbA6ks/Lp6fhp7GcuLn4yFXFG/OJj8YvZuc4+fS++cAG5wLj5KO1/3ux1/xfjdrbvff+Xsx7q/PL+L32p1aOsD/w0/nH/d6NP/3d70Biv/u57ndL0k+fej/jyRMRx7KOu/uc4fqFP/FcGjP+Xr7zwUr9zya8j7kTv+N2xFtqN7YXW3v69jcbKem29tlWtLi8tL75+/7XqQjZHvdB/NPjHG3dv9TuXtn+mT/zyGe3/+oDt//B/7/zoa0+J/82Xe8UvxvNPiZ+Oid8YMP7KzG/L/c6l8df6tP+sn//dAeN//Nf9J5YNBwBGp7W3v7lSr9d2nla4dRRx1jWfy0IMdvHv8zfrSuQ81oXoeuy6Cvl0F74zrFiTfW7Gn7/ceWOmIrr/YifJZ4rVr8e4iFk34Co4uekj4r+jTgYAAAAAAAAAAAAAAOhpGJ9YGnUbAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuL7+HwAA//8yDcV8") unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 1.144890233s ago: executing program 6 (id=17531): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x48, 0x0, 0x0) 1.047624819s ago: executing program 3 (id=17532): r0 = socket$inet6(0xa, 0x2, 0x3a) sendmmsg$inet6(r0, &(0x7f0000000340)=[{{&(0x7f0000000380)={0x11, 0x0, 0x0, @mcast2={0xff, 0x5, '\x00', 0x0}, 0xfffffffd}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000100)="a0002883781ecc0e", 0x8}], 0x1}}], 0x1, 0x0) 1.02524979s ago: executing program 5 (id=17533): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="640000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000300012800b00010067656e657665000020000280080001000100001a"], 0x64}}, 0x2000000) 1.011261981s ago: executing program 0 (id=17534): syz_mount_image$cramfs(&(0x7f0000000040), &(0x7f0000000180)='./file2\x00', 0x10000, &(0x7f00000006c0)=ANY=[], 0xfd, 0x150, &(0x7f0000000400)="$eJzskM9LImEch5/Zccb9oasLLrgLuyzsITHMccRuHTSShGyg8NIp0IkCB0UhPFbnDv0BHoqgk3iIjh3KTpZC2N/hLehYvM5UBF26v89l5vt8vnzel3dhbhgjDCou8zWn3rCbTbvyb8Uq5ldPz86/C+8HPk82nHpDdWfBRRY2xdcH412oAFfBT0DVninXqmIeZyEG5L7BxpaGgbv7VbiIcFU75bnYf+j9dJ35jkt77rcPciHXib7HI5gSfT9e++6BVlvzbpqIn/xRs95Aqz3d7VwvD/qFRPyvvW/mfx0HoiolWwcUkd8l+4nbZLczGg6KSzrWMG2as2kjZRiZkXUzKGR2DvAtBrZhTXnbp4uOEuwp0FagM8nHl7p3tuWE/JEv3oMqIlGCaPQOHyxH8XbCk6S8HtWeDS8/EolEIpFIJBKJRCKRfJSnAAAA///S4Fom") openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) 895.574388ms ago: executing program 2 (id=17535): r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) ioctl$I2C_SMBUS(r0, 0x720, &(0x7f00000000c0)={0x0, 0x0, 0x5, &(0x7f0000000080)={0xfc, "90f541a5e64f61909103f1fbbc2bd3c9f144d76e44c7b2986eb5e52829e7cb8393"}}) 867.353779ms ago: executing program 6 (id=17536): r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x8, @pix={0x3a, 0x9, 0x56544943, 0xa, 0x2, 0x10, 0xc, 0x3f1, 0x0, 0x2, 0x0, 0x4}}) 843.501041ms ago: executing program 3 (id=17537): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000001580), 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0xc0285628, &(0x7f0000001600)) 622.891644ms ago: executing program 5 (id=17538): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000050000000000000001000004080000000000000003000000100000000000000000000002000000000300000000000004040000000000002e"], 0x0, 0x4d}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x0, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x1}, 0x48) 622.299374ms ago: executing program 2 (id=17539): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="34000000110029bd7000fcdbdf25000000000000", @ANYRES32=0x0, @ANYBLOB="001c000000000000140035006c6f"], 0x34}}, 0x0) 603.107575ms ago: executing program 3 (id=17540): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000009800000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 602.459865ms ago: executing program 6 (id=17541): r0 = socket(0x2b, 0x80801, 0x1) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000080)={'ipvs\x00'}, &(0x7f0000000140)=0x1e) 491.700101ms ago: executing program 0 (id=17542): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001200)=ANY=[@ANYBLOB="241000003f0007010000000000000000047c0000040012800c1001"], 0x1024}, 0x1, 0x0, 0x0, 0x20004040}, 0x0) 418.816206ms ago: executing program 5 (id=17543): syz_mount_image$hfsplus(&(0x7f0000000500), &(0x7f0000000100)='./file1\x00', 0x1a0c880, &(0x7f0000000200)=ANY=[@ANYRES16=0x0, @ANYRESHEX, @ANYRESDEC, @ANYRESDEC, @ANYRESDEC], 0x3, 0x683, &(0x7f0000000540)="$eJzs3c1rHPf9B/D3rFay5B84SmIn/pVARQxpqaktWTitSyFuD0WHUIJ7CIVehC3HwmslSEpRQinq87WH/AFpQYdCT4XeDSn01PaWq04lpdBLTjrVZWZntSvJK+/KerDa18uM9jv7fZzPzHxnZxczAf5nzV1O82GKzF1+c61c39yYbW1uzJ6ps1tJynQjabZfUiwlxSfJzbSX/H/5Zl2+6NfPR4s3bn36+eZn7bVmvVTlG/vVG8x6vWQqyUj9utfogdq73be9/c1vp4rtLSwDdqkTODhpj/ZYH6b6U563wLOgaF8395hMziYZrz8HpJ4dGsc7usM31CwHAAAAp9RzW9nKWs6d9DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgNKmf/1/US6OTnkrRef7/WP1e6vStxgmP+Wk8POkBAAAAAAAAAMAh+OJWtrKWc531R9Uv+/9+tVo5X/39v7yflSxkOVeylvmsZjXLmUky+dtuQ2Nr86uryzN5cs1rZc3srnnteLYXAAAAAAAAAP5L/TRz3d//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgWVAkI+2XajnfSU+m0UwynmSsLLee/K2TPiWKx7358PjHAQAAAE9l/AB1ntvKVtZyrrP+qKju+V+q7pfH836WsprFrKaVhdyp76HLu/7G5sZsa3Nj9sHmxmzV8Q8etbXb+da/hhpG1WLa3z08vueLVYmJ3M1i9c6V3K4GcyeNqmbpYj2e7WVnJz8pxzTxRm3Akd2pX8vOft3vW4TD0Bi2wmRVaXQ7ItP12MqGnt8/Ek/cO819e5pJY/ubn/P79NTZpGLImJ/t1Evyy10xf+Pvv/v+gM0cge1INFJF4lrP0ffS/jFPvvTH3799r7V0/97dlctHdhgdl93HxGxPJF4+1ZFoDll+uorEhe31uXwn38vlTOWtLGcxP8x8VrOQembMfH08l38ne6KU7InUzR1rbz1pJGP1fmnPooOMaSpnqtR8Xq3qnstiirybO1nI69W/a5nJ13I913OjZw9f6LuHq22rZtrGcGf9pS+ne6r/qpypB6uX/HnQgsNrX1LLuD7fE9feOXeyyut9pxulFwa4Hg05Nza/UCfKPn52kMvGkdkdiZmeSLy4fyR+U50bK62l+8v35t/r0/76rvXXRrvpXxzllXlo5fHyQsbrmWTn0VHmvbg9y+yM11j9i0s7r7En70KVVxSdM/W7fc/Usfoz3N6WrlV5L+/NG+mM/GJP3o7PW3n3LycTTwCGdPYrZ8cm/jnx14mPJ34+cW/izfFvn/n6mVfGMvqn0W80p0dea7xS/CEf58fd+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODgVj748P58q7Ww/PhEo3/W4SaK+kE+/co0M5FjGMZxJopk/ZBbHqn36mE1OHpE2955iODTtvP2zWdjV57mRHnMdI+fbla9iw7ycFHgVLi6+uC9qysffPjVxQfz7yy8s7A0ev36jekb11+fvXp3sbUw3f570qMEjkL388BJjwQAAAAAAAAAAAAY1CH8L4Jv/qPdVN8yPd1NndR2AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKfX3OU0R1NkZvrKdLm+uTHbKpdOuluymaTRSIofJcUnyc20l0z2NFf06+ejxRu3Pv1887NuW81O+cZ+9QazXi+ZSjJSv+4xdrD2bvdrb2DF9haWAbvUCRyctP8EAAD//zZmASg=") llistxattr(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffff4c) 358.009379ms ago: executing program 6 (id=17544): syz_mount_image$hfs(&(0x7f00000007c0), &(0x7f0000000000)='./file1\x00', 0x30008c0, &(0x7f0000000980)=ANY=[@ANYBLOB="66696c655f756d61736b3d30303030303030303030303030303030303030373737372c6469725f756d61736b3d30303030303030303030303030303030303030303030302c696f636861727365743d69736f383835392d362c636f6465706167653d63703835352c63726561746f723d4ddd71752c00eeabc72a9832436950c6116498dda8be60a94746ea68766f63d1d63944fbda2a9337439b37b6f2a694ba98f40070d09c3890bd28a2018f1adfe1e0a630020a9cac1a43800a70a9328ddb2a2f2e207da7cd3caf243b39eaff4966b7aa97cb6cc7d2cfc59e7a976de0a00d23c7ffaaa056cc4f8bc7b4c0f9a21db642b3e832e30a90ba1b9e7933b77c60f6a1b9ca9128f0a2d0e23373c9d15c79865bae97ddd82b98001b6aa9c5390e4deaf5f0ee492c6842b1c08486e479a889491459a257e9d4083634dac6cd58520f72e6c2f11bbd5b03655bb1863b16f3", @ANYBLOB="11f4579be01e435c584a33c63f8173f96bc4546035804d47be19163bd9e589bfdd0a9e6804495a4e4d83804e78ac5a72446295afd79de3fd6a02932a26ab4045133c371e56b0d48544db3c7db23a432f837b93f89b6f223cd1f6731d407ffdb1dd9467f5cd2d6c4e8b9d4f50d338ac91501a4bb780c4723929e22f55254546facc4f0284e644e6", @ANYRES8, @ANYRESHEX=0x0], 0x11, 0x314, &(0x7f0000000b80)="$eJzs3U1rE08cB/Dv7KZN+m/pf7UVwYNINWAvovUiXiIlL8KTqE0KxSWitviAYBVPIvbu3aNXX4N4UQTP9eRJPHiqBxmZh2SfN6lmd1P9fsCy2dmZ/e3OzlPALIjon7Xa3n11/ov6JwAXLvDsIuAAaAA1AEdwtLHV29zY9LudvIJcHK+bXAImp0gcs9brpmVtwOawPPWphrnwPiqGlPLS56qDoMrp1i/d6M4Tuieo29apExsVxZfl8f6zfJsBsF1EMBMlv6bEHvZwD/OlhUNERBNJmPHdseP8nJ2/Ow7QtIOJSpu48f937VUdQOFkbmpo/NerLClUvf+vk4L1nl7CqXSnv0pMK+t17PNU7PM0zNMTmV2KYatKHYszs77hd8+s3fQ7Dp6gZYUOW9R/O/bxtCLR1hNFL6WsTXMMSpvJPESkzyhn9TVMqWtYMfHfBRCJfyH3jAUQ78QHcUV4eInOYP5Xk0JVk64pL1ZTJv6z2SXqq/TUUbDdRqvVciKHHNInOWbPYA25ygbcrDNO2zIjXxB4w+LUuQ7HcpmrOzck10JqrhW9vQwnI9diJJe6mvUN/232qUohXojLYglf8Qbt0PzfUfE1kWyZoYc+aDWiaYYCfcdV64zWbEitaXsiPXJsfdp9aPYnm8vgLiYbrPUjv0+jfXiO67iA+Tv3H9xwfb97W21c89XjqjcGe27N2Q2/O/UUCCdNyga2gz11SC1xcH9QKjOw5bEWqPqPlCTVsHrf+3tUKxtW4KM/jUf1A4XeutkRrmJ/G/2uazwFtt+P50HqTxsiST+llCU2oh17Z+JJ1XRLVK6g0kc7PmWqQwebqlJh1n/BeqVmJnvqj5c6Tx/xiwBbolRz7MEKLsgrzYwcwH85K7i0YjNXcMk1V2LNqNdcJ08Dp0Y/o2fj/EuINj7iKr//JyIiIiIiIiIiIiIiIiIiIiIiIiI6aMr4zzBVXyMRERERERERERERERERERERERERERER0UG32oD53Wv03/+L0d7/G38Vi2t+Enws7//d6YHv/yUq3q8AAAD///B/c8c=") mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x61c28c7771d1cf6b) 347.12882ms ago: executing program 3 (id=17545): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x180, 0x0) ioctl$TIOCGSOFTCAR(r0, 0x5414, 0x0) 335.87268ms ago: executing program 2 (id=17546): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) fsopen(0x0, 0x0) 253.090216ms ago: executing program 0 (id=17547): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x800000000000005, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x2, @pix={0x0, 0x0, 0x31384142}}) 19.567119ms ago: executing program 3 (id=17548): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x350, 0x1b0, 0x12, 0x60d, 0x0, 0x202, 0x280, 0x2e8, 0x2e8, 0x280, 0x2c0, 0x4, 0x0, {[{{@uncond, 0x0, 0x190, 0x1b0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0xfffd, 0x0, 'fsm\x00', "000000165a8c2e0617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f672225d6147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac05a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x49, 0x2}}, @inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x1b0}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b0) 18.478679ms ago: executing program 5 (id=17549): keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x39) syz_usb_connect(0x3, 0x8c6, &(0x7f0000000300)=ANY=[@ANYBLOB="1201500236e47e2082055c2955d4010203010902b408048006a00309047f0e01ff2dde700a2401010080020102081305052f"], &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x44, &(0x7f0000000340)=@string={0x44, 0x3, "381eb403e2557d19917fd81c4795da484965481977cfb8db4e8b454c5101d4b71e50892b6a43eda010cd7f09bf418d36b473379d378df5ef5f2e349001feb15b3784"}}]}) 14.877119ms ago: executing program 2 (id=17550): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) pwritev(r0, &(0x7f0000000380)=[{&(0x7f0000000040)="02000000", 0x4}, {&(0x7f00000019c0)='\x00', 0x1}], 0x2, 0xc, 0x20000000) 0s ago: executing program 6 (id=17551): r0 = socket$inet(0x2, 0x2, 0x1) setsockopt$inet_mreqn(r0, 0x0, 0x20, 0x0, 0x300) kernel console output (not intermixed with test programs): , error: -5 [ 1477.985955][ T5566] usb 6-1: USB disconnect, device number 4 [ 1478.315579][ T6346] loop3: detected capacity change from 0 to 32768 [ 1478.360077][ T6346] /dev/loop3: Can't open blockdev [ 1479.025848][ T6394] loop0: detected capacity change from 0 to 16 [ 1479.080189][ T6394] erofs: (device loop0): mounted with root inode @ nid 36. [ 1479.099167][ T6395] netlink: 'syz.6.14993': attribute type 10 has an invalid length. [ 1479.133195][ T6394] syz.0.14996: attempt to access beyond end of device [ 1479.133195][ T6394] loop0: rw=0, sector=1936876908, nr_sectors = 1 limit=16 [ 1479.229954][ T6394] syz.0.14996: attempt to access beyond end of device [ 1479.229954][ T6394] loop0: rw=0, sector=3955228672, nr_sectors = 1 limit=16 [ 1479.250179][ T6395] team0: Port device netdevsim0 added [ 1480.547482][ T6435] loop6: detected capacity change from 0 to 4096 [ 1480.598808][ T6446] netlink: 48 bytes leftover after parsing attributes in process `syz.0.15017'. [ 1480.664526][ T6446] tc_dump_action: action bad kind [ 1481.407704][ T6468] netlink: 'syz.5.15025': attribute type 2 has an invalid length. [ 1481.551878][ T6468] device .*! entered promiscuous mode [ 1482.501262][ T32] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 1482.728818][ T32] usb 1-1: Using ep0 maxpacket: 16 [ 1482.741171][ T32] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1482.796061][ T32] usb 1-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82 [ 1482.827272][ T32] usb 1-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10 [ 1482.856083][ T32] usb 1-1: Product: syz [ 1482.869543][ T32] usb 1-1: Manufacturer: syz [ 1482.885299][ T32] usb 1-1: SerialNumber: syz [ 1482.917965][ T32] usb 1-1: config 0 descriptor?? [ 1483.228673][ T32] snd-usb-audio: probe of 1-1:0.0 failed with error -22 [ 1483.272410][ T4485] udevd[4485]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1483.288557][ T32] usb 1-1: USB disconnect, device number 81 [ 1483.506782][ T6539] netlink: 20 bytes leftover after parsing attributes in process `syz.3.15053'. [ 1483.549271][ T6539] netlink: 32 bytes leftover after parsing attributes in process `syz.3.15053'. [ 1484.423036][ T6533] loop5: detected capacity change from 0 to 32768 [ 1484.528599][ T6533] ocfs2: Slot 0 on device (7,5) was already allocated to this node! [ 1484.546229][ T26] audit: type=1326 audit(1429.152:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6565 comm="syz.3.15063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1484.617351][ T6569] x_tables: duplicate entry at hook 3 [ 1484.701414][ T6533] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 1484.722917][ T26] audit: type=1326 audit(1429.216:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6565 comm="syz.3.15063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1484.817534][ T26] audit: type=1326 audit(1429.216:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6565 comm="syz.3.15063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1484.874858][ T6533] (syz.5.15052,6533,1):ocfs2_read_blocks:239 ERROR: status = -12 [ 1484.883654][ T6533] (syz.5.15052,6533,1):ocfs2_xattr_block_find:2835 ERROR: status = -12 [ 1484.971384][ T26] audit: type=1326 audit(1429.216:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6565 comm="syz.3.15063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1485.232431][ T3517] ocfs2: Unmounting device (7,5) on (node local) [ 1486.025121][ T26] audit: type=1326 audit(1430.518:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6613 comm="syz.6.15079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1486.116325][ T26] audit: type=1326 audit(1430.582:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6613 comm="syz.6.15079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1486.282742][ T26] audit: type=1326 audit(1430.582:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6613 comm="syz.6.15079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1486.437906][ T26] audit: type=1326 audit(1430.582:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6613 comm="syz.6.15079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1486.467998][ T6627] loop3: detected capacity change from 0 to 1024 [ 1486.475224][ T6627] EXT4-fs: Ignoring removed nobh option [ 1486.602511][ T6627] /dev/loop3: Can't open blockdev [ 1486.716650][ T26] audit: type=1326 audit(1431.164:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6635 comm="syz.0.15089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0a39af79 code=0x7ffc0000 [ 1486.790000][ T26] audit: type=1326 audit(1431.164:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6635 comm="syz.0.15089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0a39af79 code=0x7ffc0000 [ 1487.091463][ T6647] netlink: 'syz.5.15095': attribute type 1 has an invalid length. [ 1487.138194][ T6647] netlink: 220 bytes leftover after parsing attributes in process `syz.5.15095'. [ 1488.695459][ T6697] netlink: 'syz.6.15113': attribute type 4 has an invalid length. [ 1488.788715][ T6668] loop0: detected capacity change from 0 to 32768 [ 1488.883618][ T6668] XFS (loop0): Mounting V5 Filesystem [ 1488.978713][ T6668] XFS (loop0): Ending clean mount [ 1489.159103][ T4273] XFS (loop0): Unmounting Filesystem [ 1489.292755][ T6717] netlink: 8 bytes leftover after parsing attributes in process `syz.6.15121'. [ 1489.321817][ T6723] loop3: detected capacity change from 0 to 512 [ 1489.396169][ T6723] /dev/loop3: Can't open blockdev [ 1490.627667][ T6762] delete_channel: no stack [ 1490.706864][ T6766] loop5: detected capacity change from 0 to 128 [ 1490.753566][ T6766] syz.5.15143: attempt to access beyond end of device [ 1490.753566][ T6766] loop5: rw=0, sector=6491536, nr_sectors = 2 limit=128 [ 1490.805877][ T6766] Buffer I/O error on dev loop5, logical block 3245768, async page read [ 1490.937285][ T6772] netlink: 'syz.3.15146': attribute type 13 has an invalid length. [ 1491.024355][ T3517] sysv_free_block: flc_count > flc_size [ 1491.034760][ T3517] sysv_free_block: flc_count > flc_size [ 1491.060098][ T3517] sysv_free_block: flc_count > flc_size [ 1491.065796][ T3517] sysv_free_block: flc_count > flc_size [ 1491.081451][ T3517] sysv_free_block: flc_count > flc_size [ 1491.113585][ T3517] sysv_free_block: flc_count > flc_size [ 1491.137045][ T3517] sysv_free_block: flc_count > flc_size [ 1491.142694][ T3517] sysv_free_block: flc_count > flc_size [ 1491.175027][ T3517] sysv_free_block: flc_count > flc_size [ 1491.189806][ T3517] sysv_free_block: flc_count > flc_size [ 1491.225974][ T3517] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 1491.377111][ T6780] loop3: detected capacity change from 0 to 4096 [ 1491.396261][ T6780] /dev/loop3: Can't open blockdev [ 1491.626742][ T6791] trusted_key: encrypted_key: master key parameter is missing [ 1492.359927][ T5566] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1492.565969][ T5566] usb 6-1: Using ep0 maxpacket: 16 [ 1492.578137][ T5566] usb 6-1: config 254 has an invalid interface number: 235 but max is 0 [ 1492.586573][ T5566] usb 6-1: config 254 has no interface number 0 [ 1492.630221][ T5566] usb 6-1: config 254 interface 235 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 32 [ 1492.662552][ T5566] usb 6-1: config 254 interface 235 altsetting 2 endpoint 0x82 has an invalid bInterval 97, changing to 7 [ 1492.707251][ T5566] usb 6-1: config 254 interface 235 altsetting 2 endpoint 0x82 has invalid maxpacket 24929, setting to 1024 [ 1492.722880][ T6837] netlink: 92 bytes leftover after parsing attributes in process `syz.0.15177'. [ 1492.739054][ T5566] usb 6-1: config 254 interface 235 has no altsetting 0 [ 1492.752561][ T6837] netlink: 16 bytes leftover after parsing attributes in process `syz.0.15177'. [ 1492.764806][ T6837] netlink: 16 bytes leftover after parsing attributes in process `syz.0.15177'. [ 1492.771853][ T5566] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1 [ 1492.797790][ T6833] loop6: detected capacity change from 0 to 4096 [ 1492.804478][ T5566] usb 6-1: New USB device strings: Mfr=1, Product=251, SerialNumber=3 [ 1492.814039][ T5566] usb 6-1: Product: syz [ 1492.818737][ T5566] usb 6-1: Manufacturer: syz [ 1492.823401][ T5566] usb 6-1: SerialNumber: syz [ 1492.831595][ T6833] __ntfs_error: 8 callbacks suppressed [ 1492.831611][ T6833] ntfs: (device loop6): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 1492.863217][ T6811] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1492.887024][ T6833] ntfs: (device loop6): ntfs_read_locked_inode(): $DATA attribute is missing. [ 1492.912483][ T6833] ntfs: (device loop6): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 1492.961977][ T6833] ntfs: (device loop6): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1493.061382][ T6833] ntfs: volume version 3.1. [ 1493.101006][ T5566] usbtest 6-1:254.235: couldn't get endpoints, -71 [ 1493.121927][ T5566] usbtest: probe of 6-1:254.235 failed with error -71 [ 1493.168129][ T5566] usb 6-1: USB disconnect, device number 5 [ 1493.270346][ T6846] netlink: 'syz.3.15182': attribute type 9 has an invalid length. [ 1493.421419][ T6852] loop6: detected capacity change from 0 to 764 [ 1493.537521][ T6852] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1493.583191][ T6852] Symlink component flag not implemented [ 1493.602454][ T6852] Symlink component flag not implemented (7) [ 1494.272326][ T6882] netlink: 12 bytes leftover after parsing attributes in process `syz.0.15200'. [ 1494.834186][ T6903] loop6: detected capacity change from 0 to 256 [ 1494.908983][ T6903] FAT-fs (loop6): Directory bread(block 64) failed [ 1494.948482][ T6903] FAT-fs (loop6): Directory bread(block 65) failed [ 1494.981331][ T6903] FAT-fs (loop6): Directory bread(block 66) failed [ 1495.033005][ T6903] FAT-fs (loop6): Directory bread(block 67) failed [ 1495.060613][ T6903] FAT-fs (loop6): Directory bread(block 68) failed [ 1495.067233][ T6903] FAT-fs (loop6): Directory bread(block 69) failed [ 1495.122632][ T6903] FAT-fs (loop6): Directory bread(block 70) failed [ 1495.144597][ T6903] FAT-fs (loop6): Directory bread(block 71) failed [ 1495.151274][ T6903] FAT-fs (loop6): Directory bread(block 72) failed [ 1495.204599][ T6903] FAT-fs (loop6): Directory bread(block 73) failed [ 1495.517378][ T6925] loop3: detected capacity change from 0 to 256 [ 1495.667838][ T6932] netlink: 44 bytes leftover after parsing attributes in process `syz.6.15222'. [ 1495.708227][T14528] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1496.316571][ T6950] netlink: 'syz.6.15232': attribute type 10 has an invalid length. [ 1496.360207][ T6950] netlink: 40 bytes leftover after parsing attributes in process `syz.6.15232'. [ 1496.399419][ T6950] bridge0: port 3(ipvlan1) entered blocking state [ 1496.424646][ T6950] bridge0: port 3(ipvlan1) entered disabled state [ 1496.446860][ T6950] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 1496.471315][ T6954] loop3: detected capacity change from 0 to 16 [ 1496.481390][ T6954] /dev/loop3: Can't open blockdev [ 1496.523100][ T4485] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1496.736683][ T5566] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1496.894050][ T6964] loop6: detected capacity change from 0 to 4096 [ 1496.949996][ T5566] usb 6-1: Using ep0 maxpacket: 8 [ 1496.965117][ T5566] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1496.986107][ T32] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 1496.998846][ T5566] usb 6-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1497.015269][ T6970] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1497.019789][ T6964] NILFS error (device loop6): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 1497.042680][ T5566] usb 6-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 0 [ 1497.084344][ T5566] usb 6-1: config 8 interface 0 has no altsetting 0 [ 1497.108684][ T6964] NILFS (loop6): mounting fs with errors [ 1497.127404][ T5566] usb 6-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 1497.136617][ T5566] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1497.178021][ T6964] NILFS error (device loop6): nilfs_check_page: bad entry in directory #2: disallowed inode number - offset=32, inode=9, rec_len=24, name_len=6 [ 1497.203161][ T5566] usb 6-1: Product: syz [ 1497.207486][ T5566] usb 6-1: Manufacturer: syz [ 1497.212138][ T5566] usb 6-1: SerialNumber: syz [ 1497.214030][ T32] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1497.264092][ T32] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de [ 1497.292486][ T32] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1497.324030][ T32] usb 4-1: config 0 descriptor?? [ 1497.446708][ T6980] netlink: 388 bytes leftover after parsing attributes in process `syz.2.15248'. [ 1497.466124][ T5566] usb 6-1: selecting invalid altsetting 0 [ 1497.616282][ T5566] snd-usb-audio: probe of 6-1:8.0 failed with error -12 [ 1497.642719][ T5566] usb 6-1: USB disconnect, device number 6 [ 1497.702519][ T6986] netlink: 'syz.2.15249': attribute type 21 has an invalid length. [ 1497.741205][ T6986] netlink: 128 bytes leftover after parsing attributes in process `syz.2.15249'. [ 1497.762445][ T6986] netlink: 'syz.2.15249': attribute type 5 has an invalid length. [ 1497.772385][ T32] ath6kl: Failed to read usb control message: -71 [ 1497.782843][ T32] ath6kl: Unable to read the bmi data from the device: -71 [ 1497.814654][ T6986] netlink: 'syz.2.15249': attribute type 6 has an invalid length. [ 1497.823709][ T32] ath6kl: Unable to recv target info: -71 [ 1497.833272][ T32] ath6kl: Failed to init ath6kl core: -71 [ 1497.861021][ T6986] netlink: 3 bytes leftover after parsing attributes in process `syz.2.15249'. [ 1497.896291][ T4397] udevd[4397]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1497.937139][ T32] ath6kl_usb: probe of 4-1:0.0 failed with error -71 [ 1497.948080][ T32] usb 4-1: USB disconnect, device number 66 [ 1498.318529][T18489] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 1498.462321][ T7006] A link change request failed with some changes committed already. Interface xfrm0 may have been left with an inconsistent configuration, please check. [ 1498.535058][T18489] usb 1-1: Using ep0 maxpacket: 32 [ 1498.544065][T18489] usb 1-1: config 2 has an invalid interface number: 157 but max is 0 [ 1498.568988][T18489] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 1498.600030][T18489] usb 1-1: config 2 has no interface number 0 [ 1498.619713][T18489] usb 1-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=a4.1b [ 1498.641365][T18489] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1498.660218][T18489] usb 1-1: Product: syz [ 1498.677163][T18489] usb 1-1: Manufacturer: syz [ 1498.682507][T18489] usb 1-1: SerialNumber: syz [ 1498.714772][T18489] imon 1-1:2.157: unable to register, err -19 [ 1498.795233][ T7018] netlink: 8 bytes leftover after parsing attributes in process `syz.5.15263'. [ 1498.941815][ T7024] loop5: detected capacity change from 0 to 256 [ 1498.963255][T18489] usb 1-1: USB disconnect, device number 82 [ 1499.046879][ T7024] FAT-fs (loop5): Directory bread(block 64) failed [ 1499.053507][ T7024] FAT-fs (loop5): Directory bread(block 65) failed [ 1499.103476][ T7024] FAT-fs (loop5): Directory bread(block 66) failed [ 1499.125346][ T7024] FAT-fs (loop5): Directory bread(block 67) failed [ 1499.146823][ T7024] FAT-fs (loop5): Directory bread(block 68) failed [ 1499.162619][ T7024] FAT-fs (loop5): Directory bread(block 69) failed [ 1499.169930][ T7024] FAT-fs (loop5): Directory bread(block 70) failed [ 1499.183516][ T7024] FAT-fs (loop5): Directory bread(block 71) failed [ 1499.190935][ T7024] FAT-fs (loop5): Directory bread(block 72) failed [ 1499.204501][ T7024] FAT-fs (loop5): Directory bread(block 73) failed [ 1499.714635][ T7047] loop0: detected capacity change from 0 to 1024 [ 1499.759018][ T7047] EXT4-fs: Ignoring removed bh option [ 1499.863238][ T26] audit: type=1326 audit(1443.293:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.6.15282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1499.882903][ T7047] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 1499.885279][ C0] vkms_vblank_simulate: vblank timer overrun [ 1499.902627][ T26] audit: type=1326 audit(1443.330:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.6.15282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1499.925062][ T26] audit: type=1326 audit(1443.330:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.6.15282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1499.947445][ T26] audit: type=1326 audit(1443.330:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.6.15282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1499.969490][ T26] audit: type=1326 audit(1443.330:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.6.15282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1499.992868][ T26] audit: type=1326 audit(1443.330:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.6.15282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1500.015535][ T26] audit: type=1326 audit(1443.330:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7056 comm="syz.6.15282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1500.081148][ T7047] EXT4-fs error (device loop0): __ext4_new_inode:1075: comm syz.0.15277: reserved inode found cleared - inode=18 [ 1500.164570][ T7047] EXT4-fs (loop0): Remounting filesystem read-only [ 1500.276868][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 1500.716196][ T7085] IPv6: Can't replace route, no match found [ 1501.220288][ T7108] netlink: 12 bytes leftover after parsing attributes in process `syz.3.15304'. [ 1501.420307][ T7116] tipc: Can't bind to reserved service type 2 [ 1501.650206][ T7128] x_tables: duplicate underflow at hook 4 [ 1502.077685][T18489] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 1502.179136][ T7148] loop3: detected capacity change from 0 to 2048 [ 1502.231459][ T4485] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1502.296648][T18489] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1502.327148][T18489] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1502.370302][T18489] usb 1-1: config 0 descriptor?? [ 1502.379134][ T7150] loop5: detected capacity change from 0 to 8192 [ 1502.548720][ T7154] netlink: 'syz.3.15327': attribute type 5 has an invalid length. [ 1502.591259][ T7154] device ip6erspan0 entered promiscuous mode [ 1502.605187][T18489] [drm] vendor descriptor length:6 data:06 5f 00 00 00 00 00 00 00 00 00 [ 1502.626211][T18489] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 1502.841646][T18489] [drm:udl_init] *ERROR* Selecting channel failed [ 1502.877168][T18489] [drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2 [ 1502.903201][ T26] audit: type=1326 audit(1446.099:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7157 comm="syz.3.15329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1502.913371][T18489] [drm] Initialized udl on minor 2 [ 1502.950833][ T26] audit: type=1326 audit(1446.136:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7157 comm="syz.3.15329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1502.972707][ C0] vkms_vblank_simulate: vblank timer overrun [ 1502.992946][T18489] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1503.030420][T18489] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 1503.071314][ T26] audit: type=1326 audit(1446.136:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7157 comm="syz.3.15329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1503.099246][T18489] usb 1-1: USB disconnect, device number 83 [ 1503.125983][ T7093] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 1503.140317][ T7093] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 1503.197271][ T7093] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 1503.779196][ T8683] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1503.788237][ T8683] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1503.844029][ T8683] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1503.851816][ T8683] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1503.898774][ T8683] rtc rtc0: __rtc_set_alarm: err=-22 [ 1504.481417][ T7204] loop0: detected capacity change from 0 to 2048 [ 1504.542766][ T7204] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1504.661253][ T7208] netlink: 16 bytes leftover after parsing attributes in process `syz.2.15353'. [ 1504.711827][ T7210] netlink: 32 bytes leftover after parsing attributes in process `syz.5.15354'. [ 1504.764400][ T7210] netlink: 40 bytes leftover after parsing attributes in process `syz.5.15354'. [ 1505.558303][ T7236] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15367'. [ 1505.622215][T18489] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 1505.686291][ T7238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1505.694677][ T7238] netlink: 28 bytes leftover after parsing attributes in process `syz.3.15368'. [ 1505.800108][ T7238] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 1505.858820][T18489] usb 3-1: Using ep0 maxpacket: 16 [ 1505.870361][T18489] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1505.897484][T18489] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1505.926172][T18489] usb 3-1: Product: syz [ 1505.947047][T18489] usb 3-1: Manufacturer: syz [ 1505.951727][T18489] usb 3-1: SerialNumber: syz [ 1505.986928][T18489] r8152-cfgselector 3-1: config 0 descriptor?? [ 1505.998181][ T7242] loop5: detected capacity change from 0 to 8192 [ 1506.054317][ T7242] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1506.075497][ T7242] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal [ 1506.084836][ T7242] REISERFS (device loop5): using ordered data mode [ 1506.135289][ T7242] reiserfs: using flush barriers [ 1506.200707][ T7242] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1506.303464][ T7242] REISERFS (device loop5): checking transaction log (loop5) [ 1506.335073][ T7242] REISERFS (device loop5): Using r5 hash to sort names [ 1506.344515][ T7242] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 1506.448234][T18489] r8152-cfgselector 3-1: Unknown version 0x0000 [ 1506.473257][T18489] r8152-cfgselector 3-1: USB disconnect, device number 66 [ 1506.510314][ T7242] REISERFS warning (device loop5): super-6502 reiserfs_getopt: unknown mount option "reiserfs" [ 1506.691858][ T7253] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15375'. [ 1508.361389][ T7290] netlink: 256 bytes leftover after parsing attributes in process `syz.2.15393'. [ 1508.521606][ T7292] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1509.237183][ T7280] loop3: detected capacity change from 0 to 32768 [ 1509.390671][ T7310] unsupported nlmsg_type 40 [ 1510.218924][ T7325] futex_wake_op: syz.5.15410 tries to shift op by -1; fix this program [ 1510.811580][ T7348] netlink: 'syz.2.15422': attribute type 5 has an invalid length. [ 1511.248183][ T5575] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 1511.459604][ T5575] usb 1-1: Using ep0 maxpacket: 8 [ 1511.467019][ T5575] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1511.523493][ T5575] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1511.547050][ T5575] usb 1-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 1511.607810][ T5575] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1511.632999][ T5575] usb 1-1: Product: syz [ 1511.654528][ T5575] usb 1-1: Manufacturer: syz [ 1511.659214][ T5575] usb 1-1: SerialNumber: syz [ 1511.693863][ T5575] usb 1-1: config 0 descriptor?? [ 1512.039940][ T7366] loop6: detected capacity change from 0 to 32768 [ 1512.087900][T18489] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 1512.106586][ T7366] XFS (loop6): DAX unsupported by block device. Turning off DAX. [ 1512.156304][ T7366] XFS (loop6): Mounting V5 Filesystem [ 1512.211158][ T5575] usb 1-1: USB disconnect, device number 84 [ 1512.293710][T18489] usb 6-1: Using ep0 maxpacket: 16 [ 1512.302623][T18489] usb 6-1: config index 0 descriptor too short (expected 16456, got 72) [ 1512.311685][ T7366] XFS (loop6): Ending clean mount [ 1512.329132][ T7366] XFS (loop6): Quotacheck needed: Please wait. [ 1512.337436][T18489] usb 6-1: config 0 has an invalid interface number: 125 but max is 1 [ 1512.356735][T18489] usb 6-1: config 0 has an invalid interface number: 125 but max is 1 [ 1512.367667][T18489] usb 6-1: config 0 has an invalid interface number: 125 but max is 1 [ 1512.387535][T18489] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1512.409278][T18489] usb 6-1: config 0 has no interface number 0 [ 1512.426717][T18489] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 1512.444588][ C0] vkms_vblank_simulate: vblank timer overrun [ 1512.449815][T18489] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 1512.473854][T18489] usb 6-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1512.495507][T18489] usb 6-1: config 0 interface 125 has no altsetting 1 [ 1512.508007][ T7366] XFS (loop6): Quotacheck: Done. [ 1512.523348][T18489] usb 6-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 1512.553789][T18489] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1512.573076][T18489] usb 6-1: Product: syz [ 1512.587739][T18489] usb 6-1: Manufacturer: syz [ 1512.592437][T18489] usb 6-1: SerialNumber: syz [ 1512.621235][T18489] usb 6-1: config 0 descriptor?? [ 1512.631257][ T4295] XFS (loop6): Unmounting Filesystem [ 1512.674125][ T4343] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 1512.911454][ T4343] usb 4-1: Using ep0 maxpacket: 32 [ 1512.923608][ T4343] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1512.952286][ T4343] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1512.983319][ T4343] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1512.997605][ T7405] bridge0: port 4(netdevsim0) entered blocking state [ 1513.006380][ T4343] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1513.006835][ T7405] bridge0: port 4(netdevsim0) entered disabled state [ 1513.039444][ T4343] usb 4-1: config 0 descriptor?? [ 1513.058062][ T4343] hub 4-1:0.0: USB hub found [ 1513.104371][ T8683] usb 6-1: USB disconnect, device number 7 [ 1513.272793][ T1126] block nbd0: Attempted send on invalid socket [ 1513.279052][ T1126] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 1513.308731][ T4343] hub 4-1:0.0: 1 port detected [ 1513.534586][ T4343] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 1513.552589][ T4343] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 1513.575068][ T4343] usbhid 4-1:0.0: can't add hid device: -71 [ 1513.581130][ T4343] usbhid: probe of 4-1:0.0 failed with error -71 [ 1513.659407][ T4343] usb 4-1: USB disconnect, device number 67 [ 1513.680723][ T8683] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 1513.904884][ T8683] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1513.925242][ T8683] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1513.946854][ T8683] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1513.968612][ T8683] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1514.002531][ T8683] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1514.012275][ T8683] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1514.020435][ T8683] usb 7-1: Product: syz [ 1514.024861][ T8683] usb 7-1: Manufacturer: syz [ 1514.029618][ T8683] usb 7-1: SerialNumber: syz [ 1514.054054][ T8683] cdc_ncm 7-1:1.0: CDC Union missing and no IAD found [ 1514.070462][ T8683] cdc_ncm 7-1:1.0: bind() failure [ 1514.146369][ T32] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1514.266210][ T7442] netlink: 'syz.3.15464': attribute type 7 has an invalid length. [ 1514.297165][ T8683] usb 7-1: USB disconnect, device number 5 [ 1514.379334][ T32] usb 6-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 1514.394552][ T32] usb 6-1: New USB device strings: Mfr=13, Product=2, SerialNumber=3 [ 1514.414227][ T32] usb 6-1: Product: syz [ 1514.418873][ T32] usb 6-1: Manufacturer: syz [ 1514.426340][ T32] usb 6-1: SerialNumber: syz [ 1514.437704][ T32] r8152-cfgselector 6-1: config 0 descriptor?? [ 1514.460879][ T7447] netlink: 'syz.2.15466': attribute type 8 has an invalid length. [ 1514.843562][ T7463] loop0: detected capacity change from 0 to 64 [ 1514.949018][ T32] r8152-cfgselector 6-1: Unknown version 0x0000 [ 1514.959903][ T32] r8152-cfgselector 6-1: USB disconnect, device number 8 [ 1515.483600][ T7483] loop3: detected capacity change from 0 to 1024 [ 1516.593772][ T7528] overlayfs: missing 'lowerdir' [ 1516.626010][ T7530] loop0: detected capacity change from 0 to 256 [ 1516.638199][ T7526] netlink: 'syz.2.15506': attribute type 3 has an invalid length. [ 1516.734791][ T7530] FAT-fs (loop0): Directory bread(block 64) failed [ 1516.757260][ T7530] FAT-fs (loop0): Directory bread(block 65) failed [ 1516.763967][ T7530] FAT-fs (loop0): Directory bread(block 66) failed [ 1516.790000][ T7530] FAT-fs (loop0): Directory bread(block 67) failed [ 1516.796820][ T7530] FAT-fs (loop0): Directory bread(block 68) failed [ 1516.856159][ T7530] FAT-fs (loop0): Directory bread(block 69) failed [ 1516.862913][ T7530] FAT-fs (loop0): Directory bread(block 70) failed [ 1516.882338][ T7530] FAT-fs (loop0): Directory bread(block 71) failed [ 1516.901481][ T7538] Non-string source [ 1516.906661][ T7530] FAT-fs (loop0): Directory bread(block 72) failed [ 1516.932973][ T7530] FAT-fs (loop0): Directory bread(block 73) failed [ 1517.356804][ T7553] program syz.5.15518 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1517.406886][ T7556] netlink: 'syz.0.15520': attribute type 2 has an invalid length. [ 1517.415552][ T7556] netlink: 'syz.0.15520': attribute type 1 has an invalid length. [ 1517.424745][ T7553] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1517.425237][ T7556] netlink: 'syz.0.15520': attribute type 2 has an invalid length. [ 1517.475439][ T7556] netlink: 32 bytes leftover after parsing attributes in process `syz.0.15520'. [ 1517.783821][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 1517.783851][ T26] audit: type=1326 audit(1459.834:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7568 comm="syz.5.15527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9c179af79 code=0x7ffc0000 [ 1517.885011][ T26] audit: type=1326 audit(1459.834:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7568 comm="syz.5.15527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9c179af79 code=0x7ffc0000 [ 1517.946227][ T26] audit: type=1326 audit(1459.871:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7568 comm="syz.5.15527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9c179af79 code=0x7ffc0000 [ 1517.968095][ C0] vkms_vblank_simulate: vblank timer overrun [ 1518.001207][ T26] audit: type=1326 audit(1459.871:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7568 comm="syz.5.15527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9c179af79 code=0x7ffc0000 [ 1518.023876][ T7577] comedi comedi2: ni_at_a2150: I/O port conflict (0xb013,28) [ 1518.068563][ T26] audit: type=1326 audit(1459.871:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7568 comm="syz.5.15527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7fe9c179af79 code=0x7ffc0000 [ 1518.149731][ T1191] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 1518.173333][ T26] audit: type=1326 audit(1459.871:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7568 comm="syz.5.15527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9c179af79 code=0x7ffc0000 [ 1518.239355][ T26] audit: type=1326 audit(1459.871:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7568 comm="syz.5.15527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9c179af79 code=0x7ffc0000 [ 1518.286872][ T7585] netlink: 64985 bytes leftover after parsing attributes in process `syz.5.15534'. [ 1518.314613][ T26] audit: type=1326 audit(1459.871:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7568 comm="syz.5.15527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fe9c179af79 code=0x7ffc0000 [ 1518.360501][ T1191] usb 3-1: Using ep0 maxpacket: 32 [ 1518.370286][ T1191] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 1518.373520][ T26] audit: type=1326 audit(1459.871:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7568 comm="syz.5.15527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fe9c179af79 code=0x7ffc0000 [ 1518.404064][ T1191] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1518.434587][ T1191] usb 3-1: Product: syz [ 1518.441859][ T1191] usb 3-1: Manufacturer: syz [ 1518.504651][ T1191] usb 3-1: SerialNumber: syz [ 1518.511405][ T1191] usb 3-1: config 0 descriptor?? [ 1518.558391][ T1191] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 1518.644442][ T7595] netlink: 'syz.6.15539': attribute type 10 has an invalid length. [ 1518.664355][ T7595] netlink: 40 bytes leftover after parsing attributes in process `syz.6.15539'. [ 1518.682353][ T7595] netlink: 'syz.6.15539': attribute type 10 has an invalid length. [ 1518.690443][ T7595] netlink: 40 bytes leftover after parsing attributes in process `syz.6.15539'. [ 1518.979260][ T1191] gspca_topro: reg_w err -71 [ 1519.021622][ T1191] gspca_topro: Sensor soi763a [ 1519.049582][ T1191] usb 3-1: USB disconnect, device number 67 [ 1519.694229][ T7623] netlink: 24 bytes leftover after parsing attributes in process `syz.2.15552'. [ 1519.716214][ T7623] netlink: 'syz.2.15552': attribute type 3 has an invalid length. [ 1519.724120][ T7623] netlink: 24 bytes leftover after parsing attributes in process `syz.2.15552'. [ 1519.740878][ T7623] netlink: 44 bytes leftover after parsing attributes in process `syz.2.15552'. [ 1519.954106][ T7611] loop0: detected capacity change from 0 to 32768 [ 1520.016836][ T7611] read_mapping_page failed! [ 1520.397710][ T7646] (unnamed net_device) (uninitialized): (slave netdevsim1): Device is not bonding slave [ 1520.426594][ T7646] (unnamed net_device) (uninitialized): option active_slave: invalid value (netdevsim1) [ 1520.728191][ T7656] loop0: detected capacity change from 0 to 512 [ 1520.809294][ T7656] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1520.838191][ T7656] EXT4-fs: Ignoring removed bh option [ 1520.919812][ T7656] EXT4-fs error (device loop0): mb_free_blocks:1826: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 1521.026920][ T7670] loop5: detected capacity change from 0 to 4096 [ 1521.067479][ T7656] EXT4-fs error (device loop0): ext4_do_update_inode:5272: inode #11: comm syz.0.15568: corrupted inode contents [ 1521.069505][ T7672] netlink: 'syz.2.15574': attribute type 20 has an invalid length. [ 1521.116991][ T7672] IPv6: NLM_F_CREATE should be specified when creating new route [ 1521.129608][ T7656] EXT4-fs error (device loop0): ext4_dirty_inode:6137: inode #11: comm syz.0.15568: mark_inode_dirty error [ 1521.189318][ T7656] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.15568: invalid indirect mapped block 1 (level 1) [ 1521.204564][ T7676] openvswitch: netlink: Key type 316 is out of range max 32 [ 1521.232731][ T7656] EXT4-fs error (device loop0): ext4_do_update_inode:5272: inode #11: comm syz.0.15568: corrupted inode contents [ 1521.295094][ T7656] EXT4-fs error (device loop0) in ext4_orphan_del:303: Corrupt filesystem [ 1521.351981][ T7656] EXT4-fs error (device loop0): ext4_do_update_inode:5272: inode #11: comm syz.0.15568: corrupted inode contents [ 1521.419068][ T7678] xt_cgroup: xt_cgroup: no path or classid specified [ 1521.432639][ T3517] ntfs3: loop5: ntfs_evict_inode r=5 failed, -22. [ 1521.439608][ T7656] EXT4-fs error (device loop0): ext4_truncate:4318: inode #11: comm syz.0.15568: mark_inode_dirty error [ 1521.470258][ T3517] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 1521.525384][ T7656] EXT4-fs error (device loop0) in ext4_process_orphan:345: Corrupt filesystem [ 1521.572433][ T7656] EXT4-fs (loop0): 1 truncate cleaned up [ 1521.602116][ T7656] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 1521.691792][ T7656] EXT4-fs error (device loop0): ext4_find_dest_de:2115: inode #2: block 13: comm syz.0.15568: bad entry in directory: directory entry too close to block end - offset=76, inode=16, rec_len=940, size=1024 fake=0 [ 1521.910348][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 1522.098266][ T8683] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 1522.146574][ T7700] netlink: 24 bytes leftover after parsing attributes in process `syz.3.15589'. [ 1522.156773][ T7700] netlink: 12 bytes leftover after parsing attributes in process `syz.3.15589'. [ 1522.310987][ T8683] usb 7-1: Using ep0 maxpacket: 32 [ 1522.318809][ T8683] usb 7-1: config 0 has an invalid interface number: 90 but max is 0 [ 1522.342874][ T8683] usb 7-1: config 0 has no interface number 0 [ 1522.352804][ T8683] usb 7-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=3a.fa [ 1522.380205][ T8683] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1522.392292][ T8683] usb 7-1: Product: syz [ 1522.420365][ T8683] usb 7-1: Manufacturer: syz [ 1522.433938][ T8683] usb 7-1: SerialNumber: syz [ 1522.450668][ T8683] usb 7-1: config 0 descriptor?? [ 1522.696502][ T8683] powermate: Expected payload of 3--6 bytes, found 512 bytes! [ 1522.717716][ T8683] input: Griffin PowerMate as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.90/input/input81 [ 1522.742677][ C0] powermate: config urb returned -71 [ 1522.749269][ C0] powermate: config urb returned -71 [ 1522.755095][ C0] powermate: config urb returned -71 [ 1522.767925][ C0] powermate: config urb returned -71 [ 1522.780914][ T8683] usb 7-1: USB disconnect, device number 6 [ 1523.193361][ T7735] IPv6: NLM_F_CREATE should be specified when creating new route [ 1523.201460][ T7735] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1523.208816][ T7735] IPv6: NLM_F_CREATE should be set when creating new route [ 1523.666854][ T7750] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1523.702340][ T7750] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1523.933248][ T7759] delete_channel: no stack [ 1524.316250][ T26] audit: type=1326 audit(1465.861:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.3.15624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1524.395090][ T26] audit: type=1326 audit(1465.861:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.3.15624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1524.459987][ T26] audit: type=1326 audit(1465.926:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.3.15624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1524.525257][ T26] audit: type=1326 audit(1465.926:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.3.15624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1524.610855][ T26] audit: type=1326 audit(1465.926:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.3.15624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1524.698467][ T26] audit: type=1326 audit(1465.926:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.3.15624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1524.720232][ T8683] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 1524.763287][ T26] audit: type=1326 audit(1465.926:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.3.15624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1524.839091][ T26] audit: type=1326 audit(1465.926:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.3.15624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1524.902382][ T26] audit: type=1326 audit(1465.926:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.3.15624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f0abb79af79 code=0x7ffc0000 [ 1524.915464][ T8683] usb 7-1: Using ep0 maxpacket: 32 [ 1524.961394][ T8683] usb 7-1: config 2 has an invalid interface number: 157 but max is 0 [ 1524.986571][ T7785] loop0: detected capacity change from 0 to 4096 [ 1524.997034][ T8683] usb 7-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 1525.011656][ T8683] usb 7-1: config 2 has no interface number 0 [ 1525.033935][ T7785] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512) [ 1525.059831][ T8683] usb 7-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=a4.1b [ 1525.084659][ T8683] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1525.099220][ T8683] usb 7-1: Product: syz [ 1525.103462][ T8683] usb 7-1: Manufacturer: syz [ 1525.108236][ T8683] usb 7-1: SerialNumber: syz [ 1525.154784][ T8683] imon 7-1:2.157: unable to register, err -19 [ 1525.389145][ T4343] usb 7-1: USB disconnect, device number 7 [ 1525.606492][ T7797] loop0: detected capacity change from 0 to 4096 [ 1525.807664][ T4273] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22. [ 1525.825479][ T4273] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 1525.944082][ T5566] usb 3-1: new full-speed USB device number 68 using dummy_hcd [ 1526.102785][ T7809] loop0: detected capacity change from 0 to 4096 [ 1526.131928][ T7809] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 1526.159491][ T5566] usb 3-1: config 0 has an invalid interface number: 214 but max is 0 [ 1526.190225][ T5566] usb 3-1: config 0 has no interface number 0 [ 1526.211071][ T5566] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1526.215698][ T7809] ntfs: volume version 3.1. [ 1526.264103][ T5566] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1526.288711][ T5566] usb 3-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 1526.358511][ T5566] usb 3-1: Manufacturer: syz [ 1526.363615][ T5566] usb 3-1: SerialNumber: syz [ 1526.396216][ T5566] usb 3-1: config 0 descriptor?? [ 1526.883322][ T5566] usbtouchscreen: probe of 3-1:0.214 failed with error -71 [ 1526.937317][ T5566] usb 3-1: USB disconnect, device number 68 [ 1527.366282][ T7842] infiniband sz1: set active [ 1527.374586][ T7842] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1527.424582][ T4343] lo speed is unknown, defaulting to 1000 [ 1527.433817][ T7843] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1527.825848][ T7825] loop5: detected capacity change from 0 to 40427 [ 1527.876418][ T7825] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 1527.915899][ T7825] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 1527.925301][ T7825] F2FS-fs (loop5): invalid crc value [ 1527.980848][ T7825] F2FS-fs (loop5): Found nat_bits in checkpoint [ 1528.036389][ T7864] x_tables: duplicate underflow at hook 4 [ 1528.185714][ T7866] loop0: detected capacity change from 0 to 8192 [ 1528.192481][ T7825] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 1528.214800][ T7825] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1528.409352][ T7875] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1528.460881][ T7875] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1528.630950][T18489] usb 4-1: new full-speed USB device number 68 using dummy_hcd [ 1528.840054][T18489] usb 4-1: config 0 has an invalid interface number: 214 but max is 0 [ 1528.864496][T18489] usb 4-1: config 0 has no interface number 0 [ 1528.883356][T18489] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1528.901779][ T8683] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 1528.925160][T18489] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1528.944952][T18489] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 1528.975189][T18489] usb 4-1: Manufacturer: syz [ 1528.986039][T18489] usb 4-1: SerialNumber: syz [ 1529.025227][T18489] usb 4-1: config 0 descriptor?? [ 1529.113655][ T8683] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1529.135181][ T8683] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de [ 1529.168493][ T8683] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1529.192369][ T8683] usb 7-1: config 0 descriptor?? [ 1529.259256][ T1191] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 1529.415050][ T7885] loop0: detected capacity change from 0 to 32768 [ 1529.471121][ T1191] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1529.480073][T18489] usbtouchscreen: probe of 4-1:0.214 failed with error -71 [ 1529.497886][T18489] usb 4-1: USB disconnect, device number 68 [ 1529.523146][ T1191] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1529.557761][ T7885] XFS (loop0): Mounting V5 Filesystem [ 1529.579521][ T1191] usb 6-1: config 0 descriptor?? [ 1529.625097][ T7885] XFS (loop0): Ending clean mount [ 1529.646542][ T7885] XFS (loop0): Quotacheck needed: Please wait. [ 1529.648772][ T8683] ath6kl: Failed to read usb control message: -71 [ 1529.659641][ T8683] ath6kl: Unable to read the bmi data from the device: -71 [ 1529.675024][ T8683] ath6kl: Unable to recv target info: -71 [ 1529.682514][ T8683] ath6kl: Failed to init ath6kl core: -71 [ 1529.728218][ T8683] ath6kl_usb: probe of 7-1:0.0 failed with error -71 [ 1529.753685][ T8683] usb 7-1: USB disconnect, device number 8 [ 1529.821173][ T7885] XFS (loop0): Quotacheck: Done. [ 1529.832507][ T1191] [drm] vendor descriptor length:6 data:06 5f 00 00 00 00 00 00 00 00 00 [ 1529.844605][ T1191] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 1529.907374][ T4273] XFS (loop0): Unmounting Filesystem [ 1530.062738][ T1191] [drm:udl_init] *ERROR* Selecting channel failed [ 1530.104362][ T1191] [drm] Initialized udl 0.0.1 20120220 for 6-1:0.0 on minor 2 [ 1530.114095][ T1191] [drm] Initialized udl on minor 2 [ 1530.133464][ T1191] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1530.147701][ T1191] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 1530.194976][ T1191] usb 6-1: USB disconnect, device number 9 [ 1530.232751][ T8683] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 1530.331122][ T8683] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 1530.353476][ T8683] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 1530.732809][ T8683] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 1530.949464][ T8683] usb 4-1: Using ep0 maxpacket: 32 [ 1530.957858][ T8683] usb 4-1: config 0 has an invalid interface number: 90 but max is 0 [ 1530.993644][ T8683] usb 4-1: config 0 has no interface number 0 [ 1531.013413][ T8683] usb 4-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=3a.fa [ 1531.057564][ T8683] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1531.065095][ T7927] netlink: 'syz.2.15691': attribute type 5 has an invalid length. [ 1531.086852][ T7927] netlink: 7 bytes leftover after parsing attributes in process `syz.2.15691'. [ 1531.087041][ T8683] usb 4-1: Product: syz [ 1531.145083][ T8683] usb 4-1: Manufacturer: syz [ 1531.149768][ T8683] usb 4-1: SerialNumber: syz [ 1531.189828][ T8683] usb 4-1: config 0 descriptor?? [ 1531.420525][ T8683] powermate: Expected payload of 3--6 bytes, found 512 bytes! [ 1531.449646][ T8683] input: Griffin PowerMate as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.90/input/input84 [ 1531.499329][ C0] powermate: config urb returned -71 [ 1531.505377][ C0] powermate: config urb returned -71 [ 1531.510827][ C0] powermate: config urb returned -71 [ 1531.517249][ C0] powermate: config urb returned -71 [ 1531.527784][ T8683] usb 4-1: USB disconnect, device number 69 [ 1531.550267][ C0] powermate 4-1:0.90: powermate_irq - usb_submit_urb failed with result: -19 [ 1531.663431][ T7946] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1531.748990][ T7946] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1531.981378][ T7957] netlink: 'syz.0.15706': attribute type 5 has an invalid length. [ 1532.000236][ T7957] netlink: 7 bytes leftover after parsing attributes in process `syz.0.15706'. [ 1532.127622][ T7962] netlink: 8 bytes leftover after parsing attributes in process `syz.6.15709'. [ 1532.279576][ T7966] loop3: detected capacity change from 0 to 2048 [ 1532.341224][ T7969] device ip6gre1 entered promiscuous mode [ 1532.358852][ T4485] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1532.797881][ T7982] netlink: 28 bytes leftover after parsing attributes in process `syz.0.15721'. [ 1532.852265][ T7982] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 1532.931852][ T7987] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1532.967468][ T7987] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1533.147843][ T7997] netlink: 'syz.6.15724': attribute type 5 has an invalid length. [ 1533.167533][ T7997] netlink: 7 bytes leftover after parsing attributes in process `syz.6.15724'. [ 1533.892522][ T8017] netdevsim netdevsim6 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 1533.920614][ T8017] netdevsim netdevsim6 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 1533.940182][ T8017] netdevsim netdevsim6 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 1533.978051][ T8017] netdevsim netdevsim6 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 1534.099925][ T8019] netlink: 'syz.0.15738': attribute type 21 has an invalid length. [ 1534.117831][ T8019] netlink: 128 bytes leftover after parsing attributes in process `syz.0.15738'. [ 1534.166882][ T8019] netlink: 'syz.0.15738': attribute type 4 has an invalid length. [ 1534.180376][ T8019] netlink: 3 bytes leftover after parsing attributes in process `syz.0.15738'. [ 1534.213658][ T8021] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1534.235697][ T8021] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1534.595085][ T8034] loop3: detected capacity change from 0 to 512 [ 1534.653831][ T8033] netdevsim netdevsim6 netdevsim0: set [1, 2] type 2 family 0 port 50184 - 0 [ 1534.669586][ T8034] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1534.714195][ T8034] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1534.725446][ T8033] netdevsim netdevsim6 netdevsim1: set [1, 2] type 2 family 0 port 50184 - 0 [ 1534.768222][ T8038] netlink: 8 bytes leftover after parsing attributes in process `syz.5.15746'. [ 1534.782152][ T8033] netdevsim netdevsim6 netdevsim2: set [1, 2] type 2 family 0 port 50184 - 0 [ 1534.791581][ T8033] netdevsim netdevsim6 netdevsim3: set [1, 2] type 2 family 0 port 50184 - 0 [ 1534.802012][ T4268] EXT4-fs (loop3): unmounting filesystem. [ 1534.814629][ T8033] netdevsim netdevsim6 netdevsim0: set [1, 3] type 2 family 0 port 48904 - 0 [ 1534.864928][ T8033] netdevsim netdevsim6 netdevsim1: set [1, 3] type 2 family 0 port 48904 - 0 [ 1534.892666][ T8033] netdevsim netdevsim6 netdevsim2: set [1, 3] type 2 family 0 port 48904 - 0 [ 1534.923601][ T8033] netdevsim netdevsim6 netdevsim3: set [1, 3] type 2 family 0 port 48904 - 0 [ 1534.943859][ T8033] device geneve3 entered promiscuous mode [ 1535.483437][ T8050] netlink: 12 bytes leftover after parsing attributes in process `syz.6.15751'. [ 1535.874341][ T8069] loop0: detected capacity change from 0 to 512 [ 1536.027077][ T8069] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1536.220560][ T8057] loop5: detected capacity change from 0 to 32768 [ 1536.235613][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 1536.332864][ T8057] ialloc: diAlloc returned -5! [ 1536.366199][ T1191] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 1536.439077][ T8081] loop0: detected capacity change from 0 to 512 [ 1536.499601][ T8081] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1536.561296][ T1191] usb 4-1: Using ep0 maxpacket: 16 [ 1536.573410][ T1191] usb 4-1: config 254 has an invalid interface number: 235 but max is 0 [ 1536.581857][ T1191] usb 4-1: config 254 has no interface number 0 [ 1536.605055][ T1191] usb 4-1: config 254 interface 235 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 32 [ 1536.626286][ T1191] usb 4-1: config 254 interface 235 altsetting 2 endpoint 0x82 has an invalid bInterval 97, changing to 7 [ 1536.648083][ T1191] usb 4-1: config 254 interface 235 altsetting 2 endpoint 0x82 has invalid maxpacket 24929, setting to 1024 [ 1536.680378][ T1191] usb 4-1: config 254 interface 235 has no altsetting 0 [ 1536.714553][ T1191] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1 [ 1536.755996][ T1191] usb 4-1: New USB device strings: Mfr=1, Product=251, SerialNumber=3 [ 1536.764688][ T1191] usb 4-1: Product: syz [ 1536.799459][ T1191] usb 4-1: Manufacturer: syz [ 1536.804131][ T1191] usb 4-1: SerialNumber: syz [ 1536.829219][ T8077] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1536.844327][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 1537.086557][ T1191] usbtest 4-1:254.235: couldn't get endpoints, -71 [ 1537.102512][ T8095] netlink: 16 bytes leftover after parsing attributes in process `syz.0.15769'. [ 1537.113554][ T1191] usbtest: probe of 4-1:254.235 failed with error -71 [ 1537.136786][ T1191] usb 4-1: USB disconnect, device number 70 [ 1537.369426][ T8105] loop5: detected capacity change from 0 to 512 [ 1537.385147][ T8103] netlink: 'syz.0.15774': attribute type 3 has an invalid length. [ 1537.401535][ T8103] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.15774'. [ 1537.441090][ T8105] EXT4-fs error (device loop5): ext4_iget_extra_inode:4756: inode #15: comm syz.5.15775: corrupted in-inode xattr [ 1537.471438][ T8105] EXT4-fs error (device loop5): ext4_orphan_get:1404: comm syz.5.15775: couldn't read orphan inode 15 (err -117) [ 1537.520767][ T8105] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 1537.720551][ T3517] EXT4-fs (loop5): unmounting filesystem. [ 1537.901022][ T8123] netlink: 184 bytes leftover after parsing attributes in process `syz.3.15783'. [ 1538.151837][ T8133] SET target dimension over the limit! [ 1538.185522][ T8127] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15785'. [ 1538.405624][ T8142] IPv6: Can't replace route, no match found [ 1538.713372][ T8122] loop5: detected capacity change from 0 to 32768 [ 1538.755146][ T8122] ocfs2: Slot 0 on device (7,5) was already allocated to this node! [ 1538.764153][ T8152] loop3: detected capacity change from 0 to 512 [ 1538.773922][ T8122] JBD2: Ignoring recovery information on journal [ 1538.793577][ T8152] /dev/loop3: Can't open blockdev [ 1538.837064][T14528] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1538.896834][ T8122] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 1538.908759][ T4315] kworker/dying (4315) used greatest stack depth: 15128 bytes left [ 1538.912140][ T1191] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 1539.161589][ T1191] usb 1-1: Using ep0 maxpacket: 16 [ 1539.171473][ T1191] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1539.224044][ T1191] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1539.248281][ T1191] usb 1-1: Product: syz [ 1539.252518][ T1191] usb 1-1: Manufacturer: syz [ 1539.262519][ T3517] ocfs2: Unmounting device (7,5) on (node local) [ 1539.276983][ T1191] usb 1-1: SerialNumber: syz [ 1539.309924][ T1191] r8152-cfgselector 1-1: config 0 descriptor?? [ 1539.592955][ T8169] loop3: detected capacity change from 0 to 256 [ 1539.789552][ T1191] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1539.807732][ T1191] r8152-cfgselector 1-1: USB disconnect, device number 85 [ 1539.874655][ T8158] loop6: detected capacity change from 0 to 32768 [ 1539.926776][ T8175] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 43902 - 0 [ 1539.936830][ T8175] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 43902 - 0 [ 1539.948378][ T8175] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 43902 - 0 [ 1539.957818][ T8175] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 43902 - 0 [ 1539.967033][ T8175] netdevsim netdevsim2 netdevsim0: set [1, 2] type 2 family 0 port 49467 - 0 [ 1539.976910][ T8175] netdevsim netdevsim2 netdevsim1: set [1, 2] type 2 family 0 port 49467 - 0 [ 1539.986380][ T8175] netdevsim netdevsim2 netdevsim2: set [1, 2] type 2 family 0 port 49467 - 0 [ 1539.995921][ T8175] netdevsim netdevsim2 netdevsim3: set [1, 2] type 2 family 0 port 49467 - 0 [ 1540.013938][ T8175] device geneve3 entered promiscuous mode [ 1540.015483][ T8158] XFS (loop6): Mounting V5 Filesystem [ 1540.040887][ T8179] netlink: 'syz.3.15807': attribute type 21 has an invalid length. [ 1540.064467][ T8179] netlink: 132 bytes leftover after parsing attributes in process `syz.3.15807'. [ 1540.156113][ T8158] XFS (loop6): Ending clean mount [ 1540.164837][ T8158] XFS (loop6): Quotacheck needed: Please wait. [ 1540.264372][ T8158] XFS (loop6): Quotacheck: Done. [ 1540.414213][ T4295] XFS (loop6): Unmounting Filesystem [ 1540.652524][ T8199] netlink: 184 bytes leftover after parsing attributes in process `syz.0.15816'. [ 1541.197054][ T8218] SET target dimension over the limit! [ 1541.436313][ T8226] IPv6: Can't replace route, no match found [ 1541.577968][ T1191] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 1541.739054][ T8239] loop5: detected capacity change from 0 to 256 [ 1541.820487][ T1191] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 1541.842342][ T1191] usb 4-1: New USB device strings: Mfr=13, Product=2, SerialNumber=3 [ 1541.882326][ T1191] usb 4-1: Product: syz [ 1541.904204][ T1191] usb 4-1: Manufacturer: syz [ 1541.908884][ T1191] usb 4-1: SerialNumber: syz [ 1541.945096][ T1191] r8152-cfgselector 4-1: config 0 descriptor?? [ 1542.099626][ T8249] cgroup: Need name or subsystem set [ 1542.410200][ T1191] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1542.424780][ T1191] r8152-cfgselector 4-1: USB disconnect, device number 71 [ 1542.616610][ T8267] bridge2: the hash_elasticity option has been deprecated and is always 16 [ 1543.774702][ T8318] overlayfs: missing 'lowerdir' [ 1543.992296][ T8328] x_tables: arp_tables: .0 target: invalid size 8 (kernel) != (user) 0 [ 1544.399257][ T8342] netlink: 48 bytes leftover after parsing attributes in process `syz.0.15885'. [ 1544.439297][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 1544.683287][ T8353] overlayfs: missing 'lowerdir' [ 1544.796860][ T26] kauditd_printk_skb: 19 callbacks suppressed [ 1544.796877][ T26] audit: type=1326 audit(1484.775:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.6.15895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1544.920483][ T8362] comedi comedi2: ni_at_a2150: I/O port conflict (0xb013,28) [ 1544.921447][ T26] audit: type=1326 audit(1484.775:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.6.15895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1544.983344][ T26] audit: type=1326 audit(1484.775:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.6.15895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1545.066240][ T26] audit: type=1326 audit(1484.784:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.6.15895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1545.133844][ T26] audit: type=1326 audit(1484.784:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.6.15895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1545.233792][ T26] audit: type=1326 audit(1484.784:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.6.15895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1545.322222][ T26] audit: type=1326 audit(1484.784:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.6.15895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1545.399547][ T26] audit: type=1326 audit(1484.793:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8359 comm="syz.6.15895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1545.439470][ T8384] netlink: 'syz.0.15907': attribute type 10 has an invalid length. [ 1545.447728][ T8384] netlink: 40 bytes leftover after parsing attributes in process `syz.0.15907'. [ 1545.457486][ T8384] netlink: 'syz.0.15907': attribute type 10 has an invalid length. [ 1545.465605][ T8384] netlink: 40 bytes leftover after parsing attributes in process `syz.0.15907'. [ 1545.487040][ T8383] netlink: 64985 bytes leftover after parsing attributes in process `syz.6.15906'. [ 1545.553276][T18489] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 1545.769853][T18489] usb 6-1: Using ep0 maxpacket: 32 [ 1545.784418][T18489] usb 6-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 1545.822739][T18489] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1545.856479][T18489] usb 6-1: Product: syz [ 1545.860753][T18489] usb 6-1: Manufacturer: syz [ 1545.887267][T18489] usb 6-1: SerialNumber: syz [ 1545.907513][T18489] usb 6-1: config 0 descriptor?? [ 1545.945330][T18489] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 1546.376776][T18489] gspca_topro: reg_w err -71 [ 1546.419591][T18489] gspca_topro: Sensor soi763a [ 1546.431822][T18489] usb 6-1: USB disconnect, device number 10 [ 1546.620525][ T8425] bridge6: the hash_elasticity option has been deprecated and is always 16 [ 1547.536633][ T7093] usb 1-1: new high-speed USB device number 86 using dummy_hcd [ 1547.600095][ T8468] netlink: 24 bytes leftover after parsing attributes in process `syz.5.15947'. [ 1547.621350][ T8468] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15947'. [ 1547.747798][ T7093] usb 1-1: Using ep0 maxpacket: 8 [ 1547.755042][ T7093] usb 1-1: config 0 has an invalid interface number: 33 but max is 1 [ 1547.797215][ T7093] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1547.838687][ T7093] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1547.847919][ T7093] usb 1-1: config 0 has no interface number 0 [ 1547.869560][ T7093] usb 1-1: config 0 interface 33 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 1547.917028][ T7093] usb 1-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 1547.935498][ T7093] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1547.947347][ T8477] netlink: 'syz.3.15962': attribute type 15 has an invalid length. [ 1547.962498][ T7093] usb 1-1: Product: syz [ 1547.973002][ T8477] netlink: 24 bytes leftover after parsing attributes in process `syz.3.15962'. [ 1547.982554][ T7093] usb 1-1: Manufacturer: syz [ 1547.987257][ T7093] usb 1-1: SerialNumber: syz [ 1548.002318][ T7093] usb 1-1: config 0 descriptor?? [ 1548.034636][ T7093] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 1548.276284][ T2310] pvrusb2: Invalid write control endpoint [ 1548.285413][ T7093] usb 1-1: USB disconnect, device number 86 [ 1548.348650][ T2310] usb 1-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2 [ 1548.414605][ T2310] usb 1-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw [ 1549.032229][ T8519] x_tables: duplicate entry at hook 1 [ 1549.812090][ T32] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 1550.039187][ T8555] IPv6: NLM_F_CREATE should be specified when creating new route [ 1550.050744][ T32] usb 7-1: Using ep0 maxpacket: 8 [ 1550.067735][ T32] usb 7-1: config 0 has an invalid interface number: 33 but max is 1 [ 1550.092468][ T8555] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1550.099800][ T8555] IPv6: NLM_F_CREATE should be set when creating new route [ 1550.107640][ T32] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1550.129812][ T32] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1550.157686][ T32] usb 7-1: config 0 has no interface number 0 [ 1550.163865][ T32] usb 7-1: config 0 interface 33 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 1550.199364][ T32] usb 7-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 1550.224600][ T32] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1550.232848][ T32] usb 7-1: Product: syz [ 1550.265562][ T32] usb 7-1: Manufacturer: syz [ 1550.270273][ T32] usb 7-1: SerialNumber: syz [ 1550.284753][ T32] usb 7-1: config 0 descriptor?? [ 1550.311557][ T32] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 1550.535789][ T32] usb 7-1: USB disconnect, device number 9 [ 1550.566732][ T32] pvrusb2: Device being rendered inoperable [ 1550.929847][ T8584] x_tables: duplicate entry at hook 1 [ 1551.117639][ T8592] netlink: 16 bytes leftover after parsing attributes in process `syz.5.16006'. [ 1551.128597][ T8592] netlink: 140 bytes leftover after parsing attributes in process `syz.5.16006'. [ 1551.850748][ T8622] xt_NFQUEUE: number of total queues is 0 [ 1552.151094][ T4343] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 1552.237291][ T4278] Bluetooth: hci4: command 0x0406 tx timeout [ 1552.379332][ T4343] usb 6-1: Using ep0 maxpacket: 8 [ 1552.392225][ T4343] usb 6-1: config 0 has an invalid interface number: 33 but max is 1 [ 1552.427853][ T4343] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1552.438319][ T4343] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1552.464106][ T4343] usb 6-1: config 0 has no interface number 0 [ 1552.478158][ T4343] usb 6-1: config 0 interface 33 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 1552.514925][ T4343] usb 6-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 1552.525205][ T4343] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1552.538990][ T4343] usb 6-1: Product: syz [ 1552.544935][ T4343] usb 6-1: Manufacturer: syz [ 1552.549617][ T4343] usb 6-1: SerialNumber: syz [ 1552.562878][ T4343] usb 6-1: config 0 descriptor?? [ 1552.595512][ T4343] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 1552.799796][ T4343] usb 6-1: USB disconnect, device number 11 [ 1552.823127][ T4343] pvrusb2: Device being rendered inoperable [ 1552.876453][ T8662] loop6: detected capacity change from 0 to 256 [ 1552.912000][ T8662] exFAT-fs (loop6): failed to load upcase table (idx : 0x0001034b, chksum : 0x6322ccb6, utbl_chksum : 0xe619d30d) [ 1553.133895][ T8667] netlink: 4 bytes leftover after parsing attributes in process `syz.3.16044'. [ 1553.279945][ T8669] netlink: zone id is out of range [ 1553.577072][ T8679] netlink: 8 bytes leftover after parsing attributes in process `syz.5.16051'. [ 1553.734190][ T8685] loop3: detected capacity change from 0 to 8 [ 1553.744058][ T8685] /dev/loop3: Can't open blockdev [ 1554.246508][ T8702] netlink: 16 bytes leftover after parsing attributes in process `syz.6.16063'. [ 1554.276962][ T8702] netlink: 140 bytes leftover after parsing attributes in process `syz.6.16063'. [ 1555.214750][ T8744] device wlan0 entered promiscuous mode [ 1555.218978][ T8748] loop0: detected capacity change from 0 to 512 [ 1555.242697][ T8744] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1555.259837][ T1191] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 1555.477587][ T1191] usb 7-1: config 0 has an invalid interface number: 4 but max is 0 [ 1555.485729][ T1191] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1555.517993][ T1191] usb 7-1: config 0 has no interface number 0 [ 1555.535414][ T1191] usb 7-1: config 0 interface 4 has no altsetting 0 [ 1555.563179][ T1191] usb 7-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 1555.594298][ T1191] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1555.617164][ T1191] usb 7-1: config 0 descriptor?? [ 1555.647637][ T1191] usb 7-1: selecting invalid altsetting 0 [ 1555.780037][ T8762] netlink: 28 bytes leftover after parsing attributes in process `syz.5.16089'. [ 1555.802444][ T8762] netlink: 12 bytes leftover after parsing attributes in process `syz.5.16089'. [ 1555.875546][ T1191] usb 7-1: USB disconnect, device number 10 [ 1556.014234][ T8750] loop3: detected capacity change from 0 to 32768 [ 1556.382473][ T8778] loop5: detected capacity change from 0 to 256 [ 1556.670464][ T8786] loop3: detected capacity change from 0 to 256 [ 1556.697936][ T8786] /dev/loop3: Can't open blockdev [ 1558.524477][ T8860] loop3: detected capacity change from 0 to 512 [ 1558.545914][ T8862] netlink: 'syz.5.16140': attribute type 39 has an invalid length. [ 1559.032015][ T8882] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1559.061437][ T8884] netlink: 28 bytes leftover after parsing attributes in process `syz.0.16150'. [ 1559.073884][ T8884] netlink: 12 bytes leftover after parsing attributes in process `syz.0.16150'. [ 1559.127633][T18489] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 1559.336970][ T8895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16156'. [ 1559.350335][T18489] usb 6-1: New USB device found, idVendor=0c45, idProduct=608f, bcdDevice=b5.55 [ 1559.359794][ T4343] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 1559.370795][T18489] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1559.387717][T18489] usb 6-1: Product: syz [ 1559.418540][T18489] usb 6-1: Manufacturer: syz [ 1559.429012][T18489] usb 6-1: SerialNumber: syz [ 1559.443311][T18489] usb 6-1: config 0 descriptor?? [ 1559.456666][T18489] gspca_main: sonixb-2.14.0 probing 0c45:608f [ 1559.582576][ T4343] usb 7-1: Using ep0 maxpacket: 16 [ 1559.590094][ T4343] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1559.645075][ T4343] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1559.702221][ T4343] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1559.710343][ T4343] usb 7-1: SerialNumber: syz [ 1559.735421][ T8885] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 1559.745340][ T4343] cdc_acm 7-1:1.0: Control and data interfaces are not separated! [ 1559.753260][ T4343] cdc_acm 7-1:1.0: This needs exactly 3 endpoints [ 1559.765066][ T8907] netlink: 16 bytes leftover after parsing attributes in process `syz.2.16163'. [ 1559.774576][ T4343] cdc_acm: probe of 7-1:1.0 failed with error -22 [ 1559.781953][ T8907] netlink: 108 bytes leftover after parsing attributes in process `syz.2.16163'. [ 1559.808810][ T8907] netlink: 16 bytes leftover after parsing attributes in process `syz.2.16163'. [ 1559.826723][ T8907] netlink: 16 bytes leftover after parsing attributes in process `syz.2.16163'. [ 1559.890798][T18489] sonixb 6-1:0.0: Error writing register 01: -71 [ 1559.914206][T18489] sonixb: probe of 6-1:0.0 failed with error -71 [ 1559.941215][T18489] usb 6-1: USB disconnect, device number 12 [ 1559.997807][ T4343] usb 7-1: USB disconnect, device number 11 [ 1560.773097][ T8944] loop0: detected capacity change from 0 to 1024 [ 1560.815386][ T8944] EXT4-fs: inline encryption not supported [ 1560.859253][ T8944] EXT4-fs: Ignoring removed bh option [ 1560.935808][ T8944] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1560.950915][ T8944] EXT4-fs error (device loop0): ext4_quota_enable:7043: comm syz.0.16188: inode #2304: comm syz.0.16188: iget: illegal inode # [ 1560.973688][ T8944] EXT4-fs (loop0): Remounting filesystem read-only [ 1561.012461][ T8944] EXT4-fs error (device loop0): ext4_quota_enable:7046: comm syz.0.16188: Bad quota inode: 2304, type: 2 [ 1561.029114][ T8952] netlink: 20 bytes leftover after parsing attributes in process `syz.3.16183'. [ 1561.038434][ T8952] netlink: 152 bytes leftover after parsing attributes in process `syz.3.16183'. [ 1561.127633][ T8944] EXT4-fs (loop0): Remounting filesystem read-only [ 1561.178661][ T8944] EXT4-fs warning (device loop0): ext4_enable_quotas:7087: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix. [ 1561.251770][ T8944] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 1561.258556][ T8944] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1561.370616][ T8944] EXT4-fs error (device loop0): ext4_search_dir:1549: inode #2: block 16: comm syz.0.16188: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 1561.456420][ T8960] netlink: 8 bytes leftover after parsing attributes in process `syz.5.16186'. [ 1561.593233][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 1561.777863][ T8970] netlink: 'syz.0.16190': attribute type 39 has an invalid length. [ 1562.546235][ T8995] loop3: detected capacity change from 0 to 512 [ 1562.595142][ T8995] /dev/loop3: Can't open blockdev [ 1562.650544][T14528] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1564.281639][ T9048] loop5: detected capacity change from 0 to 1024 [ 1564.325694][ T9048] EXT4-fs: inline encryption not supported [ 1564.329546][ T9044] loop0: detected capacity change from 0 to 4096 [ 1564.355201][ T9048] EXT4-fs: Ignoring removed bh option [ 1564.415956][ T9044] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1564.442218][ T9048] EXT4-fs (loop5): orphan cleanup on readonly fs [ 1564.454549][ T9048] EXT4-fs error (device loop5): ext4_quota_enable:7043: comm syz.5.16228: inode #2304: comm syz.5.16228: iget: illegal inode # [ 1564.469416][ T9048] EXT4-fs (loop5): Remounting filesystem read-only [ 1564.475980][ T9048] EXT4-fs error (device loop5): ext4_quota_enable:7046: comm syz.5.16228: Bad quota inode: 2304, type: 2 [ 1564.488135][ T9048] EXT4-fs (loop5): Remounting filesystem read-only [ 1564.495629][ T9048] EXT4-fs warning (device loop5): ext4_enable_quotas:7087: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix. [ 1564.511148][ T9048] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 1564.518193][ T9048] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1564.552660][ T9048] EXT4-fs error (device loop5): ext4_search_dir:1549: inode #2: block 16: comm syz.5.16228: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 1564.581471][ T9044] Quota error (device loop0): do_check_range: Getting block 517 out of range 1-5 [ 1564.645994][ T9044] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 1564.689003][ T9044] EXT4-fs error (device loop0): ext4_acquire_dquot:6835: comm syz.0.16227: Failed to acquire dquot type 0 [ 1564.757684][ T3517] EXT4-fs (loop5): unmounting filesystem. [ 1564.827005][ T4273] EXT4-fs (loop0): unmounting filesystem. [ 1564.978640][ T9065] loop3: detected capacity change from 0 to 64 [ 1565.031892][T14530] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1565.293419][ T9074] __nla_validate_parse: 7 callbacks suppressed [ 1565.293440][ T9074] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16242'. [ 1565.416217][ T9074] bridge5: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 1565.444747][ T9074] bridge5: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 1565.508393][ T9074] device bridge5 entered promiscuous mode [ 1565.977400][ T9078] loop6: detected capacity change from 0 to 32768 [ 1566.026653][ T9078] (syz.6.16243,9078,0):ocfs2_slot_map_physical_size:223 ERROR: Slot map file is too small! (size 2, needed 8) [ 1566.119325][ T9097] loop0: detected capacity change from 0 to 64 [ 1566.198672][ T9097] syz.0.16251: attempt to access beyond end of device [ 1566.198672][ T9097] loop0: rw=0, sector=65534, nr_sectors = 2 limit=64 [ 1566.267147][ T9097] Buffer I/O error on dev loop0, logical block 32767, async page read [ 1566.297438][ T9097] syz.0.16251: attempt to access beyond end of device [ 1566.297438][ T9097] loop0: rw=0, sector=65534, nr_sectors = 2 limit=64 [ 1566.343337][ T9097] Buffer I/O error on dev loop0, logical block 32767, async page read [ 1566.920748][ T9120] netlink: 'syz.0.16262': attribute type 1 has an invalid length. [ 1567.040905][ T9126] netlink: 20 bytes leftover after parsing attributes in process `syz.3.16265'. [ 1567.055407][ T9126] netlink: 4 bytes leftover after parsing attributes in process `syz.3.16265'. [ 1567.067259][ T9126] netlink: 4 bytes leftover after parsing attributes in process `syz.3.16265'. [ 1567.290236][ T9128] loop5: detected capacity change from 0 to 4096 [ 1567.380669][ T9128] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1567.445401][ T9128] Quota error (device loop5): do_check_range: Getting block 517 out of range 1-5 [ 1567.502272][ T9128] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 1567.511819][ T9128] EXT4-fs error (device loop5): ext4_acquire_dquot:6835: comm syz.5.16266: Failed to acquire dquot type 0 [ 1567.618383][ T3517] EXT4-fs (loop5): unmounting filesystem. [ 1568.311159][ T9140] loop6: detected capacity change from 0 to 40427 [ 1568.355112][ T9140] F2FS-fs (loop6): build fault injection attr: rate: 19, type: 0x3ffff [ 1568.393701][ T9140] F2FS-fs (loop6): build fault injection attr: rate: 0, type: 0x364 [ 1568.436992][ T9140] F2FS-fs (loop6): invalid crc value [ 1568.503306][ T9140] F2FS-fs (loop6): Found nat_bits in checkpoint [ 1568.644982][ T9140] F2FS-fs (loop6) : inject page alloc in f2fs_grab_cache_page of __get_meta_page+0x18f/0x360 [ 1568.692005][ T9140] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 1568.808115][ T9180] loop0: detected capacity change from 0 to 4096 [ 1568.852277][ T9180] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 1568.906897][ T9140] F2FS-fs (loop6): f2fs_check_nid_range: out-of-range nid=30303030, run fsck to fix. [ 1569.149037][ T4273] ntfs3: loop0: ntfs_evict_inode r=1e failed, -22. [ 1569.155659][ T4273] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 1569.272540][ T9199] netlink: 'syz.2.16298': attribute type 1 has an invalid length. [ 1569.525156][T26318] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 1569.790739][ T9220] loop0: detected capacity change from 0 to 256 [ 1570.925423][ T4257] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 1571.143806][ T4257] usb 3-1: config 0 has too many interfaces: 202, using maximum allowed: 32 [ 1571.164317][ T4257] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 202 [ 1571.173453][ T4257] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1571.236967][ T4257] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 1571.268445][ T4257] usb 3-1: New USB device strings: Mfr=33, Product=2, SerialNumber=3 [ 1571.295622][ T4257] usb 3-1: Product: syz [ 1571.299883][ T4257] usb 3-1: Manufacturer: syz [ 1571.315529][ T4257] usb 3-1: SerialNumber: syz [ 1571.348447][ T4257] usb 3-1: config 0 descriptor?? [ 1571.657501][ T9284] loop3: detected capacity change from 0 to 2048 [ 1571.693359][ T9284] /dev/loop3: Can't open blockdev [ 1571.801757][ T4257] usb 3-1: USB disconnect, device number 69 [ 1571.866902][ T9292] loop5: detected capacity change from 0 to 16 [ 1571.897475][ T9292] erofs: (device loop5): erofs_read_inode: unsupported chunk format 7fff of nid 36 [ 1571.989423][T14530] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1573.020205][ T9334] loop5: detected capacity change from 0 to 2048 [ 1573.067652][ T9334] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 1573.112356][ T9334] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1573.665956][ T9358] loop6: detected capacity change from 0 to 2048 [ 1573.779337][ T9358] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 1573.822218][ T9358] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1113: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1574.045851][ T4295] EXT4-fs (loop6): unmounting filesystem. [ 1574.067092][ T9374] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16382'. [ 1574.101293][ T9374] netlink: 12 bytes leftover after parsing attributes in process `syz.2.16382'. [ 1574.295891][ T9382] netlink: 4 bytes leftover after parsing attributes in process `syz.5.16386'. [ 1574.366777][ T9382] netlink: 74 bytes leftover after parsing attributes in process `syz.5.16386'. [ 1574.641348][ T1191] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 1574.847188][ T1191] usb 7-1: Using ep0 maxpacket: 32 [ 1574.856081][ T1191] usb 7-1: config 0 has an invalid interface number: 151 but max is 0 [ 1574.883170][ T1191] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1574.926406][ T1191] usb 7-1: config 0 has no interface number 0 [ 1574.932596][ T1191] usb 7-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1574.988261][ T1191] usb 7-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 1574.998283][ T1191] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1575.022366][ T1191] usb 7-1: Product: syz [ 1575.026619][ T1191] usb 7-1: Manufacturer: syz [ 1575.064343][ T1191] usb 7-1: SerialNumber: syz [ 1575.076948][ T1191] usb 7-1: config 0 descriptor?? [ 1575.136210][ T9416] netlink: 20 bytes leftover after parsing attributes in process `syz.0.16401'. [ 1575.148834][ T9416] netlink: 'syz.0.16401': attribute type 2 has an invalid length. [ 1575.577452][ T1191] usb 7-1: USB disconnect, device number 12 [ 1575.659659][ T9434] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 1575.833861][T14528] udevd[14528]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1576.389762][ T9462] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1576.940931][ T9483] xt_hashlimit: size too large, truncated to 1048576 [ 1576.981976][ T9483] xt_hashlimit: invalid interval [ 1577.719816][ T9503] netlink: 129384 bytes leftover after parsing attributes in process `syz.3.16441'. [ 1577.747069][ T9458] loop0: detected capacity change from 0 to 65536 [ 1577.945184][ T9458] XFS (loop0): Mounting V5 Filesystem [ 1578.098466][ T9458] XFS (loop0): Ending clean mount [ 1578.154868][ T9458] XFS (loop0): Quotacheck needed: Please wait. [ 1578.374600][ T9458] XFS (loop0): Quotacheck: Done. [ 1578.628385][ T4273] XFS (loop0): Unmounting Filesystem [ 1579.608140][ T9561] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1580.372186][T18489] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1580.557752][ T9594] loop0: detected capacity change from 0 to 2048 [ 1580.590442][ T9594] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1580.603216][T18489] usb 6-1: config 0 has too many interfaces: 202, using maximum allowed: 32 [ 1580.612055][ T4257] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 1580.624128][T18489] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 202 [ 1580.649850][T18489] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1580.664501][ T9594] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1580.700009][T18489] usb 6-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 1580.719015][ T9594] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1580.740675][T18489] usb 6-1: New USB device strings: Mfr=33, Product=2, SerialNumber=3 [ 1580.745477][ T9594] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1580.748823][T18489] usb 6-1: Product: syz [ 1580.798689][ T9594] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1580.818419][ T9594] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1580.823797][ T4257] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1580.839317][T18489] usb 6-1: Manufacturer: syz [ 1580.843987][T18489] usb 6-1: SerialNumber: syz [ 1580.856292][ T9594] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1580.859964][ T4257] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1580.869490][ T9594] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1580.886122][T18489] usb 6-1: config 0 descriptor?? [ 1580.905336][ T4257] usb 7-1: Product: syz [ 1580.909764][ T4257] usb 7-1: Manufacturer: syz [ 1580.914465][ T4257] usb 7-1: SerialNumber: syz [ 1580.934950][ T9594] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1580.945709][ T4257] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1580.989102][ T4257] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1581.000665][ T9594] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1581.027562][ T9594] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=385, location=385 [ 1581.049202][ T9594] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1581.082103][ T9594] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 1581.113245][ T9594] UDF-fs: warning (device loop0): udf_fill_super: No partition found (1) [ 1581.400741][T18489] usb 6-1: USB disconnect, device number 13 [ 1581.558565][ T32] usb 7-1: USB disconnect, device number 13 [ 1581.796901][ T9598] loop3: detected capacity change from 0 to 32768 [ 1581.963759][ T9610] loop0: detected capacity change from 0 to 2048 [ 1582.066896][ T9615] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1582.138106][ T4257] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 1582.145175][ T4257] ath9k_htc: Failed to initialize the device [ 1582.193234][ T32] usb 7-1: ath9k_htc: USB layer deinitialized [ 1582.695162][ T9633] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1583.073857][ T9649] dlm: no locking on control device [ 1583.119774][ T9652] loop3: detected capacity change from 0 to 1024 [ 1583.130905][ T9652] /dev/loop3: Can't open blockdev [ 1583.510828][ T9665] xt_NFQUEUE: number of queues (62232) out of range (got 67565) [ 1583.703519][ T9667] xt_CT: No such helper "pptp" [ 1583.848160][ T9683] dlm: no locking on control device [ 1583.889537][ T32] usb 6-1: new full-speed USB device number 14 using dummy_hcd [ 1584.024605][ T9690] loop6: detected capacity change from 0 to 1024 [ 1584.107989][ T32] usb 6-1: config 0 has an invalid interface number: 20 but max is 0 [ 1584.142743][ T32] usb 6-1: config 0 has no interface number 0 [ 1584.148930][ T32] usb 6-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1584.193214][ T32] usb 6-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1584.235835][ T32] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1584.272760][ T32] usb 6-1: Product: syz [ 1584.277073][ T32] usb 6-1: Manufacturer: syz [ 1584.281738][ T32] usb 6-1: SerialNumber: syz [ 1584.328883][ T32] usb 6-1: config 0 descriptor?? [ 1584.335258][ T9671] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1584.362678][ T32] usb-storage 6-1:0.20: USB Mass Storage device detected [ 1584.451742][ T32] usb-storage 6-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1584.592966][ T32] scsi host1: usb-storage 6-1:0.20 [ 1584.818079][ T32] usb 6-1: USB disconnect, device number 14 [ 1584.996347][ T9725] loop6: detected capacity change from 0 to 512 [ 1585.070328][ T9725] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 1585.201072][ T9725] EXT4-fs error (device loop6): ext4_get_first_dir_block:3583: inode #12: comm syz.6.16540: Attempting to read directory block (0) that is past i_size (3) [ 1585.398086][ T4295] EXT4-fs (loop6): unmounting filesystem. [ 1585.565696][ T9728] loop0: detected capacity change from 0 to 32768 [ 1585.597424][ T9728] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 9 [ 1585.804044][ T9749] loop6: detected capacity change from 0 to 512 [ 1585.876817][ T9749] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 1585.927112][ T9749] EXT4-fs (loop6): 1 truncate cleaned up [ 1586.005798][ T9749] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 1586.065873][T14528] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 9 [ 1586.098342][ T9749] EXT4-fs error (device loop6): ext4_add_entry:2486: inode #2: comm syz.6.16552: Directory hole found for htree leaf block 0 [ 1586.168732][ T9749] EXT4-fs (loop6): Remounting filesystem read-only [ 1586.333990][ T4295] EXT4-fs (loop6): unmounting filesystem. [ 1586.362024][ T9761] xt_CT: No such helper "pptp" [ 1586.627904][ T9769] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1586.716290][ T9772] netlink: 104 bytes leftover after parsing attributes in process `syz.6.16562'. [ 1587.055232][ T9747] loop3: detected capacity change from 0 to 40427 [ 1587.102335][ T9747] F2FS-fs (loop3): Invalid log blocks per segment (4278190089) [ 1587.131996][ T9747] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1587.165411][ T9747] F2FS-fs (loop3): invalid crc value [ 1587.183654][ T9747] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1587.340416][ T9747] F2FS-fs (loop3): write access unavailable, skipping recovery [ 1587.348081][ T9747] F2FS-fs (loop3): Try to recover 1th superblock, ret: -30 [ 1587.381790][ T9747] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1587.480153][ T9747] F2FS-fs (loop3): Corrupted max_depth of 3: 255 [ 1587.499595][ T9794] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16572'. [ 1587.538561][ T9747] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 1587.569836][ T9747] F2FS-fs (loop3): f2fs_commit_super fails to record errors:4, err:-30 [ 1588.241593][ T9764] loop5: detected capacity change from 0 to 65536 [ 1588.301936][ T9815] bridge0: port 1(bridge_slave_0) entered disabled state [ 1588.338643][ T9817] loop3: detected capacity change from 0 to 64 [ 1588.359329][ T9764] XFS (loop5): Mounting V5 Filesystem [ 1588.409406][ T9764] XFS (loop5): Ending clean mount [ 1588.416450][ T9764] XFS (loop5): Quotacheck needed: Please wait. [ 1588.491902][ T9764] XFS (loop5): Quotacheck: Done. [ 1588.625704][ T3517] XFS (loop5): Unmounting Filesystem [ 1588.898846][ T32] usb 3-1: new full-speed USB device number 70 using dummy_hcd [ 1589.103278][ T32] usb 3-1: config 0 has an invalid interface number: 20 but max is 0 [ 1589.121220][ T32] usb 3-1: config 0 has no interface number 0 [ 1589.133304][ T32] usb 3-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1589.178457][ T32] usb 3-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1589.204320][ T32] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1589.223407][ T32] usb 3-1: Product: syz [ 1589.227654][ T32] usb 3-1: Manufacturer: syz [ 1589.259001][ T32] usb 3-1: SerialNumber: syz [ 1589.267820][ T32] usb 3-1: config 0 descriptor?? [ 1589.273477][ T9824] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1589.297347][ T32] usb-storage 3-1:0.20: USB Mass Storage device detected [ 1589.328810][ T32] usb-storage 3-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1589.372525][ T9843] loop3: detected capacity change from 0 to 512 [ 1589.380393][ T9843] /dev/loop3: Can't open blockdev [ 1589.461702][ T4526] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1589.537557][ T32] scsi host1: usb-storage 3-1:0.20 [ 1589.748452][ T32] usb 3-1: USB disconnect, device number 70 [ 1590.038478][ T9849] loop6: detected capacity change from 0 to 32768 [ 1590.065159][ T9849] BTRFS error: device /dev/loop6 already registered with a higher generation, found 8 expect 9 [ 1590.324853][T14528] BTRFS error: device /dev/loop6 already registered with a higher generation, found 8 expect 9 [ 1590.960553][ T9884] netlink: 'syz.5.16609': attribute type 1 has an invalid length. [ 1591.273361][ T9896] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16615'. [ 1591.549222][ T9859] loop3: detected capacity change from 0 to 65536 [ 1591.598669][ T9859] /dev/loop3: Can't open blockdev [ 1592.133975][ T9918] loop3: detected capacity change from 0 to 256 [ 1592.668015][ T9934] device netdevsim0 entered promiscuous mode [ 1593.504784][ T9929] loop5: detected capacity change from 0 to 40427 [ 1593.535948][ T9929] F2FS-fs (loop5): Invalid log blocks per segment (4278190089) [ 1593.543581][ T9929] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 1593.594855][ T9929] F2FS-fs (loop5): invalid crc value [ 1593.660670][ T9929] F2FS-fs (loop5): Found nat_bits in checkpoint [ 1593.813162][ T9929] F2FS-fs (loop5): recover fsync data on readonly fs [ 1593.843081][ T9929] F2FS-fs (loop5): Try to recover 1th superblock, ret: -30 [ 1593.870866][ T9929] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1594.018150][ T9929] F2FS-fs (loop5): Corrupted max_depth of 3: 255 [ 1594.048057][ T9929] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 1594.753540][T10001] xt_ecn: cannot match TCP bits for non-tcp packets [ 1595.958560][T10011] loop0: detected capacity change from 0 to 40427 [ 1595.973401][T10011] F2FS-fs (loop0): Invalid log blocks per segment (4278190089) [ 1595.998431][T10011] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1596.031059][T10011] F2FS-fs (loop0): invalid crc value [ 1596.064143][T10011] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1596.196529][T10011] F2FS-fs (loop0): recover fsync data on readonly fs [ 1596.258370][T10011] F2FS-fs (loop0): Try to recover 1th superblock, ret: -30 [ 1596.274776][T10011] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1596.415955][T10011] F2FS-fs (loop0): Corrupted max_depth of 3: 255 [ 1596.429624][T10011] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 1596.936823][ T4343] usb 4-1: new low-speed USB device number 72 using dummy_hcd [ 1597.157495][ T4343] usb 4-1: config 7 has an invalid interface number: 252 but max is 0 [ 1597.176814][ T4343] usb 4-1: config 7 has no interface number 0 [ 1597.205111][ T4343] usb 4-1: config 7 interface 252 has no altsetting 0 [ 1597.231093][ T4343] usb 4-1: string descriptor 0 read error: -22 [ 1597.237434][ T4343] usb 4-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=56.c0 [ 1597.294275][ T4343] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1597.579629][ T4257] usb 4-1: USB disconnect, device number 72 [ 1597.966033][ T5566] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 1598.029196][T10111] netlink: 224 bytes leftover after parsing attributes in process `syz.0.16721'. [ 1598.050354][T10111] netlink: 16 bytes leftover after parsing attributes in process `syz.0.16721'. [ 1598.161129][ T5566] usb 7-1: Using ep0 maxpacket: 32 [ 1598.168374][ T5566] usb 7-1: config 0 has an invalid interface number: 244 but max is 0 [ 1598.212327][ T5566] usb 7-1: config 0 has no interface number 0 [ 1598.234228][ T5566] usb 7-1: config 0 interface 244 has no altsetting 0 [ 1598.261157][ T5566] usb 7-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c [ 1598.284672][ T5566] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1598.320581][ T5566] usb 7-1: Product: syz [ 1598.330233][ T5566] usb 7-1: Manufacturer: syz [ 1598.350736][ T5566] usb 7-1: SerialNumber: syz [ 1598.386496][ T5566] usb 7-1: config 0 descriptor?? [ 1598.413993][ T5566] snd_usb_toneport 7-1:0.244: Line 6 GuitarPort found [ 1598.633372][ T5566] snd_usb_toneport 7-1:0.244: cannot get proper max packet size [ 1598.648811][ T5566] snd_usb_toneport 7-1:0.244: Line 6 GuitarPort now disconnected [ 1598.678859][ T5566] snd_usb_toneport: probe of 7-1:0.244 failed with error -22 [ 1598.882532][ T1191] usb 7-1: USB disconnect, device number 14 [ 1599.128552][T10153] netlink: 8 bytes leftover after parsing attributes in process `syz.5.16742'. [ 1599.269416][T10159] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 1599.320618][ T4257] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 1599.526346][ T4257] usb 4-1: Using ep0 maxpacket: 32 [ 1599.534365][ T4257] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1599.572061][ T4257] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 1599.617113][ T4257] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 1599.648709][ T4257] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1599.681561][ T4257] usb 4-1: Product: syz [ 1599.685805][ T4257] usb 4-1: Manufacturer: syz [ 1599.710199][ T4257] usb 4-1: SerialNumber: syz [ 1599.817838][T10179] netlink: 224 bytes leftover after parsing attributes in process `syz.2.16755'. [ 1599.871288][T10179] netlink: 16 bytes leftover after parsing attributes in process `syz.2.16755'. [ 1599.958093][ T4257] usb 4-1: Invalid number of CPorts: 0 [ 1599.963832][ T4257] es2_ap_driver: probe of 4-1:7.0 failed with error -22 [ 1600.129568][T10191] loop5: detected capacity change from 0 to 64 [ 1600.136213][T10190] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 1600.205894][ T4257] usb 4-1: USB disconnect, device number 73 [ 1600.801558][T10218] loop0: detected capacity change from 0 to 256 [ 1600.808241][T10216] netlink: 224 bytes leftover after parsing attributes in process `syz.5.16770'. [ 1600.848282][T10216] netlink: 16 bytes leftover after parsing attributes in process `syz.5.16770'. [ 1601.826489][T10257] overlayfs: missing 'lowerdir' [ 1601.876969][ T4257] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 1602.035000][T10269] loop6: detected capacity change from 0 to 64 [ 1602.060075][T10268] netlink: 'syz.0.16796': attribute type 4 has an invalid length. [ 1602.093591][ T4257] usb 4-1: Using ep0 maxpacket: 8 [ 1602.102919][ T4257] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1602.134513][ T4257] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1602.148730][T10268] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.16796'. [ 1602.161673][ T4257] usb 4-1: Product: syz [ 1602.176980][ T4257] usb 4-1: Manufacturer: syz [ 1602.191422][ T4257] usb 4-1: SerialNumber: syz [ 1602.225778][ T4257] usb 4-1: config 0 descriptor?? [ 1602.248993][ T4257] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1602.690361][ T4257] gspca_sq930x: ucbus_write failed -71 [ 1602.700268][ T4257] sq930x: probe of 4-1:0.0 failed with error -71 [ 1602.728985][ T4257] usb 4-1: USB disconnect, device number 74 [ 1602.949510][ T5566] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 1603.015694][T10303] x_tables: unsorted underflow at hook 2 [ 1603.139652][T10306] netlink: 32 bytes leftover after parsing attributes in process `syz.0.16817'. [ 1603.166263][ T5566] usb 3-1: Using ep0 maxpacket: 32 [ 1603.174057][ T5566] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1603.209566][ T5566] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1603.230369][ T5566] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1603.272160][ T5566] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 1603.317043][ T5566] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 1603.326239][ T5566] usb 3-1: Product: syz [ 1603.337643][ T5566] usb 3-1: Manufacturer: syz [ 1603.347878][ T5566] usb 3-1: SerialNumber: syz [ 1603.392188][ T5566] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input89 [ 1603.650536][ T4257] usb 3-1: USB disconnect, device number 71 [ 1603.674269][ T4257] appletouch 3-1:1.0: input: appletouch disconnected [ 1605.030227][T10374] ieee802154 phy1 wpan1: encryption failed: -22 [ 1606.072978][T10406] loop6: detected capacity change from 0 to 2048 [ 1606.146322][T10411] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1606.355387][T10390] loop5: detected capacity change from 0 to 32768 [ 1606.370744][T10411] NILFS (loop6): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 1606.396278][T10416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16868'. [ 1606.396413][T10411] NILFS error (device loop6): nilfs_bmap_propagate: broken bmap (inode number=4) [ 1606.453068][T10390] ERROR: (device loop5): dbAlloc: the hint is outside the map [ 1606.453068][T10390] [ 1606.471811][T10411] Remounting filesystem read-only [ 1606.477557][ T4295] NILFS (loop6): disposed unprocessed dirty file(s) when stopping log writer [ 1606.487289][T10390] ialloc: diAlloc returned -5! [ 1607.503450][T10452] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 1607.860746][T10463] netlink: 'syz.0.16893': attribute type 7 has an invalid length. [ 1607.879929][T10463] netlink: 'syz.0.16893': attribute type 8 has an invalid length. [ 1608.342099][T10482] netlink: 24 bytes leftover after parsing attributes in process `syz.3.16901'. [ 1608.661180][T10493] netlink: 20 bytes leftover after parsing attributes in process `syz.5.16904'. [ 1609.197519][T10519] netlink: 24 bytes leftover after parsing attributes in process `syz.5.16917'. [ 1609.355696][ T4343] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 1609.595475][ T4343] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1609.618548][ T4343] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1609.646419][ T4343] usb 7-1: Product: syz [ 1609.675466][ T4343] usb 7-1: Manufacturer: syz [ 1609.681268][ T4343] usb 7-1: SerialNumber: syz [ 1609.713796][ T4343] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1609.757248][ T4343] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1609.782234][T10533] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 1609.910689][T10535] loop5: detected capacity change from 0 to 64 [ 1610.211381][T10528] loop3: detected capacity change from 0 to 32768 [ 1610.218328][ T1191] usb 7-1: USB disconnect, device number 15 [ 1610.476560][T10547] loop0: detected capacity change from 0 to 512 [ 1610.912538][ T4343] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 1610.919649][ T4343] ath9k_htc: Failed to initialize the device [ 1610.944743][ T1191] usb 7-1: ath9k_htc: USB layer deinitialized [ 1611.002068][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 1611.637224][T10586] ipt_rpfilter: unknown options [ 1613.624010][T10637] dlm: no locking on control device [ 1614.528752][T10633] loop3: detected capacity change from 0 to 40427 [ 1614.531640][T10669] dlm: no locking on control device [ 1614.599189][T10633] F2FS-fs (loop3): invalid crc value [ 1614.604578][T10633] F2FS-fs (loop3): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 1614.676003][T10633] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1614.805579][T10633] F2FS-fs (loop3): write access unavailable, skipping recovery [ 1614.826860][T10633] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1615.545620][T10700] loop6: detected capacity change from 0 to 1024 [ 1615.657772][T10700] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 1615.700483][T10700] EXT4-fs error (device loop6): ext4_empty_dir:3177: inode #11: block 37: comm syz.6.17008: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=3, rec_len=0, size=1024 fake=0 [ 1615.795767][ T4295] EXT4-fs (loop6): unmounting filesystem. [ 1616.362435][T10707] loop5: detected capacity change from 0 to 40427 [ 1616.406623][T10707] F2FS-fs (loop5): invalid crc value [ 1616.412014][T10707] F2FS-fs (loop5): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 1616.471617][T10707] F2FS-fs (loop5): Found nat_bits in checkpoint [ 1616.571237][ T2310] pvrusb2: request_firmware fatal error with code=-110 [ 1616.586910][ T2310] pvrusb2: Failure uploading firmware1 [ 1616.592549][ T2310] pvrusb2: Device initialization was not successful. [ 1616.602721][T10707] F2FS-fs (loop5): recover fsync data on readonly fs [ 1616.609795][T10707] F2FS-fs (loop5): Cannot turn on quotas: -2 on 0 [ 1616.621968][ T2310] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 1616.632126][ T2310] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 1616.660284][ T7093] pvrusb2: Device being rendered inoperable [ 1616.666885][T10707] F2FS-fs (loop5): Cannot turn on quotas: -2 on 1 [ 1616.675679][ T4343] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 1616.694559][T10707] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1616.881701][ T4343] usb 7-1: Using ep0 maxpacket: 32 [ 1616.888763][ T4343] usb 7-1: config 0 has an invalid interface number: 35 but max is 0 [ 1616.946512][ T4343] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1616.989557][ T4343] usb 7-1: config 0 has no interface number 0 [ 1617.014575][ T4343] usb 7-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1617.064275][ T4343] usb 7-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 1617.095680][ T4343] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1617.128530][ T4343] usb 7-1: Product: syz [ 1617.140016][ T4343] usb 7-1: Manufacturer: syz [ 1617.149990][ T4343] usb 7-1: SerialNumber: syz [ 1617.175874][ T4343] usb 7-1: config 0 descriptor?? [ 1617.187294][ T4343] radio-si470x 7-1:0.35: could not find interrupt in endpoint [ 1617.205995][ T4343] radio-si470x: probe of 7-1:0.35 failed with error -5 [ 1617.404513][ T4343] radio-raremono 7-1:0.35: this is not Thanko's Raremono. [ 1617.411999][ T4343] usbhid 7-1:0.35: couldn't find an input interrupt endpoint [ 1617.437333][T10754] ipt_CLUSTERIP: no config found for 127.0.0.1, need 'new' [ 1617.641914][ T7093] usb 7-1: USB disconnect, device number 16 [ 1619.653034][T10846] netlink: 220 bytes leftover after parsing attributes in process `syz.3.17079'. [ 1619.931852][T10861] netlink: 'syz.3.17095': attribute type 27 has an invalid length. [ 1620.236850][T10875] device bridge6 entered promiscuous mode [ 1620.372687][T10881] netlink: 272 bytes leftover after parsing attributes in process `syz.3.17093'. [ 1620.639472][T10891] device vlan0 entered promiscuous mode [ 1621.112883][T10911] netlink: 272 bytes leftover after parsing attributes in process `syz.5.17109'. [ 1621.400878][T10922] loop0: detected capacity change from 0 to 256 [ 1621.445910][T10922] FAT-fs (loop0): Directory bread(block 64) failed [ 1621.452559][T10922] FAT-fs (loop0): Directory bread(block 65) failed [ 1621.459534][T10922] FAT-fs (loop0): Directory bread(block 66) failed [ 1621.466235][T10922] FAT-fs (loop0): Directory bread(block 67) failed [ 1621.473312][T10922] FAT-fs (loop0): Directory bread(block 68) failed [ 1621.481435][T10922] FAT-fs (loop0): Directory bread(block 69) failed [ 1621.490004][T10922] FAT-fs (loop0): Directory bread(block 70) failed [ 1621.497032][T10922] FAT-fs (loop0): Directory bread(block 71) failed [ 1621.503750][T10922] FAT-fs (loop0): Directory bread(block 72) failed [ 1621.511442][T10922] FAT-fs (loop0): Directory bread(block 73) failed [ 1621.739910][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1621.781235][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1621.810238][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1621.832760][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1621.864947][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1621.886674][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1621.908335][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1621.915872][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1621.950145][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1621.990598][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1622.009412][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1622.031269][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1622.053165][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1622.070856][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1622.089548][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1622.100513][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1622.127057][ T4343] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 1622.169334][ T4343] hid-generic C990:0003:007F.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 1622.821437][T10962] fido_id[10962]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1622.983592][T10980] netlink: 'syz.5.17153': attribute type 27 has an invalid length. [ 1623.904761][T11012] device vlan0 entered promiscuous mode [ 1624.055816][T11022] netlink: 'syz.2.17163': attribute type 2 has an invalid length. [ 1624.395509][T11036] loop5: detected capacity change from 0 to 512 [ 1624.542605][T11036] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1624.589980][T11045] netlink: 3 bytes leftover after parsing attributes in process `syz.2.17176'. [ 1624.599424][T11045] 0ªX¹¦À: renamed from caif0 [ 1624.607136][T11045] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 1624.660879][T11036] EXT4-fs error (device loop5): ext4_empty_dir:3139: inode #12: comm syz.5.17170: Directory block failed checksum [ 1624.820296][ T3517] EXT4-fs (loop5): unmounting filesystem. [ 1625.211272][T11063] loop3: detected capacity change from 0 to 2048 [ 1625.617493][T11083] netlink: 'syz.0.17193': attribute type 3 has an invalid length. [ 1625.640630][T11082] loop3: detected capacity change from 0 to 1764 [ 1625.657047][T11083] netlink: 'syz.0.17193': attribute type 3 has an invalid length. [ 1625.940445][T11094] netlink: 17 bytes leftover after parsing attributes in process `syz.0.17198'. [ 1626.238455][T11111] netlink: 'syz.0.17206': attribute type 2 has an invalid length. [ 1627.673955][T11131] loop3: detected capacity change from 0 to 32768 [ 1628.559860][T11186] loop3: detected capacity change from 0 to 256 [ 1628.585118][T11181] lo speed is unknown, defaulting to 1000 [ 1628.816972][T11191] program syz.6.17245 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1629.137903][T11196] delete_channel: no stack [ 1629.423908][T11205] netlink: 17 bytes leftover after parsing attributes in process `syz.3.17251'. [ 1629.670161][T11217] netlink: 156 bytes leftover after parsing attributes in process `syz.5.17256'. [ 1629.906900][T11225] device bridge3 entered promiscuous mode [ 1630.066396][T11230] loop0: detected capacity change from 0 to 2048 [ 1630.277862][T11237] ip6t_srh: unknown srh invflags 4000 [ 1630.287942][T11241] netlink: 17 bytes leftover after parsing attributes in process `syz.2.17267'. [ 1630.545773][T11249] netlink: 'syz.2.17272': attribute type 5 has an invalid length. [ 1630.988511][T11264] ieee802154 phy1 wpan1: encryption failed: -22 [ 1631.391874][T11284] netlink: 156 bytes leftover after parsing attributes in process `syz.0.17289'. [ 1631.940248][ T1191] usb 1-1: new full-speed USB device number 87 using dummy_hcd [ 1632.078197][T11279] loop5: detected capacity change from 0 to 32768 [ 1632.151820][ T1191] usb 1-1: config 0 has an invalid interface number: 128 but max is 0 [ 1632.162238][ T1191] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1632.199990][ T1191] usb 1-1: config 0 has no interface number 0 [ 1632.262152][ T1191] usb 1-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a [ 1632.281838][ T1191] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1632.305358][T27111] read_mapping_page failed! [ 1632.313432][T27111] ERROR: (device loop5): txCommit: [ 1632.313432][T27111] [ 1632.323033][ T1191] usb 1-1: Product: syz [ 1632.327275][ T1191] usb 1-1: Manufacturer: syz [ 1632.354420][ T1191] usb 1-1: SerialNumber: syz [ 1632.363136][T27111] ERROR: (device loop5): remounting filesystem as read-only [ 1632.370520][T27111] jfs_write_inode: jfs_commit_inode failed! [ 1632.405176][ T1191] usb 1-1: config 0 descriptor?? [ 1632.669165][ T1191] usb 1-1: USB disconnect, device number 87 [ 1633.047692][T11327] loop3: detected capacity change from 0 to 512 [ 1633.054940][T11327] /dev/loop3: Can't open blockdev [ 1633.142845][ T7093] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 1633.402149][ T7093] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1633.423643][ T7093] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1633.443754][ T7093] usb 6-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 1633.466440][ T7093] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1633.486752][ T7093] usb 6-1: config 0 descriptor?? [ 1633.673768][ T4343] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 1633.744207][ T7093] usb 6-1: USB disconnect, device number 15 [ 1633.793382][T11349] ip6t_srh: unknown srh invflags 4000 [ 1633.892751][ T4343] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1633.913897][ T4343] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1633.950733][ T4343] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1633.966192][ T4343] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 1633.988746][ T4343] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 1633.989166][ T4485] udevd[4485]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1633.997856][ T4343] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1634.080160][ T4343] usb 3-1: config 0 descriptor?? [ 1634.321657][ T4343] hdpvr 3-1:0.0: firmware version 0x15 dated Š–¸&S¶3;¨“Ãx&X^„œ wÒΖŠ g/ƒ µn#»† [ 1634.442488][T11365] netlink: 'syz.0.17329': attribute type 5 has an invalid length. [ 1634.550383][ T4343] hdpvr 3-1:0.0: device init failed [ 1634.566292][ T4343] hdpvr: probe of 3-1:0.0 failed with error -12 [ 1634.617516][ T4343] usb 3-1: USB disconnect, device number 72 [ 1635.134396][T11390] loop3: detected capacity change from 0 to 22 [ 1635.167440][T11390] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 1635.212130][T11390] /dev/loop3: Can't open blockdev [ 1635.456998][T11391] lo speed is unknown, defaulting to 1000 [ 1636.751224][T11441] loop3: detected capacity change from 0 to 4096 [ 1636.853129][T11445] netlink: 12 bytes leftover after parsing attributes in process `syz.2.17367'. [ 1637.079217][ T4485] udevd[4485]: incorrect nilfs2 checksum on /dev/loop3 [ 1637.216624][T11456] dlm: plock device version mismatch: kernel (1.2.0), user (1.512.4294901762) [ 1637.315707][T11453] loop0: detected capacity change from 0 to 4096 [ 1637.458202][T11453] ntfs: volume version 3.1. [ 1637.868769][T11474] netlink: 40 bytes leftover after parsing attributes in process `syz.2.17381'. [ 1637.968679][T11476] netlink: 12 bytes leftover after parsing attributes in process `syz.3.17383'. [ 1639.631638][T11532] loop0: detected capacity change from 0 to 8 [ 1639.710497][T11532] SQUASHFS error: Unable to read directory block [629:26] [ 1640.095161][T11542] lo speed is unknown, defaulting to 1000 [ 1640.221266][T11545] netlink: 'syz.3.17417': attribute type 3 has an invalid length. [ 1640.704417][T11564] netlink: 'syz.3.17425': attribute type 2 has an invalid length. [ 1640.730834][T11564] netlink: 'syz.3.17425': attribute type 8 has an invalid length. [ 1640.749953][T11564] netlink: 132 bytes leftover after parsing attributes in process `syz.3.17425'. [ 1641.468545][T11592] loop3: detected capacity change from 0 to 64 [ 1641.561008][ T4485] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1642.175029][T11615] netlink: 16 bytes leftover after parsing attributes in process `syz.5.17450'. [ 1642.345396][T11609] loop3: detected capacity change from 0 to 4096 [ 1642.432353][T11624] loop6: detected capacity change from 0 to 8 [ 1642.517941][T11615] netlink: 16 bytes leftover after parsing attributes in process `syz.5.17450'. [ 1642.566038][T11624] SQUASHFS error: Unable to read directory block [629:26] [ 1643.074630][ T26] audit: type=1326 audit(1575.483:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.6.17463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1643.126705][ T26] audit: type=1326 audit(1575.511:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.6.17463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1643.291330][ T26] audit: type=1326 audit(1575.529:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.6.17463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1643.380340][ T26] audit: type=1326 audit(1575.529:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.6.17463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1643.481420][T11654] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1643.499803][ T26] audit: type=1326 audit(1575.529:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11640 comm="syz.6.17463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161ab9af79 code=0x7ffc0000 [ 1643.543205][T11654] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1643.566061][T11654] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1643.589338][T11654] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1643.616026][T11654] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1643.655219][T11654] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1643.687374][T11654] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1643.705614][T11654] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1644.061463][T11674] netlink: 'syz.2.17479': attribute type 2 has an invalid length. [ 1644.090030][T11674] netlink: 'syz.2.17479': attribute type 8 has an invalid length. [ 1644.115646][T11674] netlink: 132 bytes leftover after parsing attributes in process `syz.2.17479'. [ 1644.144961][T11672] netlink: 8 bytes leftover after parsing attributes in process `syz.5.17476'. [ 1644.503518][T11658] loop6: detected capacity change from 0 to 32768 [ 1644.810007][T11696] afs: Unexpected value for 'dyn' [ 1645.451365][ T26] audit: type=1326 audit(1577.680:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11714 comm="syz.0.17501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0a39af79 code=0x7ffc0000 [ 1645.473411][ C1] vkms_vblank_simulate: vblank timer overrun [ 1645.521821][ T26] audit: type=1326 audit(1577.717:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11714 comm="syz.0.17501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0a39af79 code=0x7ffc0000 [ 1645.543860][ C1] vkms_vblank_simulate: vblank timer overrun [ 1645.633925][ T26] audit: type=1326 audit(1577.717:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11714 comm="syz.0.17501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f1a0a39af79 code=0x7ffc0000 [ 1645.720584][ T26] audit: type=1326 audit(1577.717:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11714 comm="syz.0.17501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0a39af79 code=0x7ffc0000 [ 1645.742624][ C1] vkms_vblank_simulate: vblank timer overrun [ 1645.805976][ T26] audit: type=1326 audit(1577.717:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11714 comm="syz.0.17501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0a39af79 code=0x7ffc0000 [ 1646.190976][T11710] loop3: detected capacity change from 0 to 32768 [ 1646.300622][T11751] netlink: 176 bytes leftover after parsing attributes in process `syz.2.17514'. [ 1646.329323][T11710] XFS (loop3): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 1646.464038][ T4268] XFS (loop3): Unmounting Filesystem [ 1647.104775][T11779] bridge5: the hash_elasticity option has been deprecated and is always 16 [ 1647.364599][T11790] loop0: detected capacity change from 0 to 8 [ 1647.386943][T11790] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 1647.415827][T14528] udevd[14528]: incorrect cramfs checksum on /dev/loop0 [ 1647.477737][T11790] cramfs: Error -3 while decompressing! [ 1647.508426][T11792] netlink: 20 bytes leftover after parsing attributes in process `syz.5.17533'. [ 1647.517592][T11792] netlink: 20 bytes leftover after parsing attributes in process `syz.5.17533'. [ 1647.527089][T11790] cramfs: ffffffff96d881c8(18)->ffff888048c47000(4096) [ 1647.552039][T11790] cramfs: Error -3 while decompressing! [ 1647.557669][T11790] cramfs: ffffffff96d881c8(18)->ffff888048c47000(4096) [ 1647.895398][T11809] netlink: 'syz.0.17542': attribute type 1 has an invalid length. [ 1648.004785][T11811] loop5: detected capacity change from 0 to 1024 [ 1648.107508][T11811] hfsplus: keylen 65060 too large [ 1648.117667][T11817] loop6: detected capacity change from 0 to 64 [ 1648.129133][T11819] vim2m vim2m.0: Fourcc format (0x31384142) invalid. [ 1648.172976][T11817] hfs: unable to locate alternate MDB [ 1648.178474][T11817] hfs: continuing without an alternate MDB [ 1648.336045][T27101] [ 1648.338464][T27101] ====================================================== [ 1648.345513][T27101] WARNING: possible circular locking dependency detected [ 1648.352571][T27101] syzkaller #0 Not tainted [ 1648.357019][T27101] ------------------------------------------------------ [ 1648.364067][T27101] kworker/u4:11/27101 is trying to acquire lock: [ 1648.370422][T27101] ffff888077dd1af8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xfb/0x13f0 [ 1648.381291][T27101] [ 1648.381291][T27101] but task is already holding lock: [ 1648.388695][T27101] ffff8880529460b0 (&tree->tree_lock#2/1){+.+.}-{3:3}, at: hfs_find_init+0x15b/0x1d0 [ 1648.398259][T27101] [ 1648.398259][T27101] which lock already depends on the new lock. [ 1648.398259][T27101] [ 1648.408692][T27101] [ 1648.408692][T27101] the existing dependency chain (in reverse order) is: [ 1648.417735][T27101] [ 1648.417735][T27101] -> #1 (&tree->tree_lock#2/1){+.+.}-{3:3}: [ 1648.425882][T27101] __mutex_lock+0x12d/0xaf0 [ 1648.430965][T27101] hfs_find_init+0x15b/0x1d0 [ 1648.436131][T27101] hfs_get_block+0x553/0xc50 [ 1648.441298][T27101] block_read_full_folio+0x3e6/0xf00 [ 1648.447160][T27101] filemap_read_folio+0x16b/0x770 [ 1648.447706][T11823] loop0: detected capacity change from 0 to 736 [ 1648.452738][T27101] do_read_cache_folio+0x2a0/0x760 [ 1648.452771][T27101] do_read_cache_page+0x32/0x220 [ 1648.452796][T27101] __hfs_bnode_create+0x4ad/0x7b0 [ 1648.452824][T27101] hfs_bnode_find+0x21e/0xd40 [ 1648.452849][T27101] hfs_brec_find+0x178/0x500 [ 1648.452874][T27101] hfs_brec_read+0x20/0x100 [ 1648.452900][T27101] hfs_cat_find_brec+0x174/0x3f0 [ 1648.452929][T27101] hfs_fill_super+0xff8/0x15b0 [ 1648.452947][T27101] mount_bdev+0x287/0x3c0 [ 1648.452967][T27101] legacy_get_tree+0xe6/0x180 [ 1648.512308][T27101] vfs_get_tree+0x88/0x270 [ 1648.517299][T27101] do_new_mount+0x24a/0xa40 [ 1648.522371][T27101] __se_sys_mount+0x2e3/0x3d0 [ 1648.527619][T27101] do_syscall_64+0x4c/0xa0 [ 1648.532688][T27101] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1648.539155][T27101] [ 1648.539155][T27101] -> #0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}: [ 1648.548678][T27101] __lock_acquire+0x2d07/0x7d10 [ 1648.554103][T27101] lock_acquire+0x1bb/0x4a0 [ 1648.559174][T27101] __mutex_lock+0x12d/0xaf0 [ 1648.564251][T27101] hfs_extend_file+0xfb/0x13f0 [ 1648.569598][T27101] hfs_bmap_reserve+0x103/0x420 [ 1648.575027][T27101] __hfs_ext_write_extent+0x1fa/0x470 [ 1648.580973][T27101] hfs_ext_write_extent+0x17b/0x200 [ 1648.586778][T27101] hfs_write_inode+0xd8/0xa20 [ 1648.592050][T27101] __writeback_single_inode+0x75b/0x1160 [ 1648.598353][T27101] writeback_sb_inodes+0xb30/0x1850 [ 1648.604125][T27101] wb_writeback+0x482/0xd50 [ 1648.609226][T27101] wb_workfn+0x423/0xee0 [ 1648.614032][T27101] process_one_work+0x8a2/0x1160 [ 1648.619537][T27101] worker_thread+0xaa2/0x1270 [ 1648.624779][T27101] kthread+0x29d/0x330 [ 1648.629404][T27101] ret_from_fork+0x1f/0x30 [ 1648.634391][T27101] [ 1648.634391][T27101] other info that might help us debug this: [ 1648.634391][T27101] [ 1648.644648][T27101] Possible unsafe locking scenario: [ 1648.644648][T27101] [ 1648.652136][T27101] CPU0 CPU1 [ 1648.657534][T27101] ---- ---- [ 1648.662944][T27101] lock(&tree->tree_lock#2/1); [ 1648.667856][T27101] lock(&HFS_I(tree->inode)->extents_lock); [ 1648.676399][T27101] lock(&tree->tree_lock#2/1); [ 1648.683918][T27101] lock(&HFS_I(tree->inode)->extents_lock); [ 1648.689940][T27101] [ 1648.689940][T27101] *** DEADLOCK *** [ 1648.689940][T27101] [ 1648.698120][T27101] 3 locks held by kworker/u4:11/27101: [ 1648.703612][T27101] #0: ffff888141ee3138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 1648.714399][T27101] #1: ffffc90005577d00 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 1648.726309][T27101] #2: ffff8880529460b0 (&tree->tree_lock#2/1){+.+.}-{3:3}, at: hfs_find_init+0x15b/0x1d0 [ 1648.736310][T27101] [ 1648.736310][T27101] stack backtrace: [ 1648.742232][T27101] CPU: 0 PID: 27101 Comm: kworker/u4:11 Not tainted syzkaller #0 [ 1648.749986][T27101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1648.760250][T27101] Workqueue: writeback wb_workfn (flush-7:6) [ 1648.766292][T27101] Call Trace: [ 1648.769607][T27101] [ 1648.772573][T27101] dump_stack_lvl+0x188/0x24e [ 1648.777308][T27101] ? load_image+0x400/0x400 [ 1648.781868][T27101] ? show_regs_print_info+0x12/0x12 [ 1648.787122][T27101] ? print_circular_bug+0x12b/0x1a0 [ 1648.792379][T27101] check_noncircular+0x296/0x330 [ 1648.797375][T27101] ? look_up_lock_class+0x75/0x140 [ 1648.802528][T27101] ? add_chain_block+0x940/0x940 [ 1648.807517][T27101] ? lockdep_lock+0xf1/0x1f0 [ 1648.812250][T27101] ? unwind_next_frame+0x1880/0x20b0 [ 1648.817580][T27101] ? _find_first_zero_bit+0xcf/0x100 [ 1648.822913][T27101] __lock_acquire+0x2d07/0x7d10 [ 1648.827831][T27101] ? ret_from_fork+0x1f/0x30 [ 1648.832481][T27101] ? ret_from_fork+0x1f/0x30 [ 1648.837152][T27101] ? verify_lock_unused+0x140/0x140 [ 1648.842417][T27101] ? stack_trace_save+0xa6/0xf0 [ 1648.847319][T27101] ? stack_trace_snprint+0xf0/0xf0 [ 1648.852484][T27101] ? check_noncircular+0x189/0x330 [ 1648.857655][T27101] ? add_chain_block+0x940/0x940 [ 1648.862734][T27101] lock_acquire+0x1bb/0x4a0 [ 1648.867324][T27101] ? hfs_extend_file+0xfb/0x13f0 [ 1648.872323][T27101] ? __might_sleep+0xd0/0xd0 [ 1648.876956][T27101] ? read_lock_is_recursive+0x10/0x10 [ 1648.882387][T27101] __mutex_lock+0x12d/0xaf0 [ 1648.887030][T27101] ? hfs_extend_file+0xfb/0x13f0 [ 1648.892019][T27101] ? verify_lock_unused+0x140/0x140 [ 1648.897280][T27101] ? hfs_extend_file+0xfb/0x13f0 [ 1648.902266][T27101] ? mutex_lock_nested+0x10/0x10 [ 1648.907278][T27101] ? __stack_depot_save+0x421/0x460 [ 1648.912523][T27101] hfs_extend_file+0xfb/0x13f0 [ 1648.917321][T27101] ? hfs_ext_write_extent+0x14e/0x200 [ 1648.922726][T27101] ? hfs_write_inode+0xd8/0xa20 [ 1648.927700][T27101] ? hfs_get_block+0xc50/0xc50 [ 1648.932491][T27101] ? trace_raw_output_contention_end+0xd0/0xd0 [ 1648.938679][T27101] ? rcu_is_watching+0x11/0xa0 [ 1648.943478][T27101] ? trace_contention_end+0x5f/0x170 [ 1648.948876][T27101] ? memset+0x1e/0x40 [ 1648.952886][T27101] ? hfs_brec_find+0x197/0x500 [ 1648.957685][T27101] hfs_bmap_reserve+0x103/0x420 [ 1648.962577][T27101] __hfs_ext_write_extent+0x1fa/0x470 [ 1648.968002][T27101] hfs_ext_write_extent+0x17b/0x200 [ 1648.973255][T27101] ? verify_lock_unused+0x140/0x140 [ 1648.978580][T27101] ? hfs_ext_keycmp+0x310/0x310 [ 1648.983475][T27101] ? writeback_sb_inodes+0x46b/0x1850 [ 1648.988974][T27101] hfs_write_inode+0xd8/0xa20 [ 1648.993691][T27101] ? hfs_inode_write_fork+0x1a0/0x1a0 [ 1648.999184][T27101] ? __writeback_single_inode+0x4ae/0x1160 [ 1649.005107][T27101] ? __lock_acquire+0x7d10/0x7d10 [ 1649.010158][T27101] ? do_raw_spin_lock+0x128/0x2f0 [ 1649.015203][T27101] ? __rwlock_init+0x140/0x140 [ 1649.019988][T27101] __writeback_single_inode+0x75b/0x1160 [ 1649.025654][T27101] writeback_sb_inodes+0xb30/0x1850 [ 1649.030890][T27101] ? queue_io+0x5a0/0x5a0 [ 1649.035250][T27101] ? rcu_is_watching+0x11/0xa0 [ 1649.040044][T27101] wb_writeback+0x482/0xd50 [ 1649.044580][T27101] ? percpu_ref_tryget+0x250/0x250 [ 1649.049773][T27101] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1649.055782][T27101] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1649.061003][T27101] wb_workfn+0x423/0xee0 [ 1649.065281][T27101] ? inode_wait_for_writeback+0x220/0x220 [ 1649.071027][T27101] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1649.077138][T27101] ? read_lock_is_recursive+0x10/0x10 [ 1649.082536][T27101] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 1649.088458][T27101] ? _raw_spin_unlock+0x40/0x40 [ 1649.093339][T27101] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1649.098586][T27101] ? process_one_work+0x7b0/0x1160 [ 1649.103725][T27101] process_one_work+0x8a2/0x1160 [ 1649.108687][T27101] ? worker_detach_from_pool+0x240/0x240 [ 1649.114340][T27101] ? _raw_spin_lock_irq+0xb7/0xf0 [ 1649.119386][T27101] ? _raw_spin_lock_irqsave+0x100/0x100 [ 1649.125035][T27101] ? kthread_data+0x4b/0xc0 [ 1649.129567][T27101] worker_thread+0xaa2/0x1270 [ 1649.134289][T27101] kthread+0x29d/0x330 [ 1649.138376][T27101] ? worker_clr_flags+0x1a0/0x1a0 [ 1649.143420][T27101] ? kthread_blkcg+0xd0/0xd0 [ 1649.148039][T27101] ret_from_fork+0x1f/0x30 [ 1649.152492][T27101] [ 1649.191831][T27101] hfs: new node 0 already hashed? [ 1649.197224][T27101] ------------[ cut here ]------------ [ 1649.203042][T27101] WARNING: CPU: 0 PID: 27101 at fs/hfs/bnode.c:520 hfs_bnode_create+0x37a/0x400 [ 1649.212386][T27101] Modules linked in: [ 1649.216336][T27101] CPU: 0 PID: 27101 Comm: kworker/u4:11 Not tainted syzkaller #0 [ 1649.224227][T27101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1649.234363][T27101] Workqueue: writeback wb_workfn (flush-7:6) [ 1649.240459][T27101] RIP: 0010:hfs_bnode_create+0x37a/0x400 [ 1649.246196][T27101] Code: aa a2 8a 89 ee e8 56 3b d6 07 e9 ab fd ff ff e8 4c 51 37 ff 48 89 df e8 04 8b eb 07 48 c7 c7 00 ab a2 8a 89 ee e8 36 3b d6 07 <0f> 0b eb b7 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c b7 fc ff ff 4c [ 1649.265879][T27101] RSP: 0018:ffffc90005576e80 EFLAGS: 00010246 [ 1649.271995][T27101] RAX: 000000000000001f RBX: ffff8880529460e0 RCX: ff41586d1c628900 [ 1649.280049][T27101] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 1649.288109][T27101] RBP: 0000000000000000 R08: ffffc90005576b87 R09: 1ffff92000aaed70 [ 1649.296176][T27101] R10: dffffc0000000000 R11: fffff52000aaed71 R12: 0000000000000000 [ 1649.304209][T27101] R13: ffff888052946000 R14: ffff8881401a5300 R15: dffffc0000000000 [ 1649.312268][T27101] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1649.321271][T27101] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1649.327920][T27101] CR2: 00007fe9c1784180 CR3: 000000003115e000 CR4: 00000000003506f0 [ 1649.335971][T27101] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1649.344019][T27101] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1649.352072][T27101] Call Trace: [ 1649.355384][T27101] [ 1649.358351][T27101] hfs_bmap_alloc+0x53d/0x5d0 [ 1649.363125][T27101] ? hfs_bmap_reserve+0x420/0x420 [ 1649.368228][T27101] ? rcu_is_watching+0x11/0xa0 [ 1649.373085][T27101] hfs_btree_inc_height+0xfd/0xac0 [ 1649.378273][T27101] ? hfs_brec_insert+0x6f6/0xbd0 [ 1649.383294][T27101] ? hfs_brec_insert+0xbd0/0xbd0 [ 1649.388533][T27101] ? do_raw_spin_unlock+0x11d/0x230 [ 1649.393790][T27101] hfs_brec_insert+0x744/0xbd0 [ 1649.398600][T27101] ? hfs_brec_keylen+0x350/0x350 [ 1649.403571][T27101] __hfs_ext_write_extent+0x2a1/0x470 [ 1649.409017][T27101] hfs_ext_write_extent+0x17b/0x200 [ 1649.414259][T27101] ? verify_lock_unused+0x140/0x140 [ 1649.419615][T27101] ? hfs_ext_keycmp+0x310/0x310 [ 1649.424536][T27101] ? writeback_sb_inodes+0x46b/0x1850 [ 1649.430007][T27101] hfs_write_inode+0xd8/0xa20 [ 1649.434729][T27101] ? hfs_inode_write_fork+0x1a0/0x1a0 [ 1649.440238][T27101] ? __writeback_single_inode+0x4ae/0x1160 [ 1649.446092][T27101] ? __lock_acquire+0x7d10/0x7d10 [ 1649.451195][T27101] ? do_raw_spin_lock+0x128/0x2f0 [ 1649.456253][T27101] ? __rwlock_init+0x140/0x140 [ 1649.461111][T27101] __writeback_single_inode+0x75b/0x1160 [ 1649.466795][T27101] writeback_sb_inodes+0xb30/0x1850 [ 1649.472287][T27101] ? queue_io+0x5a0/0x5a0 [ 1649.476683][T27101] ? rcu_is_watching+0x11/0xa0 [ 1649.481516][T27101] wb_writeback+0x482/0xd50 [ 1649.486078][T27101] ? percpu_ref_tryget+0x250/0x250 [ 1649.491275][T27101] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1649.497305][T27101] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1649.502563][T27101] wb_workfn+0x423/0xee0 [ 1649.506867][T27101] ? inode_wait_for_writeback+0x220/0x220 [ 1649.512754][T27101] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1649.518795][T27101] ? read_lock_is_recursive+0x10/0x10 [ 1649.524263][T27101] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 1649.530199][T27101] ? _raw_spin_unlock+0x40/0x40 [ 1649.535137][T27101] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1649.540369][T27101] ? process_one_work+0x7b0/0x1160 [ 1649.545548][T27101] process_one_work+0x8a2/0x1160 [ 1649.550533][T27101] ? worker_detach_from_pool+0x240/0x240 [ 1649.556238][T27101] ? _raw_spin_lock_irq+0xb7/0xf0 [ 1649.561321][T27101] ? _raw_spin_lock_irqsave+0x100/0x100 [ 1649.566988][T27101] ? kthread_data+0x4b/0xc0 [ 1649.571540][T27101] worker_thread+0xaa2/0x1270 [ 1649.576262][T27101] kthread+0x29d/0x330 [ 1649.580439][T27101] ? worker_clr_flags+0x1a0/0x1a0 [ 1649.585527][T27101] ? kthread_blkcg+0xd0/0xd0 [ 1649.590203][T27101] ret_from_fork+0x1f/0x30 [ 1649.594685][T27101] [ 1649.597734][T27101] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1649.605063][T27101] CPU: 0 PID: 27101 Comm: kworker/u4:11 Not tainted syzkaller #0 [ 1649.612845][T27101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1649.623019][T27101] Workqueue: writeback wb_workfn (flush-7:6) [ 1649.629048][T27101] Call Trace: [ 1649.632337][T27101] [ 1649.635276][T27101] dump_stack_lvl+0x188/0x24e [ 1649.639975][T27101] ? memcpy+0x3c/0x60 [ 1649.643965][T27101] ? show_regs_print_info+0x12/0x12 [ 1649.649198][T27101] ? load_image+0x400/0x400 [ 1649.653735][T27101] panic+0x2e5/0x730 [ 1649.657674][T27101] ? bpf_jit_dump+0xd0/0xd0 [ 1649.662245][T27101] ? ret_from_fork+0x1f/0x30 [ 1649.666868][T27101] __warn+0x2f8/0x4f0 [ 1649.670960][T27101] ? hfs_bnode_create+0x37a/0x400 [ 1649.676018][T27101] ? hfs_bnode_create+0x37a/0x400 [ 1649.681517][T27101] report_bug+0x2ba/0x4f0 [ 1649.685875][T27101] ? hfs_bnode_create+0x37a/0x400 [ 1649.690929][T27101] handle_bug+0x3a/0x70 [ 1649.695107][T27101] exc_invalid_op+0x16/0x40 [ 1649.699647][T27101] asm_exc_invalid_op+0x16/0x20 [ 1649.704615][T27101] RIP: 0010:hfs_bnode_create+0x37a/0x400 [ 1649.710282][T27101] Code: aa a2 8a 89 ee e8 56 3b d6 07 e9 ab fd ff ff e8 4c 51 37 ff 48 89 df e8 04 8b eb 07 48 c7 c7 00 ab a2 8a 89 ee e8 36 3b d6 07 <0f> 0b eb b7 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c b7 fc ff ff 4c [ 1649.729909][T27101] RSP: 0018:ffffc90005576e80 EFLAGS: 00010246 [ 1649.735998][T27101] RAX: 000000000000001f RBX: ffff8880529460e0 RCX: ff41586d1c628900 [ 1649.743995][T27101] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 1649.751991][T27101] RBP: 0000000000000000 R08: ffffc90005576b87 R09: 1ffff92000aaed70 [ 1649.759986][T27101] R10: dffffc0000000000 R11: fffff52000aaed71 R12: 0000000000000000 [ 1649.767993][T27101] R13: ffff888052946000 R14: ffff8881401a5300 R15: dffffc0000000000 [ 1649.775999][T27101] hfs_bmap_alloc+0x53d/0x5d0 [ 1649.780716][T27101] ? hfs_bmap_reserve+0x420/0x420 [ 1649.785782][T27101] ? rcu_is_watching+0x11/0xa0 [ 1649.790580][T27101] hfs_btree_inc_height+0xfd/0xac0 [ 1649.795720][T27101] ? hfs_brec_insert+0x6f6/0xbd0 [ 1649.800689][T27101] ? hfs_brec_insert+0xbd0/0xbd0 [ 1649.805661][T27101] ? do_raw_spin_unlock+0x11d/0x230 [ 1649.810882][T27101] hfs_brec_insert+0x744/0xbd0 [ 1649.815689][T27101] ? hfs_brec_keylen+0x350/0x350 [ 1649.820656][T27101] __hfs_ext_write_extent+0x2a1/0x470 [ 1649.826154][T27101] hfs_ext_write_extent+0x17b/0x200 [ 1649.831387][T27101] ? verify_lock_unused+0x140/0x140 [ 1649.836612][T27101] ? hfs_ext_keycmp+0x310/0x310 [ 1649.841499][T27101] ? writeback_sb_inodes+0x46b/0x1850 [ 1649.846904][T27101] hfs_write_inode+0xd8/0xa20 [ 1649.851701][T27101] ? hfs_inode_write_fork+0x1a0/0x1a0 [ 1649.857337][T27101] ? __writeback_single_inode+0x4ae/0x1160 [ 1649.863181][T27101] ? __lock_acquire+0x7d10/0x7d10 [ 1649.868253][T27101] ? do_raw_spin_lock+0x128/0x2f0 [ 1649.873312][T27101] ? __rwlock_init+0x140/0x140 [ 1649.878111][T27101] __writeback_single_inode+0x75b/0x1160 [ 1649.883771][T27101] writeback_sb_inodes+0xb30/0x1850 [ 1649.889010][T27101] ? queue_io+0x5a0/0x5a0 [ 1649.893375][T27101] ? rcu_is_watching+0x11/0xa0 [ 1649.898174][T27101] wb_writeback+0x482/0xd50 [ 1649.902724][T27101] ? percpu_ref_tryget+0x250/0x250 [ 1649.907875][T27101] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1649.913898][T27101] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1649.919127][T27101] wb_workfn+0x423/0xee0 [ 1649.923418][T27101] ? inode_wait_for_writeback+0x220/0x220 [ 1649.929200][T27101] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1649.935219][T27101] ? read_lock_is_recursive+0x10/0x10 [ 1649.940625][T27101] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 1649.946548][T27101] ? _raw_spin_unlock+0x40/0x40 [ 1649.951428][T27101] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1649.956659][T27101] ? process_one_work+0x7b0/0x1160 [ 1649.961902][T27101] process_one_work+0x8a2/0x1160 [ 1649.966870][T27101] ? worker_detach_from_pool+0x240/0x240 [ 1649.972625][T27101] ? _raw_spin_lock_irq+0xb7/0xf0 [ 1649.977668][T27101] ? _raw_spin_lock_irqsave+0x100/0x100 [ 1649.983249][T27101] ? kthread_data+0x4b/0xc0 [ 1649.987795][T27101] worker_thread+0xaa2/0x1270 [ 1649.992518][T27101] kthread+0x29d/0x330 [ 1649.996647][T27101] ? worker_clr_flags+0x1a0/0x1a0 [ 1650.001703][T27101] ? kthread_blkcg+0xd0/0xd0 [ 1650.006339][T27101] ret_from_fork+0x1f/0x30 [ 1650.010820][T27101] [ 1650.014614][T27101] Kernel Offset: disabled [ 1650.018964][T27101] Rebooting in 86400 seconds..