last executing test programs: 1m50.548149553s ago: executing program 2 (id=41): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x8, 0x2, 0x4}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c3a00000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000080000850000002d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m49.815002626s ago: executing program 2 (id=50): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[], 0x38}, 0x1, 0x300}, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x4bfb, &(0x7f0000000000)) 1m49.551901101s ago: executing program 2 (id=52): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000580)={0x0, @bt={0xb40, 0x870, 0x1, 0x1, 0xd59f80, 0x19f2, 0x0, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x2, 0xd1, 0x18, 0x30, {0xb, 0xffffffff}, 0xd0, 0x9}}) 1m49.274867087s ago: executing program 2 (id=56): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000180)={[{@nomblk_io_submit}, {@mblk_io_submit}, {@noload}]}, 0x3, 0x470, &(0x7f0000000dc0)="$eJzs3M1vG0UbAPBn13H65k0hoZSvlo9AQVQIkqYt0AMHQCBxKBISHOBoJaEqTQtqgkSrSKQcygkhJO6II/8CJ7ggxAmJK9xRpQr1QsvJaL27iZ3YTtPYcYt/P8ntM/vhmce7Y8/u2AlgaE1l/yQReyPi94iYyIutG0zl/12/tjJ349rKXBL1+tt/JY3t/r62MlduWu433lyIJA62qXfpwsUztcXFhfNFeWb57EczSxcuPnf6bO3UwqmFc0dPnDh+bPbFF44+35M8xyMtojfe++rNk1+05L8hjx6Z6rbyqXq9x9UN1l1N8cgA28H2VIrjVW30/4moNB29iXj9s7XCpwNqINA39Xq9Pt559Wod+A9LorWsy8OwKD/oy+vfdtfBL/dt9DF4V1/JL4CyvK8Xj3zNyNodg+qG69temoqId1f/+SZ7RH/uQwAAtPghG/88m412Vuayscf6+CON+5u2u7uYG5qMiHsiYl9E3BvnYn9E3BfR2PaBiHhwm/U3TZI0hpmbxz/plVtO7iZk47+Xirmt1vFfOfqLyUqjdCEvRDV5//TiwpHiNTkc1T1ZebZLHT++9tuXndY1j/+yR1Z/ORYs2nFlZE/rPvO15dqtZ9zq6qWIAyPt8k/WZgKSiHgoIg60e4J06zpOP/Pdw53WbZ1/Fz2YaKp/G/F0fvxXY0P+paT7/OTM/2Jx4chMeVZs9suvl9/qVP+O8u+B7Pj/v+35v5b/ZNI8X7u0/Tou//F5x2uaqWoRbOP8X60t10aTdxrxaLHsk9ry8vnZiNHkZN7o5uVH1/cty+X2Wf6HD7Xv//ti/ZU4GBHZSfxIRDwaEY8Vx+7xiHgiIg51yf/nV5/8YOOysTL/2+D4z2/r+K8Ho9G6JG2zTRZUzvz0fUulk+thkf+N7u9/xxvR4WLJzbz/bW5F+2Cnrx8AAADcCdKI2BtJOr0Wp+n0dP4d/v351Hfm43Pz+W8EJqOalne6Jpruh84Wl/V5+VJE5F8tKNcfi7Rx3/jrylijPD334eL8QDMHxjv0/8yflUG3Dug7P9iC4aX/w/Dq2v+ru9cOYPdt6v9d+/yevrYF2F1tPv/HBtEOYPe1G//7ez8wHDb0f9N+METc/4fhpf/D8NL/YSgtjcXWP5LvGpTPdIu7bxVMROy0hYMJonpbNKNvQaR9r2K0v6dW34LkDmzzpmBw70kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99G8AAAD//1KFzjw=") syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x10040d0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) 1m48.499875472s ago: executing program 2 (id=66): r0 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x14, r0, 0x1, 0x1070bd2c, 0x4, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x30) 1m47.812711452s ago: executing program 2 (id=73): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x12, 0xb, 0x18, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd00000080190000ff00573f9394a94b28d100", [0x2, 0x2000000000001]}}) 1m47.253012895s ago: executing program 32 (id=73): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x12, 0xb, 0x18, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd00000080190000ff00573f9394a94b28d100", [0x2, 0x2000000000001]}}) 50.122396396s ago: executing program 1 (id=479): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000100)={[{@nobarrier}, {@gid}, {}, {@nls={'nls', 0x3d, 'maciceland'}}, {@nodecompose}, {@creator={'creator', 0x3d, "f3cdd85d"}}, {@nodecompose}, {@nodecompose}]}, 0x3, 0x6a4, &(0x7f0000001b40)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=") link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') truncate(&(0x7f0000000000)='./bus\x00', 0x9471) 49.675817762s ago: executing program 1 (id=483): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=@ipv4_newaddr={0x34, 0x14, 0x509, 0x0, 0x25dfdbfd, {0x2, 0x1f, 0x82, 0xcb, r1}, [@IFA_LOCAL={0x8, 0x2, @empty}, @IFA_CACHEINFO={0x14, 0x6, {0x4, 0x5, 0x6a, 0x9}}]}, 0x34}}, 0x0) 49.248803677s ago: executing program 1 (id=487): r0 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000240)={0x1c, r0, 0x1, 0x70bd28, 0x25dfdc02, {0x1, 0x0, 0x106}, [@FOU_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x4080) 48.953987644s ago: executing program 1 (id=491): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x80, &(0x7f0000000380)={[{@nls={'nls', 0x3d, 'cp1251'}}, {@gid}, {@part={'part', 0x3d, 0xb8}}, {@nobarrier}, {@gid}, {@gid}, {@gid}]}, 0x44, 0x70c, &(0x7f00000027c0)="$eJzs3U1sHGcZAOB31uuNN5XcbZu0BSHFakQEDSS2l5IgIRGqCvlQQSQuvS6J01heu8F2kRMh4gCFI5xQDj0UIXPoCfWAVMQBUc5ISFxR7pF6jziwaH52vbu217v1X5I+jzQ738x8P++8nvm8nk20AXxuzb0V4xuRxNz5N9fT7Qeb9eaDzfpSuxwRJyKiFFHOV5EsRySfRFyJfIkvpDuL7pLdxnnt4cfvn7v/YT3fKhdLVr80qN2W1oARNoolpiJirFjHxEiZKO/W37V4Pe+vy92Ruk46cacJO9tOHBy31jYbozQf4r4FHnd3I8bGd9hfizhZ/CpN3wdEMTuUjji8AzfSLAcAAACPp7G9Kjz7KB7FekweTTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwdEjy7wxMiqXULk9F0v7+/0qxL1WpHHO8g31tj+Pv3TiiQAAAAAAAAADgUHxUfHB/5lE8ivWYbO9vJdln/q9kG6ey12fi3ViN+ViJC7EejViLtViJmYjxya4OK+uNtbWVme0tfxdpy1ardbdoORsRtW0tZ3cJtHTAJw4AAAAAAAAAT6efx1xMHncQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQLYkYy1fZcqpdrkWpHBETEVFJ621E/LVdfpL97bgDAAAAgMNXLdaTyf/yQivJ/uZ/Mfu7fyLejeVYi4VYi2bMx/XsWUD+V3/pXxv15oPN+lK6bO/4u5+OFEfWY0SMxb1dRp7OapzutJiL78UP43xMxdVYiYX4STRiLeZjKqrpSUQjkqhV86cXtXacO8d7pWfran9sZ/q2X84iqcaNWMhiuxDXKpE/NsnOIR3z5a7R/lyJ6BvxXpqd5DuFIXN0vevn9dviuUyh9eyQfRyOWnbm452MTKe5L7Lx3ODcD7xOfrznSDNR6jyDOrU1SrrZP1I75z8aJecn89VE+vKr3pwftAGP0sZ32NefidkoFVdfxIu9Ob/15fvP9zb+6r//fvVmaXnx5o3V84d4SvsxtVeFTlL6M1HvysRLg6++IhPNNBMbw2di289jYtiWh6tSZCObioacLd/ISo14pesSfCeux3xciumYicsxHd+K2ah3rrB0Od2T13J9qTcn2b1W2j6/VQcEf/YrXZV+vUflo5Xm5bmuvHbPdLXsWLHnym9iuuvqe37w1Xfv0zd+kJeGnJHS8b9YlNMxftH5jfM46MlEMTe3o3thcCZ+30pfV5vLiys3G7eGHO9csU5v2/d65+Y/DB91/2/3/WhHkF4v6YxbzraynFTb10t67IVO3d58VYpPXPJ2pW3HTneO1WIyFuL7u96pleI93Pae8mMvdR/7z9bMWSne37SP9bzLiXeimb0L6bPnVA3AETv56slK9WH1n9UPqr+s3qy+OfH6icsnvlSJ8X+U/zL2p9IfS99OXo0P4mcxedyRAgAAAAAAAAAAAAAAAAAAAAAAAAAAAADA02D19p3FRrM5v9IpxET/nv0WKruONbgQpT3rbD4zXIdRixg8VlIUKgd77k9ioRp9e9rfb7Tfnj+KiAF1KvsOPhn5Ghu5kObhQDpstfKkZntaYyM0L7db7VynHKsTsdhIyjvccSe27oKoLTaa/231NK9G1y0DPOUuri3durh6+87XF5Yab8+/Pb88e/nS5Uv1b8584+KNheb8dP563FECh2H19p2xHXbv9M3DAAAAAAAAAAAAwGOi+Nf/a5/5PzOU96hTWVndeeQzR32qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBNq7q0Y34gkZqYvTKfbDzbrzXRpl4tqpa1V8tOI5JOIK5EvUevqLtltnNcefvz+ufsf1vOtcrFk9UuD2g1no1hiKiLGivXeTuzQzfb+rnX1t/GZwks6Z5gm7Gw7cXDc/h8AAP//OhP3FA==") r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 48.50845379s ago: executing program 1 (id=495): writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000080)="76e5eac907f9ccf7a251ceddcec7d6aa45cffe2c63a56077123a276d3ba4e9d17eb3eb5db12a3783a8e0620d357de1fe04fa9465b5bd1286e9624dec06a00c222f", 0x41}], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) 47.834737609s ago: executing program 1 (id=500): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000340)=@mmap={0x0, 0x2, 0x4, 0xffffff7f, 0x101, {}, {0x0, 0xc, 0x0, 0x0, 0x0, 0x0, "186856f3"}}) 47.14194678s ago: executing program 33 (id=500): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000340)=@mmap={0x0, 0x2, 0x4, 0xffffff7f, 0x101, {}, {0x0, 0xc, 0x0, 0x0, 0x0, 0x0, "186856f3"}}) 33.407671468s ago: executing program 3 (id=590): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) setuid(0xee01) ioctl$SIOCRSSL2CALL(r0, 0x89e2, 0x0) 33.172168882s ago: executing program 3 (id=592): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000080)={0x0, 0x40}, 0x8) 32.817405362s ago: executing program 3 (id=596): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000540)={'team0\x00', &(0x7f0000000240)=@ethtool_coalesce={0xf, 0x841e, 0xa04f, 0x90, 0x0, 0x8, 0x1, 0x9, 0xffffffff, 0x6, 0x9, 0x8, 0x2, 0x0, 0xe, 0x6, 0x101, 0x7, 0x401, 0x180000, 0x35a, 0x27e, 0xffffffff}}) r0 = memfd_create(&(0x7f0000000080)='%\x00', 0x3) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {0x1, 0x4}, [{0x2, 0x6}], {}, [], {0x10, 0x3}}, 0x34, 0x2) 32.559012327s ago: executing program 3 (id=597): syz_mount_image$ext4(&(0x7f0000000600)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x10081, &(0x7f00000000c0)={[{@nodioread_nolock}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@mblk_io_submit}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2e}, 0x84, 0x450, &(0x7f0000000dc0)="$eJzs289vFFUcAPDvzLYgv2xF/MEPtYrGxh8tLagcvGg04WJiogc81lIIslBDayKESDUGj4a/QD2a+Bd40otRTxqvejcmxHARPZgxszsDS7tbd7tbtrCfTzLtezNv973vzLzdN/N2AhhYY/mfJGJ7RPwaESP17M0Fxur/rl29MPv31QuzSWTZG38mtXJ/Xb0wWxYtX7etyIynEenHSextUu/CufOnZqrVubNFfnLx9LuTC+fOP3vy9MyJuRNzZ6YPHz50cOqF56ef60mcO/K27vlgft/uI29dfm326OW3f/gqb+/2YntjHHWjXdc5FmM378sGT3T97hvLjoZ0MtTHhtCRSkTkh2u41v9HohI3Dt5IvPpRXxsHrKssy7LNK9ZWysRSBtzBkuh3C4D+KL/o8+vfcrmFw4++u/JS/QIoj/tasdS3DEValBledn3bS2MRcXTpn8/yJZrehwAA6K1v8vHPM83Gf2nc31Du7mJuaDQi7omInRFxb0Tsioj7ImplH4iIBzusf2xZfuX45+ctawqsTfn478Vibuvm8V85+ovRSpHbUYt/ODl+sjp3oNgn4zG8Oc9PrVLHt6/88mmrbY3jv3zJ6y/HgkU7/hhadoPu2MziTDcxN7ryYcSeoWbxJ9fnrvL/uyNizxreP99nJ5/6cl+r7f8f/yp6MM+UfRHxZP34L8Wy+EvJ6vOTk3dFde7AZHlWrPTjT5deb1V/V/H3QH78tzY9/6/HP5o0ztcudF7Hpd8+aXlNs9bzf1PyZi29qVj3/szi4tmpiE3J0sr10zdeW+bL8nn84/ub9/+dEf9+Xrxub0TkJ/FDEfFwRDxStP3RiHgsIvavEv/3Lz/+ztrjX195/Mc6Ov6dJyqnvvu6Vf3tHf9DtdR4saadz792G9jNvgMAAIDbRVr7DXySTlxPp+nERP03/Ltia1qdX1h8+vj8e2eO1X8rPxrDaXmna6ThfuhUcW+4zE8vyx+s3TfOsizbUstPzM5X12tOHWjPthb9P/d7pd+tA9ZdR/NorZ5oA25LnteEwaX/w+DS/2Fw6f8wuJr1/4sR1/rQFOAW8/0Pg0v/h8Gl/8Pg0v9hIHXzXP9qiZ1H1uud77REZWM0o+NEpBuiGWtLpBujGfXE5ohot/DFuFUN6/cnEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQG/8FwAA//8Hl+jb") mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, 0x0) quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000000)='./file0\x00') 31.222976215s ago: executing program 3 (id=603): syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410884, &(0x7f00000001c0)={[{@nouid32}, {@acl}]}, 0x1, 0x77c, &(0x7f0000001900)="$eJzs3ctrXFUYAPDvTpKmTWsTQdC6CggaKJ2YGlsFFxUXIlgo6Np2mExDzSRTMpPShIAWEVwoqLgQdNO1j7pz62Or/4ULsVRNixVBidzJ3HbaTNIknWSi8/vBTc65jznnm/s4Z+Ye7gTQtYbTP7mIQxHxfhIx2JifRERfPdUbcWJlvZtLi8V0SmJ5+ZXfkvo6N5YWi9G0TWp/I/NIRHz3dsTh3Opyq/MLU4VyuTTbyI/Wps+PVucXjpybLkyWJkszx8bGx48ef/r4sfbF+sePCweufvDiE1+e+Outh6+8930SJ+JAY1lzHO0yHMON96QvfQvv8EK7C+uwpNMVYEvSU7Nn5SyPQzEYPfUUAPB/9kZELAMAXSbR/gNAl8m+B7ixtFjMps5+I7Gzrj0fEXtX4s/ub64s6W3cs9tbvw86cCO5485IEhFDbSh/OCI+/fq1z9Mptuk+JEArb16KiDNDw6uv/8mqMQub9eQ6y/Y0/g/fNd/1D3bON2n/55lW/b/crf5PtOj/9Lc4d7finuf/vjYUso60//dc09i2m03xNwz1NHIP1Pt8fcnZc+VSem07GBEj0def5sfWKWPk+j/X756XvXq9//f3Sv/v9w9f/ywtP/3ftOYvvf13bjtRqBXuN+7MtUsRj/a2ij+5tf+TNfq/pzZYxkvPvvPJWsvS+NN4s2l1/NEYnbQ9li9HPN5y/98e0ZasOz5xtH44jGYHRQtf/fTxwFrlN/f/0yktP/sssBPS/T+wfvxDSfN4zermy/jh8uC3ay27d/ytj/89yav1dNaPuFio1WbHIvYkL6+ef/T2tlk+Wz+Nf+Sx1uf/esd/+pnwzAbj77366xfvHtxq/NsrjX9iU/t/84krN6d61ip/Y/t/vJ4aaczZyPVvoxW8n/cOAAAAAAAAAAAAAAAAAAAAAAAAADYqFxEHIsnlb6VzuXx+5Te8H4qBXLlSrR0+W5mbmYj6b2UPRV8ue9TlYNPzUMcaz8PP8kfvyj8VEQ9GxEf9+5LsOYoTHY4dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADL71/j9/9TP/Z2uHQCwbfZ2ugIAwI7T/gNA99H+A0D30f4DQPfR/gNA99H+AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsM1OnTyZTst/Li0W0/zEhfm5qcqFIxOl6lR+eq6YL1Zmz+cnK5XJcilfrEzf6/XKlcr58ZiZuzhaK1Vro9X5hdPTlbmZ2ulz04XJ0ulS345EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACbU51fmCqUy6VZiS0klu9r82SXRNGGRE/jcNot9dnRRLI7qtHmRIcvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Ef8GAAD//+GAI2c=") r0 = open(&(0x7f00000000c0)='./file1\x00', 0x14927e, 0x6) fallocate(r0, 0x10, 0x100000000, 0x10000) 30.060846323s ago: executing program 3 (id=606): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0xc03, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x51) 29.058230681s ago: executing program 34 (id=606): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0xc03, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x51) 5.017167649s ago: executing program 7 (id=776): syz_mount_image$reiserfs(&(0x7f0000000140), &(0x7f0000000040)='./bus\x00', 0xc2, &(0x7f0000000080)={[{@acl}, {@usrjquota_file, 0x4}, {@hash_rupasov}, {@balloc_hashed_reloc}, {@usrjquota, 0x3d}]}, 0x12, 0x1115, &(0x7f0000002280)="$eJzs2D9rFEEYB+Df7B0Yq5NNvwhaWEhIODurFBGutbaRkMpUuSoiiN/FjyOp7EM+gEXAUhjZTdYTCUS5CxJ4Hpjd4Z13/pXvBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK687D/bTdKOkSZJSbrubHGRpBvjj75MmpS8PlosD07mr5ZJJkN66Vs/q5+Wdu/JVjtv5+1e+2J7/2m7PH3/7u3x8dHJ9TIlXc4vN3+Rcn2eG22VzW8IAAAA90Rd2+zPJadj528q7vX3BwAAAG6z8QcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgH9UZ6t+m+RHrTVNkpJ03dniIkn3Pw8IAAAArK2kyZvZTfEMzwArz/N1Vob42L6XPmc3n4f5D1aph00e3v3RAQAA4B6Z3ppRfqvHn2WaWuvHcexxptnZuer3v37g234yOT3I7q+a/NPwPb/8cDi2Uid3dB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Cc7cEACAAAAIOj/63YECgAAAAAAAAAAAAAAAAAAAAAAAHwUAAD//wAQ3aw=") mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) lgetxattr(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000200)=@known='security.apparmor\x00', 0x0, 0x0) 3.826700608s ago: executing program 6 (id=782): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="0500", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000009dfc4731"], 0x48}}, 0x0) 3.771745371s ago: executing program 7 (id=783): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000180)='./bus\x00', 0x804, &(0x7f00000001c0)={[{@fat=@errors_remount}, {@iocharset={'iocharset', 0x3d, 'iso8859-5'}}, {@utf8no}, {@utf8}, {@shortname_winnt}, {@utf8no}, {@uni_xlateno}, {@utf8no}, {@fat=@check_normal}, {@fat=@codepage={'codepage', 0x3d, '866'}}, {@utf8}, {@utf8no}, {@rodir}, {@rodir}, {@utf8no}, {@rodir}]}, 0x1, 0x27b, &(0x7f0000000640)="$eJzs3cFqK1UYAOB/mqRJdJEsXInQAV24Kq1P0CIVxIKgZKEutNgUpAmFFgJVMXblE/gEPo8b8QV8AC93d7u43LmkM0nTyyQlvWlT7v2+TQ//+f85/5kZ2tWc/vBB//jw5Ozo4tf/otFIYm0nduIyiXasxdjvUerfJ+VxAOCRu8yyeJrl6nno/GZGbUZlde3emwMA7sX03/9V9wIAPIyvv/n2i939/b2v0rQR0f9j0Eki/5nP7x7FT9GLbmxFK55HZBP5+LPP9/eimo6046P+cNAZVfa//7u4/u7/EVf129GKdnn9dpqbqh8OOrV4p1h/pxfdL/+KVrxXXv9JSX101uPjD6f634xW/PNjnEQvDovexvW/bafpp9mfz375bhQd1SfDQac+ySuyKw/6YAAAAAAAAAAAAAAAAAAAAAAAeKNtphPtm+fvjA/+nzM/53yg4dT5PFtpmmZJnn9dX433q1Fd5d4BAAAAAAAAAAAAAAAAAADgsTg7//n4oNfrni51MP6sv2QqXtyM1CPi7mttLFoVlaK1XhKx2Fq1qF9V3p5cWXAXzVE/3dOkGst7BMkk0pye2oh8rVGkmQ+mIq+9eiOuBuO36/ggue3hNspekiUMspLXrzKzav3VSLPYQUlyc87q6+/eqeesNWMqiYja5GbOv05tuffw4X4HAQAAAAAAAAAAAAAAAAAAueuPfksmL1bQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACswPX//19gMCyKZ+VkldGgGkVkxVsEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgLfAyAAD//0MUZ+o=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 3.659183538s ago: executing program 6 (id=785): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x810, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x4, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x3, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xff}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00+\r'], 0x0, 0x0, 0x0, 0x0}, 0x0) 3.035188944s ago: executing program 7 (id=789): bind$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e) r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000800)={r0, r0, r0}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}}) 2.255698519s ago: executing program 7 (id=796): r0 = socket$alg(0x26, 0x5, 0x0) io_setup(0x20000000001005, &(0x7f0000000880)=0x0) io_submit(r1, 0x1, &(0x7f0000001440)=[&(0x7f0000000200)={0x5000000, 0x0, 0x6, 0x0, 0x0, r0, &(0x7f0000000080)="95", 0x1}]) 2.056705131s ago: executing program 0 (id=798): syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file2\x00', 0x800008, &(0x7f0000000540)=ANY=[@ANYBLOB='de=0x00000000800000b1,norock,overriderockperm,gid=', @ANYRESHEX=0x0, @ANYBLOB=',mode=0x0000000000000401,norock,showassoc,hide,hide,norock,gid=', @ANYRESHEX=0x0, @ANYBLOB=',mode=0x0000000000001000,check=strict,iocharset=cp949,cruft,uid=', @ANYRESHEX=0x0, @ANYBLOB=',\x00'], 0xff, 0xa4a, &(0x7f00000007c0)="$eJzs3c1vHOd9B/DvLEmJoV1JcVTXFRxxJVcK47AUSdVSBR9SiVxJTPlSkBRgoYcojahCEFu3cQs4RoEoQNFTjBZo0UN7M3rqyUAuTQ+FL0V7a049FCj8LwQ9qScGM7skl+Qul2IoklY+H2J35+U3z/PMyzMPd3d2nvDFsnZ6y9jaWvXY5/i9fz6EEnOM3Zr+/JNPPy4fP3yaE+nLO8W/JINJ6kl/kjeSganpxYW5Hgk9SR4k+SwpkpxM83VPHqT467y6Of5Zin8s8+3qxF5Tppc1fqkd9fEHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHUTE1PT4+UZzIzPy99+pNSX2HqenFhSJrazvnrC/T9JOq1+/iJz3zTYrykcHB9a6+3zi7Ofv1JPWLebM59mbVIXkG89Err5959yv9tfXlu5XmF3Jy78l+8P2PnnxndXXlex3nFsUBluqYaR4jdxrzM0sLM3M37zTqM0sL9RvXro1fuXt7qX57ZraxdH9puTFXn1ps3FxeWKyPTH29PnHjxtV6Y+z+wr35O9Njs431idd/c3J8/Fr9W2O/17i5uLQwf+VbY0tTd2dmZ2fm71Qx5ewy5np5IP7uzHJ9uXFzrl5/9Hh15eq2kvVl2/FbBk30Wp8yaLJX0OT45OTExOTkxA9bvWdvTLj2zo13ro+P9483vZrWQHZEvKCDluPlS91388GfxGGfas32P5nNTOZzL++l3vFvKtNZzELmusxvWW//L11p7Jpt2tr/Vivf3zb/XPl0Medbo4Nd2v8uZTm8vw/y/XyUJ/lOVrOalXzvyEt0uH930sh8ZrKUhcxkLjerKfXWlHpu5FquZTzfzt0MZyn9uZ2ZzKaRpdzPUpbTqI6oqSymkZtZzkIWU89IpvL11DORG7mRq6mnkbHcz0LuZT53Mp2bVSqP8rja7ld3KeNG0MRegiZ3CdrRmHdr/zdsX6Sx/Z8TXkK1XffyCziLw/6stdr/E71DR6YOo0AAAADAgfv1/8yps6/9x/8mRb5afS9/e2a2MX7UxQIAAAAOUHW53pvly0A59NUU3v8DAADAy6aofmNXJBnKcHNo/ZdQPgQAAACAl0T1/f/5FMObE7z/BwAAgJdM73vs94woRtdv/1t/2Hx92IpojhVDt2dmG2NTC7PvTuRydZeB6pcGO1LrS4qB6ucHb+dCM+rCUPN1aDPFMs/BMmpi7N2JvJ2LrRUZeat8eWukQ+RkM/JrzcivtUf2ZUvk1TISAF52F3dpj/fa/r+d0WbE6Lmqye8/t6UN7qta1nEtKwAcFxt97Px/q0uzDu3/+ea9Ac53a/9/a5f3/2XEa3k03LykYCzfzftZzcOMpnXFwXCnVNd7I2hehjDa49OAodYlCz+9Xsvojs8DBjfWtT12JZMZ7fiJQFu6xXoZrjbj+l7UXgCAw3Vx13Z4vf2vPiTv2v6P7v7+v63NdUkhABwHGz3YP+/A8N6Dj3odAYCttNIAAAAAAAAAAAAAAAAAAAAAAAAAAABw8PZ0A///upysrq4k++0soMPAT//9X3+la8yPXkkGn6eEuw/UcjBlPv4DfUmOKvdv5rmXKvfxcdl0L9NA8bSqsL9QOkd8YgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQFElfp+m15GSS8SRXDr9UL87Toy7AQanvb7HiWZ7lw5w66OIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyya93/v5bm6yvNSemvJZeSPEjy+0ddxucx2GP+s0Mqx/HzR9Vz2/3/a8lA1or0Z21tbS0pBqamFxfmykOhOFnO//yTTz8uH12T/MH6wM5eFcoEyhy2dC7RyqFtysDWpb5cLTU0vfLBkz97/0/q07eqA/PW8u3Z6bk7i7+zGfh68eNmFwjt3SCsl/cvLv3b37RNPtHK/Mfp77Yi2/O9XeU7vTPfX+u0dJd89+Dx6spkmdNy473lP//jWvus13IheWskGdma0x+Wjy45Xdi+Pbcqflb8VXEqf58H1f4vt0axVpS76HS1/l969Hh1Zey7768+3CjTDx5/2JbAmQwnebi1lvUo03B1PunolSrXgTLX8SqofDrbI71dtaU4sbldt6zDl6tDZui51qHefR0qPbZ7q0RXt5dorawkf/unX8nlXff0yQ4pXu6RY0fFz4r/Ke7mv/OXbf1/1Mr9fykda2eHJKrItiOlfd6W6lW7tLnmk+0zvr09za61khfgR/mD/PbG/q9V5//2ejPZpd5snI++2TaxS71Zr1pd6sXJrTV1R71o6VUvdtbUfzq9o0XZmmvObmuRWmefbsu0ynm2GdWlnL+abyT9557rjPKNHmeUXsvvt/7/QzGS/8tT/f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHX5H0dZpeSy4lOZPkdDleT9a2xzzdR361oWI/xTww+ynzF0/RdUWLZ3mWD3PqsEsEAAAAAAAAwItxa/rzTz79uHxU38f35TdqrTn1pD/JmeLvBqamFxfmeiQ0kDxY/0p/sHNIl8l5UD69ujn+WTn2Ro/8jvbyAQD4Qvt5AAAA//9B+m/L") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x29fd, 0x84, 0x105}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000280), 0x800, r0}, 0x38) 1.90470803s ago: executing program 7 (id=799): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYRES32=r1, @ANYRES16=r1, @ANYBLOB="010028bd5000fdcbdf251f0000000800010031"], 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0x400081c) 1.876269761s ago: executing program 5 (id=800): io_setup(0x3, &(0x7f0000000180)=0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x20a02, 0x0) io_submit(r0, 0x1, &(0x7f0000001040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x8, r1, 0x0, 0x0, 0x6}]) 1.536861961s ago: executing program 7 (id=802): r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x28000, 0x1) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000280)=ANY=[]) 1.493040494s ago: executing program 6 (id=803): r0 = shmget$private(0x0, 0x2000, 0x386, &(0x7f00003e4000/0x2000)=nil) setuid(0xee01) shmat(r0, &(0x7f00001ed000/0x4000)=nil, 0x1000) 1.443907806s ago: executing program 5 (id=804): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000700000006"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0x25) 1.289084285s ago: executing program 0 (id=805): unshare(0x2c020400) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x88, 0x66, 0x0, 0x18c) 1.22270583s ago: executing program 4 (id=806): setreuid(0xffffffffffffffff, 0xee00) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) 1.201082731s ago: executing program 6 (id=807): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23) connect$inet6(r0, &(0x7f0000000440)={0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8001}, 0x1c) 1.102954917s ago: executing program 5 (id=808): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0) io_setup(0x20, &(0x7f0000001140)=0x0) io_submit(r1, 0x1, &(0x7f00000001c0)=[&(0x7f0000000d80)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r0, &(0x7f0000000c40)="0d32818e2fa06dfb", 0x8}]) 1.101455067s ago: executing program 4 (id=809): setuid(0xee00) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x9, 0x0, 0x8a, 0x0, 0x0, 0x2000000}}) 970.613274ms ago: executing program 0 (id=810): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x25dfdbfe, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x10002}, [@FRA_GENERIC_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e20, 0x4e22}}]}, 0x24}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x1000, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x1303}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}]}, 0x3c}}, 0x4040014) 925.374676ms ago: executing program 6 (id=811): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020100090a000000007fffffff0000000200100000e9000000e9000000000000030005000000000002000000ac1414000000000000000000030006000000000002"], 0x50}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x40000000000007b, 0x4004) 870.011719ms ago: executing program 4 (id=812): unshare(0x28000600) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_int(r0, 0x29, 0x42, 0x0, 0x0) 743.836127ms ago: executing program 5 (id=813): r0 = socket$inet_udp(0x2, 0x2, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) setsockopt$inet_group_source_req(r0, 0x0, 0x2c, &(0x7f00000004c0)={0x2, {{0x2, 0xffde, @multicast1}}, {{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x108) 666.359752ms ago: executing program 0 (id=814): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000050000000000000080000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000018000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 631.319873ms ago: executing program 4 (id=815): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@bridge_dellink={0x2c, 0x13, 0x5, 0x2000, 0x25dfdbfd, {0x7, 0x0, 0x0, r1, 0x10400, 0x1952}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x4, 0x0, 0x1, {0x4, 0x6}}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x0) 530.739179ms ago: executing program 6 (id=816): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x17ef, 0x6067, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x1, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, &(0x7f0000000240)={0x14, &(0x7f0000000280)=ANY=[@ANYBLOB='@\t#'], 0x0}, 0x0) 394.669958ms ago: executing program 4 (id=817): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_DELSETELEM={0x3c, 0xe, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 384.978698ms ago: executing program 5 (id=818): capset(&(0x7f0000000380)={0x19980330}, &(0x7f0000000100)={0x0, 0x0, 0x9, 0x0, 0x0, 0x4}) r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000080)="240000004e0025000307f4f9002304000a04f55f08000100020100020800038005000000", 0x24) 361.851229ms ago: executing program 0 (id=819): mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f00000005c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000002c0)='.\x02\x00') mount$overlay(0x0, &(0x7f0000000000)='.\x02\x00', 0x0, 0xbd745f99e4f05533, 0x0) 33.636518ms ago: executing program 4 (id=820): r0 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0x1, 0xfffffffc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xe79}, 0x1c) 32.130868ms ago: executing program 0 (id=821): capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1000, 0x10ffff, 0xfffffffd}) r0 = syz_open_dev$sg(&(0x7f00000001c0), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x6, 0x6b, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="ad3513000000", 0x0, 0x0, 0x14, 0x0, 0x0}) 0s ago: executing program 5 (id=822): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0x503, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0) kernel console output (not intermixed with test programs): is strongly recommended to keep mac addresses unique to avoid problems! [ 111.197958][ T4956] loop1: detected capacity change from 0 to 4096 [ 111.204127][ T4579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.238847][ T4579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.272453][ T4957] fido_id[4957]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 111.310778][ T4579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.343588][ T4959] netlink: 68 bytes leftover after parsing attributes in process `syz.3.192'. [ 111.381463][ T4579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.422933][ T4579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.485087][ T4579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.564474][ T4579] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.575358][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 111.595439][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 111.633785][ T4579] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.703958][ T4579] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.713529][ T4579] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.743954][ T4579] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.963359][ T38] kernel write not supported for file /sequencer (pid: 38 comm: kworker/1:2) [ 112.036958][ T4969] loop0: detected capacity change from 0 to 2048 [ 112.065476][ T4366] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.097847][ T4366] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.142897][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 112.152783][ T4969] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 112.207623][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.241466][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.319786][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 112.346848][ T4978] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 113.095138][ T5000] program syz.4.207 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 113.108515][ T5001] netlink: 8 bytes leftover after parsing attributes in process `syz.1.208'. [ 113.154574][ T5001] netlink: 4 bytes leftover after parsing attributes in process `syz.1.208'. [ 113.184162][ T5001] netlink: 'syz.1.208': attribute type 12 has an invalid length. [ 113.460261][ T5011] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 113.484185][ T5011] comedi comedi3: 8255: I/O port conflict (0x10000,4) [ 113.491059][ T5011] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 113.567228][ T5011] comedi comedi3: 8255: I/O port conflict (0xc,4) [ 113.614160][ T5011] comedi comedi3: 8255: I/O port conflict (0x10,4) [ 113.634332][ T5011] comedi comedi3: 8255: I/O port conflict (0x7,4) [ 113.657931][ T5011] comedi comedi3: 8255: I/O port conflict (0x400000a,4) [ 113.678208][ T5011] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffff8,4) [ 113.734112][ T5011] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 114.054193][ T953] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 114.167757][ T5003] loop5: detected capacity change from 0 to 32768 [ 114.201655][ T5026] netlink: 4 bytes leftover after parsing attributes in process `syz.1.216'. [ 114.240196][ T5003] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.210 (5003) [ 114.284009][ T953] usb 1-1: Using ep0 maxpacket: 8 [ 114.291140][ T953] usb 1-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.343044][ T5030] loop3: detected capacity change from 0 to 512 [ 114.354029][ T953] usb 1-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.371817][ T5003] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 114.393974][ T953] usb 1-1: config 0 interface 0 has no altsetting 0 [ 114.403135][ T953] usb 1-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 114.417265][ T5030] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 114.431272][ T5003] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 114.449869][ T953] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.471561][ T5003] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_LZO (0x8) [ 114.512657][ T953] usb 1-1: config 0 descriptor?? [ 114.533345][ T5030] EXT4-fs error (device loop3): ext4_orphan_get:1425: comm syz.3.217: bad orphan inode 131083 [ 114.536144][ T5008] loop4: detected capacity change from 0 to 32768 [ 114.555224][ T5003] BTRFS info (device loop5): use lzo compression, level 0 [ 114.562594][ T5003] BTRFS info (device loop5): using free space tree [ 114.623648][ T5008] [ 114.623648][ T5008] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 114.623648][ T5008] [ 114.649793][ T5030] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 114.870644][ T5003] BTRFS info (device loop5): enabling ssd optimizations [ 115.026692][ T953] samsung 0003:0419:0001.0004: unknown main item tag 0x0 [ 115.059130][ T953] samsung 0003:0419:0001.0004: unknown main item tag 0x0 [ 115.073703][ T4270] EXT4-fs (loop3): unmounting filesystem. [ 115.137368][ T953] samsung 0003:0419:0001.0004: unknown main item tag 0x2 [ 115.164851][ T953] samsung 0003:0419:0001.0004: hidraw0: USB HID v0.00 Device [HID 0419:0001] on usb-dummy_hcd.0-1/input0 [ 115.251652][ T5008] blkno = 0, nblocks = 40 [ 115.256661][ T5008] ERROR: (device loop4): dbFree: block to be freed is outside the map [ 115.256661][ T5008] [ 115.279736][ T953] usb 1-1: USB disconnect, device number 3 [ 115.319292][ T5008] ERROR: (device loop4): remounting filesystem as read-only [ 115.539406][ T4579] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 115.579248][ T5060] loop3: detected capacity change from 0 to 2048 [ 115.785181][ T5060] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 115.824358][ T5060] EXT4-fs error (device loop3): ext4_ext_precache:645: inode #2: comm syz.3.219: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 115.898940][ T5058] fido_id[5058]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 116.251965][ T4270] EXT4-fs (loop3): unmounting filesystem. [ 116.807884][ T5101] loop3: detected capacity change from 0 to 128 [ 116.882125][ T5101] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 116.960253][ T5101] ext4 filesystem being mounted at /49/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 117.179287][ T5064] loop1: detected capacity change from 0 to 32768 [ 117.259284][ T5112] loop0: detected capacity change from 0 to 1024 [ 117.269781][ T5064] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.222 (5064) [ 117.301823][ T5112] EXT4-fs: Ignoring removed nobh option [ 117.330927][ T5112] EXT4-fs: inline encryption not supported [ 117.363574][ T5112] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 117.400141][ T5064] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 117.437325][ T5064] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 117.451671][ T5112] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 117.474025][ T5064] BTRFS info (device loop1): use zlib compression, level 3 [ 117.491542][ T5064] BTRFS info (device loop1): using free space tree [ 117.508093][ T4270] EXT4-fs (loop3): unmounting filesystem. [ 117.660533][ T5064] BTRFS info (device loop1): enabling ssd optimizations [ 117.842533][ T5136] loop3: detected capacity change from 0 to 128 [ 117.899912][ T4283] EXT4-fs (loop0): unmounting filesystem. [ 117.916243][ T5136] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 117.975310][ T5136] hpfs: filesystem error: improperly stopped [ 117.981405][ T5136] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 118.055033][ T5136] hpfs: You really don't want any checks? You are crazy... [ 118.114880][ T5136] hpfs: hpfs_map_sector(): read error [ 118.130689][ T5136] hpfs: code page support is disabled [ 118.150252][ T5136] hpfs: hpfs_map_4sectors(): unaligned read [ 118.157065][ T4273] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 118.172742][ T5136] hpfs: hpfs_map_4sectors(): unaligned read [ 118.192795][ T5136] hpfs: filesystem error: unable to find root dir [ 118.697893][ T5159] netlink: 277 bytes leftover after parsing attributes in process `syz.1.236'. [ 118.851111][ T5104] loop4: detected capacity change from 0 to 40427 [ 118.991635][ T5104] F2FS-fs (loop4): Found nat_bits in checkpoint [ 119.045654][ T5167] loop1: detected capacity change from 0 to 512 [ 119.236408][ T5104] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 119.243798][ T5167] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.241: invalid block [ 119.298996][ T5104] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 119.354442][ T5167] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.241: invalid indirect mapped block 4294967295 (level 1) [ 119.438116][ T5167] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.241: invalid indirect mapped block 4294967295 (level 1) [ 119.500818][ T5167] EXT4-fs (loop1): 2 truncates cleaned up [ 119.500859][ T5167] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 119.666099][ T5155] loop5: detected capacity change from 0 to 32768 [ 119.671805][ T5155] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.239 (5155) [ 119.700049][ T5155] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 119.700168][ T5155] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 119.700226][ T5155] BTRFS info (device loop5): using free space tree [ 119.787598][ T4273] EXT4-fs (loop1): unmounting filesystem. [ 120.053857][ T5155] BTRFS info (device loop5): enabling ssd optimizations [ 120.193967][ T4376] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 120.289430][ T5206] loop4: detected capacity change from 0 to 256 [ 120.351597][ T5206] exfat: Deprecated parameter 'utf8' [ 120.369607][ T4579] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 120.384525][ T4376] usb 2-1: Using ep0 maxpacket: 8 [ 120.402114][ T4376] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 120.424864][ T5206] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 120.446640][ T5210] ptrace attach of ""[5211] was attempted by "./syz-executor exec"[5210] [ 120.455279][ T4376] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.494337][ T4376] usb 2-1: Product: syz [ 120.498626][ T4376] usb 2-1: Manufacturer: syz [ 120.503262][ T4376] usb 2-1: SerialNumber: syz [ 120.572399][ T4376] usb 2-1: config 0 descriptor?? [ 120.613420][ T4376] gspca_main: se401-2.14.0 probing 047d:5003 [ 121.032179][ T4376] gspca_se401: Wrong descriptor type [ 121.244364][ T5220] usb 2-1: USB disconnect, device number 3 [ 122.159308][ T5232] loop0: detected capacity change from 0 to 32768 [ 122.213813][ T5232] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.255 (5232) [ 122.301007][ T5251] loop4: detected capacity change from 0 to 2048 [ 122.324601][ T5232] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 122.375831][ T5232] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 122.381051][ T5251] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=4294967169, location=4294967169 [ 122.429204][ T5232] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 122.438896][ T5251] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 122.485350][ T5232] BTRFS info (device loop0): use zstd compression, level 3 [ 122.524337][ T5251] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 122.543551][ T5232] BTRFS info (device loop0): using free space tree [ 122.554312][ T5075] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 122.602385][ T5251] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 122.657900][ T5251] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=4294967169, location=4294967169 [ 122.674209][ T5251] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 122.730255][ T5251] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 122.742867][ T5251] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 122.761065][ T5251] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=4294967169, location=4294967169 [ 122.772202][ T5075] usb 4-1: Using ep0 maxpacket: 8 [ 122.780834][ T5075] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.792183][ T5075] usb 4-1: New USB device found, idVendor=044e, idProduct=121e, bcdDevice= 0.00 [ 122.801544][ T5075] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.817547][ T5251] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 122.840732][ T5075] usb 4-1: config 0 descriptor?? [ 122.854473][ T5232] BTRFS info (device loop0): enabling ssd optimizations [ 122.856090][ T5251] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 122.908229][ T5251] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 122.971858][ T5251] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=4294967169, location=4294967169 [ 123.004043][ T5251] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 123.068040][ T5251] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 123.098848][ T5251] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 123.151664][ T5251] UDF-fs: warning (device loop4): udf_fill_super: No partition found (1) [ 123.247357][ T4283] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 123.338358][ T5075] hid-alps 0003:044E:121E.0005: hidraw0: USB HID v0.00 Device [HID 044e:121e] on usb-dummy_hcd.3-1/input0 [ 123.590018][ T5075] usb 4-1: USB disconnect, device number 2 [ 123.875920][ T5288] fido_id[5288]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 124.027332][ T5304] loop4: detected capacity change from 0 to 1024 [ 124.357014][ T57] hfsplus: b-tree write err: -5, ino 4 [ 124.740101][ T5286] loop5: detected capacity change from 0 to 32768 [ 124.838526][ T5286] XFS (loop5): Mounting V5 Filesystem [ 125.034102][ T5286] XFS (loop5): Ending clean mount [ 125.066978][ T5302] loop1: detected capacity change from 0 to 32768 [ 125.168707][ T5328] loop3: detected capacity change from 0 to 2048 [ 125.237545][ T5328] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=3932051, location=3932051 [ 125.321911][ T5328] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 125.357711][ T4579] XFS (loop5): Unmounting Filesystem [ 125.930857][ T5340] netlink: 4 bytes leftover after parsing attributes in process `syz.1.284'. [ 126.190453][ T5347] netlink: 'syz.1.287': attribute type 5 has an invalid length. [ 126.431412][ T5297] kernel write not supported for file /snd/seq (pid: 5297 comm: kworker/0:18) [ 127.250202][ T5376] netlink: 40 bytes leftover after parsing attributes in process `syz.1.299'. [ 127.302365][ T5376] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 127.485720][ T5381] loop4: detected capacity change from 0 to 764 [ 127.574892][ T5381] rock: directory entry would overflow storage [ 127.581540][ T5381] rock: sig=0x4654, size=5, remaining=4 [ 127.798123][ T5389] loop0: detected capacity change from 0 to 512 [ 127.848633][ T5389] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.304: invalid indirect mapped block 10 (level 1) [ 127.930741][ T5389] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.304: invalid indirect mapped block 8 (level 1) [ 127.975502][ T5389] EXT4-fs (loop0): 1 truncate cleaned up [ 128.001976][ T5389] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 128.161787][ T5397] tmpfs: Bad value for 'mpol' [ 128.169186][ T4283] EXT4-fs (loop0): unmounting filesystem. [ 128.185324][ T5397] cgroup: noprefix used incorrectly [ 128.254016][ T5296] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 128.279611][ T5345] loop3: detected capacity change from 0 to 40427 [ 128.388547][ T5345] F2FS-fs (loop3): invalid crc value [ 128.434225][ T5296] usb 5-1: Using ep0 maxpacket: 32 [ 128.443533][ T5296] usb 5-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50 [ 128.482667][ T5404] netlink: 9 bytes leftover after parsing attributes in process `syz.0.311'. [ 128.484061][ T5296] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.495649][ T5345] F2FS-fs (loop3): Found nat_bits in checkpoint [ 128.511452][ T5403] loop1: detected capacity change from 0 to 512 [ 128.518509][ T5404] device gretap0 entered promiscuous mode [ 128.537787][ T5403] EXT4-fs: Ignoring removed oldalloc option [ 128.545855][ T5296] usb 5-1: Product: syz [ 128.551040][ T5296] usb 5-1: Manufacturer: syz [ 128.584571][ T5405] netlink: 5 bytes leftover after parsing attributes in process `syz.0.311'. [ 128.604083][ T5296] usb 5-1: SerialNumber: syz [ 128.623227][ T5403] EXT4-fs (loop1): 1 truncate cleaned up [ 128.630867][ T5405] 0ªî{X¹¦: renamed from gretap0 [ 128.650240][ T5403] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 128.662220][ T5296] usb 5-1: config 0 descriptor?? [ 128.693420][ T5296] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state. [ 128.723295][ T5405] device 30ªî{X¹¦ left promiscuous mode [ 128.737422][ T5296] dvb-usb: bulk message failed: -22 (2/0) [ 128.752028][ T5405] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 128.784905][ T5296] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 128.825094][ T5296] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 128.833206][ T5296] usb 5-1: media controller created [ 128.884058][ T5296] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 128.897205][ T4273] EXT4-fs (loop1): unmounting filesystem. [ 128.912128][ T5395] cxusb: i2c wr: len=78 is too big! [ 128.912128][ T5395] [ 128.976488][ T5296] usb 5-1: selecting invalid altsetting 7 [ 128.982303][ T5296] cxusb: set interface failed [ 128.994216][ T5345] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 129.014715][ T5296] dvb-usb: bulk message failed: -22 (1/0) [ 129.206177][ T5387] loop5: detected capacity change from 0 to 40427 [ 129.224446][ T5296] DVB: Unable to find symbol lgdt330x_attach() [ 129.241005][ T5296] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 129.288362][ T5387] F2FS-fs (loop5): Small segment_count (9 < 1 * 24) [ 129.309914][ T5387] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 129.404501][ T5387] F2FS-fs (loop5): Found nat_bits in checkpoint [ 129.614813][ T5296] rc_core: IR keymap rc-dvico-portable not found [ 129.621278][ T5296] Registered IR keymap rc-empty [ 129.670225][ T5296] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0 [ 129.700139][ T5387] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 129.710963][ T5296] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0/input7 [ 129.721735][ T5387] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 129.740509][ T5296] dvb-usb: schedule remote query interval to 100 msecs. [ 129.754008][ T5296] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 129.784949][ T5296] usb 5-1: USB disconnect, device number 4 [ 129.861759][ T26] audit: type=1800 audit(1769425410.330:11): pid=5387 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.305" name="file1" dev="loop5" ino=10 res=0 errno=0 [ 129.903540][ T5296] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 130.030651][ T4579] syz-executor: attempt to access beyond end of device [ 130.030651][ T4579] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 130.564142][ T5078] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 130.593349][ T5443] loop0: detected capacity change from 0 to 2048 [ 130.638331][ T5443] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 130.765292][ T5078] usb 5-1: Using ep0 maxpacket: 16 [ 130.774889][ T5078] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.826221][ T5078] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 130.863976][ T5078] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 130.878613][ T5078] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 130.889204][ T5078] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 130.905763][ T5078] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 130.915320][ T5078] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 130.937708][ T5078] usb 5-1: Manufacturer: syz [ 130.947745][ T5078] usb 5-1: config 0 descriptor?? [ 131.251440][ T5458] loop3: detected capacity change from 0 to 256 [ 131.321401][ T5458] FAT-fs (loop3): Directory bread(block 64) failed [ 131.360878][ T5458] FAT-fs (loop3): Directory bread(block 65) failed [ 131.381165][ T5458] FAT-fs (loop3): Directory bread(block 66) failed [ 131.433971][ T5078] rc_core: IR keymap rc-hauppauge not found [ 131.439966][ T5078] Registered IR keymap rc-empty [ 131.464099][ T5458] FAT-fs (loop3): Directory bread(block 67) failed [ 131.470807][ T5458] FAT-fs (loop3): Directory bread(block 68) failed [ 131.478139][ T5078] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 131.501882][ T5458] FAT-fs (loop3): Directory bread(block 69) failed [ 131.512171][ T5458] FAT-fs (loop3): Directory bread(block 70) failed [ 131.536655][ T5078] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 131.550791][ T5458] FAT-fs (loop3): Directory bread(block 71) failed [ 131.568104][ T5458] FAT-fs (loop3): Directory bread(block 72) failed [ 131.584042][ T5458] FAT-fs (loop3): Directory bread(block 73) failed [ 131.590379][ T5078] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 131.630614][ T5078] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input8 [ 131.687998][ T5078] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 131.734200][ T5078] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 131.784104][ T5078] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 131.814102][ T5078] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 131.864745][ T5078] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 131.897467][ T5453] loop5: detected capacity change from 0 to 32768 [ 131.904347][ T5078] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 131.944843][ T5078] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 131.984738][ T5078] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 131.992069][ T5453] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop5 scanned by syz.5.328 (5453) [ 132.043993][ T5078] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 132.068225][ T5453] BTRFS info (device loop5): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 132.084038][ T5078] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 132.109413][ T5453] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 132.125679][ T5078] mceusb 5-1:0.0: Registered   with mce emulator interface version 1 [ 132.155685][ T5078] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 132.179890][ T5453] BTRFS info (device loop5): using free space tree [ 132.223052][ T5078] usb 5-1: USB disconnect, device number 5 [ 132.602070][ T5453] BTRFS info (device loop5): enabling ssd optimizations [ 132.698569][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.705713][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.945001][ T4579] BTRFS info (device loop5): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 133.880358][ T5529] CUSE: unknown device info "€" [ 133.901470][ T5529] CUSE: unknown device info "" [ 133.913147][ T5529] CUSE: unknown device info "" [ 133.948276][ T5529] CUSE: unknown device info "" [ 133.982811][ T5529] CUSE: zero length info key specified [ 134.008775][ T5152] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 134.220769][ T5152] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.253339][ T5152] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.298577][ T5152] usb 5-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 134.323600][ T5152] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.349612][ T5152] usb 5-1: config 0 descriptor?? [ 134.366115][ T5544] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 134.597657][ T5549] loop3: detected capacity change from 0 to 128 [ 134.639665][ T5549] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 134.682287][ T5549] hpfs: filesystem error: improperly stopped [ 134.702546][ T5549] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 134.732974][ T5549] hpfs: You really don't want any checks? You are crazy... [ 134.762646][ T5549] hpfs: hpfs_map_sector(): read error [ 134.769512][ T5549] hpfs: code page support is disabled [ 134.793766][ T5549] hpfs: hpfs_map_4sectors(): unaligned read [ 134.805550][ T5152] hid-steam 0003:28DE:1142.0006: item fetching failed at offset 1/5 [ 134.822636][ T5549] hpfs: hpfs_map_4sectors(): unaligned read [ 134.832674][ T5549] hpfs: filesystem error: unable to find root dir [ 134.841405][ T5152] hid-steam 0003:28DE:1142.0006: steam_probe:parse of hid interface failed [ 134.881244][ T5152] hid-steam: probe of 0003:28DE:1142.0006 failed with error -22 [ 135.012891][ T5555] mmap: syz.5.356 (5555) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 135.032265][ T5152] usb 5-1: USB disconnect, device number 6 [ 135.079932][ T5556] netlink: 'syz.1.360': attribute type 2 has an invalid length. [ 135.093447][ T5556] netlink: 132 bytes leftover after parsing attributes in process `syz.1.360'. [ 135.341823][ T5561] loop1: detected capacity change from 0 to 512 [ 135.650793][ T5561] FAT-fs (loop1): codepage cp86 not found [ 135.745880][ T5572] loop0: detected capacity change from 0 to 128 [ 136.064018][ T5152] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 136.205886][ T5587] netlink: 'syz.4.373': attribute type 1 has an invalid length. [ 136.267498][ T5152] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 136.294274][ T5152] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 136.349587][ T5152] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 136.389490][ T5152] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.438141][ T5595] loop0: detected capacity change from 0 to 1024 [ 136.461376][ T5152] usb 4-1: config 0 descriptor?? [ 136.479792][ T5595] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 136.496009][ T5152] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 136.532661][ T5600] netlink: 8 bytes leftover after parsing attributes in process `syz.1.376'. [ 136.550335][ T5152] dvb-usb: bulk message failed: -22 (3/0) [ 136.569731][ T5152] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 136.579483][ T5600] netlink: 4 bytes leftover after parsing attributes in process `syz.1.376'. [ 136.590150][ T5595] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 136.604264][ T5152] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 136.611721][ T5600] netlink: 'syz.1.376': attribute type 12 has an invalid length. [ 136.624885][ T5152] usb 4-1: media controller created [ 136.631422][ T5152] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 136.643809][ T5600] netlink: 'syz.1.376': attribute type 11 has an invalid length. [ 136.664478][ T5595] EXT4-fs error (device loop0): ext4_xattr_inode_iget:401: inode #11: comm syz.0.375: missing EA_INODE flag [ 136.689089][ T5595] EXT4-fs (loop0): Remounting filesystem read-only [ 136.708506][ T5576] dibusb: i2c wr: len=61 is too big! [ 136.708506][ T5576] [ 136.729303][ T5152] dvb-usb: bulk message failed: -22 (6/0) [ 136.736667][ T5595] EXT4-fs error (device loop0): ext4_xattr_inode_iget:406: comm syz.0.375: error while reading EA inode 11 err=-117 [ 136.771216][ T5152] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 136.791891][ T5152] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input9 [ 136.824299][ T5595] EXT4-fs (loop0): Remounting filesystem read-only [ 136.864096][ T5595] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2799: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 136.879155][ T5152] dvb-usb: schedule remote query interval to 150 msecs. [ 136.898284][ T5152] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 136.955858][ T5152] usb 4-1: USB disconnect, device number 3 [ 137.025486][ T5152] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 137.103132][ T4283] EXT4-fs (loop0): unmounting filesystem. [ 137.343757][ T5620] netlink: 12 bytes leftover after parsing attributes in process `syz.4.383'. [ 137.630444][ T5631] loop1: detected capacity change from 0 to 128 [ 137.791091][ T5634] netlink: 'syz.4.390': attribute type 5 has an invalid length. [ 138.446417][ T5659] loop3: detected capacity change from 0 to 64 [ 138.522022][ T5652] loop0: detected capacity change from 0 to 4096 [ 138.560874][ T5652] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 138.649624][ T5652] ntfs: (device loop0): ntfs_read_locked_inode(): Corrupt standard information attribute in inode. [ 138.722012][ T5652] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 138.765905][ T5659] syz.3.399: attempt to access beyond end of device [ 138.765905][ T5659] loop3: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 138.808823][ T5652] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 138.862943][ T5652] ntfs: volume version 3.1. [ 138.871687][ T5659] Buffer I/O error on dev loop3, logical block 134217734, async page read [ 138.974253][ T5652] ntfs: (device loop0): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set iso8859-9. You might want to try to use the mount option nls=utf8. [ 139.044207][ T5652] ntfs: (device loop0): ntfs_filldir(): Skipping unrepresentable inode 0x4. [ 139.065118][ T5659] syz.3.399: attempt to access beyond end of device [ 139.065118][ T5659] loop3: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 139.151447][ T5659] Buffer I/O error on dev loop3, logical block 134217734, async page read [ 139.213177][ T5659] overlayfs: failed to create directory ./file0/work (errno: 5); mounting read-only [ 139.266818][ T5659] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 139.319832][ T4283] ntfs: (device loop0): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 139.511155][ T4270] syz-executor: attempt to access beyond end of device [ 139.511155][ T4270] loop3: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 139.539347][ T4270] Buffer I/O error on dev loop3, logical block 134217734, async page read [ 139.559515][ T4270] syz-executor: attempt to access beyond end of device [ 139.559515][ T4270] loop3: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 139.648525][ T4270] Buffer I/O error on dev loop3, logical block 134217734, async page read [ 139.718724][ T4270] Trying to free block not in datazone [ 140.058656][ T5698] loop1: detected capacity change from 0 to 128 [ 140.078109][ T5696] Driver unsupported XDP return value 0 on prog (id 24) dev N/A, expect packet loss! [ 140.179778][ T5698] Invalid ELF header len 10 [ 140.738061][ T5719] netem: change failed [ 141.527205][ T5749] loop4: detected capacity change from 0 to 128 [ 141.555031][ T5748] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 141.561611][ T5748] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 141.597681][ T5748] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 141.643244][ T5748] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 141.655817][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 141.704041][ T5748] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 141.711579][ T5749] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 141.734133][ T5748] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 141.740914][ T5748] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 141.757791][ T5749] ext4 filesystem being mounted at /90/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 141.838596][ T5748] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 141.894489][ T5748] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 141.901342][ T5748] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 141.963679][ T5748] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 141.985110][ T5748] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 141.999822][ T4267] EXT4-fs (loop4): unmounting filesystem. [ 142.193305][ T5768] afs: Unexpected value for 'dyn' [ 142.349925][ T5777] loop3: detected capacity change from 0 to 1024 [ 142.384344][ T5775] usb usb8: usbfs: process 5775 (syz.5.440) did not claim interface 5 before use [ 142.434648][ T5769] loop4: detected capacity change from 0 to 4096 [ 142.501735][ T5779] loop1: detected capacity change from 0 to 64 [ 142.657917][ T60] hfsplus: b-tree write err: -5, ino 4 [ 142.675230][ T5779] syz.1.443: attempt to access beyond end of device [ 142.675230][ T5779] loop1: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 142.739542][ T5784] loop5: detected capacity change from 0 to 256 [ 142.776428][ T5779] Buffer I/O error on dev loop1, logical block 134217734, async page read [ 142.834602][ T5784] exfat: Deprecated parameter 'utf8' [ 142.840025][ T5784] exfat: Deprecated parameter 'namecase' [ 142.886833][ T5784] exfat: Deprecated parameter 'namecase' [ 142.892587][ T5784] exfat: Deprecated parameter 'utf8' [ 142.980495][ T5779] syz.1.443: attempt to access beyond end of device [ 142.980495][ T5779] loop1: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 143.005933][ T5784] exFAT-fs (loop5): failed to load upcase table (idx : 0x00012153, chksum : 0xc9bffc20, utbl_chksum : 0xe619d30d) [ 143.047520][ T5779] Buffer I/O error on dev loop1, logical block 134217734, async page read [ 143.124267][ T5779] overlayfs: failed to create directory ./file0/work (errno: 5); mounting read-only [ 143.184459][ T5779] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 143.431579][ T4273] syz-executor: attempt to access beyond end of device [ 143.431579][ T4273] loop1: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 143.473722][ T4273] Buffer I/O error on dev loop1, logical block 134217734, async page read [ 143.499750][ T4273] syz-executor: attempt to access beyond end of device [ 143.499750][ T4273] loop1: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 143.539961][ T4273] Buffer I/O error on dev loop1, logical block 134217734, async page read [ 143.607740][ T4273] Trying to free block not in datazone [ 143.784024][ T5152] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 143.809761][ T5810] syz.0.455 uses obsolete (PF_INET,SOCK_PACKET) [ 143.995856][ T5152] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 144.013926][ T5152] usb 6-1: config 0 has no interface number 0 [ 144.037039][ T5152] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 144.083995][ T5152] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.112524][ T5152] usb 6-1: Product: syz [ 144.123979][ T5152] usb 6-1: Manufacturer: syz [ 144.129481][ T5786] loop3: detected capacity change from 0 to 32768 [ 144.153945][ T5152] usb 6-1: SerialNumber: syz [ 144.176973][ T5152] usb 6-1: config 0 descriptor?? [ 144.203733][ T5786] add_index: next_index = 0. Resetting! [ 144.233224][ T5786] non-latin1 character 0x3ff found in JFS file name [ 144.252821][ T5786] mount with iocharset=utf8 to access [ 144.420234][ T5152] usb 6-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 144.443389][ T5152] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 144.484298][ T5152] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 144.512877][ T5152] usb 6-1: media controller created [ 144.561516][ T5152] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 144.708855][ T5804] loop4: detected capacity change from 0 to 32768 [ 144.756824][ T5807] loop1: detected capacity change from 0 to 32768 [ 144.834436][ T5807] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.452 (5807) [ 145.068992][ T5807] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 145.077953][ T5217] usb 6-1: USB disconnect, device number 2 [ 145.110544][ T5807] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 145.224213][ T5807] BTRFS info (device loop1): force zlib compression, level 3 [ 145.263137][ T5807] BTRFS info (device loop1): force clearing of disk cache [ 145.284001][ T5807] BTRFS info (device loop1): setting nodatasum [ 145.290274][ T5807] BTRFS info (device loop1): allowing degraded mounts [ 145.348279][ T5807] BTRFS info (device loop1): enabling disk space caching [ 145.379425][ T5807] BTRFS info (device loop1): disk space caching is enabled [ 145.528363][ T5834] netlink: 8 bytes leftover after parsing attributes in process `syz.3.460'. [ 145.702308][ T5807] BTRFS info (device loop1): rebuilding free space tree [ 145.776739][ T5854] loop4: detected capacity change from 0 to 1024 [ 145.893600][ T5807] BTRFS info (device loop1): disabling free space tree [ 145.931471][ T5859] process 'syz.4.461' launched './file1' with NULL argv: empty string added [ 145.941230][ T5807] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 146.001832][ T5807] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 146.360208][ T5807] BTRFS info (device loop1): balance: start [ 146.386331][ T5807] BTRFS info (device loop1): balance: ended with status: 0 [ 146.563300][ T47] hfsplus: b-tree write err: -5, ino 4 [ 146.629463][ T4273] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 146.822017][ T5878] loop4: detected capacity change from 0 to 1024 [ 147.279811][ T5887] loop0: detected capacity change from 0 to 1024 [ 147.294137][ T5085] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 147.297952][ T47] hfsplus: b-tree write err: -5, ino 4 [ 147.409076][ T5887] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 147.484276][ T5085] usb 4-1: Using ep0 maxpacket: 32 [ 147.492960][ T5085] usb 4-1: config 0 has an invalid interface number: 196 but max is 0 [ 147.553916][ T5085] usb 4-1: config 0 has no interface number 0 [ 147.560125][ T5085] usb 4-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 147.633852][ T5085] usb 4-1: config 0 interface 196 has no altsetting 0 [ 147.677882][ T5085] usb 4-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 147.714535][ T5085] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.722884][ T5085] usb 4-1: Product: syz [ 147.753980][ T5085] usb 4-1: Manufacturer: syz [ 147.777376][ T5085] usb 4-1: SerialNumber: syz [ 147.792178][ T5900] loop4: detected capacity change from 0 to 8 [ 147.803820][ T4283] EXT4-fs (loop0): unmounting filesystem. [ 147.821361][ T5085] usb 4-1: config 0 descriptor?? [ 147.850289][ T5877] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 147.943730][ T5900] SQUASHFS error: Failed to read block 0x18e: -5 [ 147.984155][ T5900] SQUASHFS error: Unable to read metadata cache entry [18c] [ 148.083978][ T5080] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 148.304079][ T5217] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 148.315710][ T5080] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 148.336781][ T5085] ipheth 4-1:0.196: Apple iPhone USB Ethernet device attached [ 148.344672][ T5080] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 148.355635][ T5080] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 148.367918][ T5080] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.394410][ T5080] usb 2-1: config 0 descriptor?? [ 148.405799][ T5080] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 148.428168][ T5080] dvb-usb: bulk message failed: -22 (3/0) [ 148.434166][ T5152] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 148.485543][ T5080] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 148.515485][ T5217] usb 1-1: Using ep0 maxpacket: 32 [ 148.516740][ T5080] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 148.527431][ T5217] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 148.545034][ T5217] usb 1-1: config 0 has no interface number 0 [ 148.551281][ T5080] usb 2-1: media controller created [ 148.558460][ T5080] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 148.577395][ T5081] usb 4-1: USB disconnect, device number 4 [ 148.579943][ T5217] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 148.599017][ T5080] dvb-usb: bulk message failed: -22 (6/0) [ 148.607864][ T5217] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.618925][ T5080] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 148.624394][ T5152] usb 6-1: Using ep0 maxpacket: 8 [ 148.631262][ T5148] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 148.637101][ T5898] dibusb: i2c wr: len=61 is too big! [ 148.637101][ T5898] [ 148.646464][ T5152] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 148.660659][ T5080] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input10 [ 148.672039][ T5217] usb 1-1: Product: syz [ 148.682385][ T5217] usb 1-1: Manufacturer: syz [ 148.689446][ T5152] usb 6-1: New USB device found, idVendor=056a, idProduct=032c, bcdDevice= 0.00 [ 148.704021][ T5217] usb 1-1: SerialNumber: syz [ 148.721012][ T5152] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.731255][ T5217] usb 1-1: config 0 descriptor?? [ 148.739175][ T5080] dvb-usb: schedule remote query interval to 150 msecs. [ 148.749319][ T5080] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 148.758949][ T5217] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 148.762461][ T5080] usb 2-1: USB disconnect, device number 4 [ 148.786154][ T5152] usb 6-1: config 0 descriptor?? [ 148.820196][ T5217] usb 1-1: selecting invalid altsetting 1 [ 148.833763][ T5217] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 148.852977][ T5148] usb 5-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 148.863433][ T5217] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 148.877812][ T5148] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.887261][ T5217] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 148.896050][ T5148] usb 5-1: Product: syz [ 148.901715][ T5148] usb 5-1: Manufacturer: syz [ 148.912438][ T5217] usb 1-1: media controller created [ 148.921086][ T5148] usb 5-1: SerialNumber: syz [ 148.934704][ T5080] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 148.966103][ T5148] usb 5-1: config 0 descriptor?? [ 149.003793][ T5148] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 149.025632][ T5217] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 149.031263][ T5081] ipheth 4-1:0.196: Apple iPhone USB Ethernet now disconnected [ 149.060171][ T5148] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 149.107615][ T5148] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 149.121368][ T5148] usb 5-1: media controller created [ 149.141634][ T5217] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 149.174349][ T5217] zl10353_read_register: readreg error (reg=127, ret==-71) [ 149.199668][ T5907] dvb-usb: bulk message failed: -22 (7/0) [ 149.256932][ T5152] wacom 0003:056A:032C.0007: ignoring exceeding usage max [ 149.276972][ T5217] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 149.286635][ T5148] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 149.312619][ T5152] wacom 0003:056A:032C.0007: unknown main item tag 0x0 [ 149.373049][ T5152] wacom 0003:056A:032C.0007: hidraw0: USB HID v5.59 Device [HID 056a:032c] on usb-dummy_hcd.5-1/input0 [ 149.390176][ T5217] usb 1-1: USB disconnect, device number 4 [ 149.477809][ T5152] usb 6-1: USB disconnect, device number 3 [ 149.597553][ T5923] loop1: detected capacity change from 0 to 1024 [ 149.731866][ T5148] DVB: Unable to find symbol mt352_attach() [ 149.930336][ T60] hfsplus: b-tree write err: -5, ino 4 [ 149.940110][ T5924] fido_id[5924]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 150.111101][ T5148] DVB: Unable to find symbol nxt6000_attach() [ 150.127596][ T5148] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 150.216912][ T5148] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input14 [ 150.299997][ T5148] dvb-usb: schedule remote query interval to 1000 msecs. [ 150.329116][ T5148] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 150.388762][ T5148] dvb-usb: bulk message failed: -22 (7/0) [ 150.415358][ T5148] dvb-usb: bulk message failed: -22 (7/0) [ 150.475056][ T5148] usb 5-1: USB disconnect, device number 7 [ 150.624069][ T5148] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 150.750520][ T5957] device bridge0 entered promiscuous mode [ 150.763642][ T5958] loop1: detected capacity change from 0 to 1024 [ 150.788697][ T5957] bridge0: port 3(vlan2) entered blocking state [ 150.822080][ T5957] bridge0: port 3(vlan2) entered disabled state [ 150.897061][ T5960] loop4: detected capacity change from 0 to 128 [ 150.921576][ T5957] device bridge0 left promiscuous mode [ 150.948140][ T5960] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 151.034686][ T5960] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 151.048226][ T4273] hfsplus: bad catalog entry type [ 151.443966][ T4349] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 151.558938][ T4349] hfsplus: b-tree write err: -5, ino 4 [ 151.721152][ T47] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 151.765999][ T5981] loop5: detected capacity change from 0 to 64 [ 151.785085][ T47] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.862474][ T5979] loop4: detected capacity change from 0 to 4096 [ 151.910788][ T5979] ntfs3: loop4: ino=3, Correct links count -> 2. [ 152.000274][ T47] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 152.043263][ T5979] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 152.073972][ T47] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.282376][ T5981] syz.5.499: attempt to access beyond end of device [ 152.282376][ T5981] loop5: rw=2049, sector=65, nr_sectors = 1 limit=64 [ 152.336796][ T47] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 152.363827][ T47] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.365441][ T5981] Buffer I/O error on dev loop5, logical block 65, lost async page write [ 152.394707][ T5981] syz.5.499: attempt to access beyond end of device [ 152.394707][ T5981] loop5: rw=2049, sector=66, nr_sectors = 1 limit=64 [ 152.454317][ T5981] Buffer I/O error on dev loop5, logical block 66, lost async page write [ 152.500958][ T5981] syz.5.499: attempt to access beyond end of device [ 152.500958][ T5981] loop5: rw=2049, sector=67, nr_sectors = 1 limit=64 [ 152.575639][ T5981] Buffer I/O error on dev loop5, logical block 67, lost async page write [ 152.647916][ T47] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 152.675214][ T5981] syz.5.499: attempt to access beyond end of device [ 152.675214][ T5981] loop5: rw=2049, sector=68, nr_sectors = 1 limit=64 [ 152.719092][ T47] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.775622][ T5981] Buffer I/O error on dev loop5, logical block 68, lost async page write [ 152.824570][ T5981] syz.5.499: attempt to access beyond end of device [ 152.824570][ T5981] loop5: rw=2049, sector=72, nr_sectors = 1 limit=64 [ 152.905568][ T5981] Buffer I/O error on dev loop5, logical block 72, lost async page write [ 152.942614][ T5981] syz.5.499: attempt to access beyond end of device [ 152.942614][ T5981] loop5: rw=2049, sector=73, nr_sectors = 1 limit=64 [ 152.995039][ T5981] Buffer I/O error on dev loop5, logical block 73, lost async page write [ 153.007742][ T5995] loop0: detected capacity change from 0 to 4096 [ 153.015445][ T5981] syz.5.499: attempt to access beyond end of device [ 153.015445][ T5981] loop5: rw=2049, sector=76, nr_sectors = 1 limit=64 [ 153.073969][ T5995] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 153.096817][ T5981] Buffer I/O error on dev loop5, logical block 76, lost async page write [ 153.109644][ T5999] loop4: detected capacity change from 0 to 512 [ 153.138655][ T5981] syz.5.499: attempt to access beyond end of device [ 153.138655][ T5981] loop5: rw=2049, sector=77, nr_sectors = 1 limit=64 [ 153.186141][ T5999] EXT4-fs (loop4): Test dummy encryption mode enabled [ 153.234119][ T5981] Buffer I/O error on dev loop5, logical block 77, lost async page write [ 153.279387][ T5981] syz.5.499: attempt to access beyond end of device [ 153.279387][ T5981] loop5: rw=2049, sector=78, nr_sectors = 760 limit=64 [ 153.298020][ T5999] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:164: inode #12: comm syz.4.506: inline data xattr refers to an external xattr inode [ 153.401957][ T5999] EXT4-fs (loop4): Remounting filesystem read-only [ 153.434755][ T5999] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.506: couldn't read orphan inode 12 (err -117) [ 153.484031][ T5999] EXT4-fs (loop4): Remounting filesystem read-only [ 153.511018][ T5999] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 153.796452][ T4267] EXT4-fs (loop4): unmounting filesystem. [ 153.833230][ T4285] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 153.865270][ T4285] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 153.873579][ T4285] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 153.882620][ T4285] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 153.892356][ T4285] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 153.899897][ T4285] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 154.021581][ T6018] loop4: detected capacity change from 0 to 256 [ 154.094991][ T6018] exfat: Deprecated parameter 'utf8' [ 154.115428][ T6018] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe649ead, utbl_chksum : 0xe619d30d) [ 154.732709][ T6009] chnl_net:caif_netlink_parms(): no params data found [ 155.535523][ T47] device hsr_slave_0 left promiscuous mode [ 155.552445][ T47] device hsr_slave_1 left promiscuous mode [ 155.592132][ T47] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 155.624084][ T47] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 155.657693][ T47] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 155.693745][ T47] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 155.719275][ T47] device bridge_slave_1 left promiscuous mode [ 155.731546][ T47] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.760473][ T47] device bridge_slave_0 left promiscuous mode [ 155.776783][ T47] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.791443][ T6033] loop3: detected capacity change from 0 to 32768 [ 155.923217][ T47] device veth1_macvtap left promiscuous mode [ 155.967447][ T47] device veth0_macvtap left promiscuous mode [ 155.974646][ T4285] Bluetooth: hci3: command 0x0409 tx timeout [ 155.996197][ T47] device veth1_vlan left promiscuous mode [ 156.009901][ T47] device veth0_vlan left promiscuous mode [ 156.104581][ T6033] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode. [ 156.289518][ T6080] loop5: detected capacity change from 0 to 128 [ 156.321602][ T6077] loop4: detected capacity change from 0 to 4096 [ 156.353009][ T6080] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 156.414503][ T6080] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 156.443251][ T6077] ntfs: (device loop4): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 156.476080][ T6077] ntfs: (device loop4): ntfs_read_locked_inode(): $DATA attribute is missing. [ 156.531641][ T6077] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 156.589680][ T6077] ntfs: (device loop4): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 156.639545][ T30] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 156.647122][ T4270] ocfs2: Unmounting device (7,3) on (node local) [ 156.676558][ T6077] ntfs: volume version 3.1. [ 156.836571][ T6077] ntfs: (device loop4): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set default. You might want to try to use the mount option nls=utf8. [ 156.890659][ T6077] ntfs: (device loop4): ntfs_filldir(): Skipping unrepresentable inode 0x45. [ 157.842835][ T6088] loop5: detected capacity change from 0 to 40427 [ 157.867962][ T6088] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 157.889239][ T6088] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 157.911152][ T6088] F2FS-fs (loop5): Found nat_bits in checkpoint [ 157.959543][ T6088] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 157.966902][ T6088] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 158.054018][ T4285] Bluetooth: hci3: command 0x041b tx timeout [ 158.153230][ T47] team0 (unregistering): Port device team_slave_1 removed [ 158.348890][ T47] team0 (unregistering): Port device team_slave_0 removed [ 158.468002][ T5217] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 158.513641][ T47] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 158.643652][ T6106] loop5: detected capacity change from 0 to 4096 [ 158.657091][ T5217] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.680036][ T6106] ntfs: (device loop5): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 158.680589][ T5217] usb 4-1: New USB device found, idVendor=044f, idProduct=b651, bcdDevice= 0.00 [ 158.705461][ T5217] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.723336][ T5217] usb 4-1: config 0 descriptor?? [ 158.727023][ T6106] ntfs: (device loop5): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 158.763591][ T47] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 158.786463][ T6106] ntfs: (device loop5): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 158.832566][ T6106] ntfs: (device loop5): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 158.881451][ T6106] ntfs: volume version 3.1. [ 159.160514][ T5217] thrustmaster 0003:044F:B651.0008: unknown main item tag 0x0 [ 159.169660][ T5217] thrustmaster 0003:044F:B651.0008: unknown main item tag 0x0 [ 159.178321][ T5217] thrustmaster 0003:044F:B651.0008: unknown main item tag 0x0 [ 159.186497][ T5217] thrustmaster 0003:044F:B651.0008: unknown main item tag 0x0 [ 159.196049][ T5217] thrustmaster 0003:044F:B651.0008: unknown main item tag 0x0 [ 159.205728][ T5217] thrustmaster 0003:044F:B651.0008: hidraw0: USB HID v0.00 Device [HID 044f:b651] on usb-dummy_hcd.3-1/input0 [ 159.217784][ T5217] thrustmaster 0003:044F:B651.0008: no inputs found [ 159.384845][ T5217] usb 4-1: USB disconnect, device number 5 [ 159.423265][ T6115] fido_id[6115]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 159.589872][ T6120] loop4: detected capacity change from 0 to 4096 [ 159.610834][ T6120] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 159.630273][ T6120] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [ 159.702702][ T6121] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 159.786065][ T47] bond0 (unregistering): Released all slaves [ 160.121653][ T6009] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.133958][ T4285] Bluetooth: hci3: command 0x040f tx timeout [ 160.161115][ T6009] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.256998][ T6009] device bridge_slave_0 entered promiscuous mode [ 160.296625][ T6009] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.304224][ T6009] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.344269][ T6009] device bridge_slave_1 entered promiscuous mode [ 160.515928][ T6009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 160.534345][ T6009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 160.631595][ T6009] team0: Port device team_slave_0 added [ 160.684313][ T6009] team0: Port device team_slave_1 added [ 160.775965][ T6009] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 160.799925][ T6146] loop5: detected capacity change from 0 to 512 [ 160.813990][ T6009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.884211][ T6009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 160.902519][ T6146] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 160.967467][ T6009] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 160.985179][ T6146] EXT4-fs (loop5): 1 truncate cleaned up [ 160.995669][ T6009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 161.024659][ T6146] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 161.079857][ T6146] EXT4-fs warning (device loop5): verify_group_input:151: Cannot add at group 225 (only 1 groups) [ 161.104953][ T6152] loop3: detected capacity change from 0 to 512 [ 161.142934][ T6009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 161.164039][ T6152] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 161.204223][ T6152] EXT4-fs (loop3): invalid journal inode [ 161.210026][ T6152] EXT4-fs (loop3): can't get journal size [ 161.262352][ T6152] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a016c119, mo2=0002] [ 161.288508][ T6152] System zones: 1-12, 13-13 [ 161.298551][ T6152] EXT4-fs (loop3): 1 truncate cleaned up [ 161.304699][ T6152] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 161.346218][ T4579] EXT4-fs (loop5): unmounting filesystem. [ 161.548580][ T4270] EXT4-fs (loop3): unmounting filesystem. [ 161.569502][ T6009] device hsr_slave_0 entered promiscuous mode [ 161.611529][ T6009] device hsr_slave_1 entered promiscuous mode [ 161.636534][ T6009] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 161.663464][ T6009] Cannot create hsr debugfs directory [ 161.664911][ T6131] loop0: detected capacity change from 0 to 32768 [ 161.744093][ T6131] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz.0.550 (6131) [ 161.867990][ T6131] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 161.949993][ T6131] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 161.976467][ T6131] BTRFS info (device loop0): force zlib compression, level 3 [ 162.000464][ T6131] BTRFS info (device loop0): force clearing of disk cache [ 162.028168][ T6131] BTRFS info (device loop0): setting nodatasum [ 162.050359][ T6169] netlink: 12 bytes leftover after parsing attributes in process `syz.4.562'. [ 162.087212][ T6131] BTRFS info (device loop0): allowing degraded mounts [ 162.109063][ T6131] BTRFS info (device loop0): enabling disk space caching [ 162.122084][ T6131] BTRFS info (device loop0): disk space caching is enabled [ 162.214028][ T4285] Bluetooth: hci3: command 0x0419 tx timeout [ 162.319582][ T6183] netlink: 44 bytes leftover after parsing attributes in process `syz.4.564'. [ 162.436944][ T6190] loop5: detected capacity change from 0 to 256 [ 162.534155][ T6131] BTRFS info (device loop0): rebuilding free space tree [ 162.613898][ T6131] BTRFS info (device loop0): disabling free space tree [ 162.622262][ T6009] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 162.644172][ T6131] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 162.678230][ T6131] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 162.695318][ T6009] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 162.766242][ T6009] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 162.826049][ T6009] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 162.897058][ T6131] BTRFS info (device loop0): balance: start [ 162.903329][ T6131] BTRFS info (device loop0): balance: ended with status: 0 [ 163.157225][ T4283] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 163.285057][ T6009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 163.323754][ T4604] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 13 /dev/loop0 scanned by udevd (4604) [ 163.371774][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 163.392893][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 163.461022][ T6009] 8021q: adding VLAN 0 to HW filter on device team0 [ 163.492599][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 163.534697][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 163.573469][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.580818][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 163.674034][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 163.734794][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 163.764587][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 163.809341][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.816649][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 163.864342][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 163.902238][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 163.985598][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 164.043939][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 164.081494][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 164.115594][ T6229] loop3: detected capacity change from 0 to 164 [ 164.135082][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 164.160974][ T6229] rock: directory entry would overflow storage [ 164.184074][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 164.187370][ T6229] rock: sig=0x66, size=4, remaining=3 [ 164.226563][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 164.262712][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 164.286039][ T6229] rock: directory entry would overflow storage [ 164.292810][ T6229] rock: sig=0x66, size=4, remaining=3 [ 164.294468][ T4285] Bluetooth: hci3: command 0x0405 tx timeout [ 164.371702][ T6009] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 164.427747][ T6009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 164.463672][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 164.494701][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 164.516531][ T6204] loop5: detected capacity change from 0 to 32768 [ 164.750959][ T6246] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check. [ 164.761572][ T6250] loop0: detected capacity change from 0 to 2048 [ 164.775421][ T5885] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 164.779268][ T6250] EXT4-fs: Ignoring removed orlov option [ 164.791428][ T6204] XFS (loop5): Mounting V5 Filesystem [ 164.806285][ T6250] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 164.975332][ T6204] XFS (loop5): Ending clean mount [ 164.986964][ T6250] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1113: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 165.012096][ T6204] XFS (loop5): Quotacheck needed: Please wait. [ 165.147718][ T6204] XFS (loop5): Quotacheck: Done. [ 165.285103][ T4283] EXT4-fs (loop0): unmounting filesystem. [ 165.378637][ T6268] loop4: detected capacity change from 0 to 1024 [ 165.449203][ T6268] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 165.572367][ T6268] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 165.593511][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 165.647271][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 165.658428][ T6276] autofs4:pid:6276:autofs_fill_super: called with bogus options [ 165.690752][ T6009] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 165.711778][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 165.711794][ T26] audit: type=1800 audit(1769425446.180:12): pid=6268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.583" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 165.745283][ T5085] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 165.933236][ T4267] EXT4-fs (loop4): unmounting filesystem. [ 166.189042][ T6288] loop4: detected capacity change from 0 to 1024 [ 166.372564][ T6288] hfsplus: bad catalog entry type [ 166.426584][ T4579] XFS (loop5): Unmounting Filesystem [ 166.489292][ T5085] kernel write not supported for file /sg0 (pid: 5085 comm: kworker/1:16) [ 166.535130][ T60] hfsplus: b-tree write err: -5, ino 4 [ 166.862039][ T6306] loop0: detected capacity change from 0 to 2048 [ 166.993671][ T6306] loop0: p1 p3 p4 [ 167.028440][ T6306] loop0: p4 size 589824 extends beyond EOD, truncated [ 167.040536][ T6303] loop4: detected capacity change from 0 to 8192 [ 167.081401][ T3639] loop0: p1 p3 p4 [ 167.092671][ T3639] loop0: p4 size 589824 extends beyond EOD, truncated [ 167.119680][ T26] audit: type=1800 audit(1769425447.590:13): pid=6303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.594" name="bus" dev="loop4" ino=1048657 res=0 errno=0 [ 167.206057][ T6314] loop3: detected capacity change from 0 to 512 [ 167.250019][ T6314] EXT4-fs: Ignoring removed mblk_io_submit option [ 167.375131][ T6314] EXT4-fs (loop3): orphan cleanup on readonly fs [ 167.381656][ T6314] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 167.527556][ T6314] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.597: attempt to clear invalid blocks 2 len 1 [ 167.538486][ T4366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 167.584818][ T4366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 167.616834][ T6314] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1113: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 167.726826][ T4366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 167.764917][ T4366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 167.774549][ T6314] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.597: invalid indirect mapped block 1819239214 (level 0) [ 167.816927][ T4366] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 167.828680][ T4385] udevd[4385]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 167.843654][ T4604] udevd[4604]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 167.857953][ T4406] udevd[4406]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 167.874032][ T6314] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.597: invalid indirect mapped block 1819239214 (level 1) [ 167.875021][ T4366] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 167.937079][ T5918] udevd[5918]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 167.939637][ T4448] udevd[4448]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 167.969068][ T4604] udevd[4604]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 167.992559][ T6009] device veth0_vlan entered promiscuous mode [ 168.013202][ T6314] EXT4-fs (loop3): 1 truncate cleaned up [ 168.037473][ T6327] device bridge0 entered promiscuous mode [ 168.054583][ T6314] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 168.072004][ T6327] device macsec1 entered promiscuous mode [ 168.116444][ T6327] bridge0: port 3(macsec1) entered blocking state [ 168.143464][ T6327] bridge0: port 3(macsec1) entered disabled state [ 168.289371][ T6327] device bridge0 left promiscuous mode [ 168.292464][ T4270] EXT4-fs error (device loop3): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 168.421334][ T4270] EXT4-fs error (device loop3): ext4_iget_extra_inode:4756: inode #15: comm syz-executor: corrupted in-inode xattr [ 168.439280][ T6009] device veth1_vlan entered promiscuous mode [ 168.509637][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 168.535796][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 168.549095][ T4270] EXT4-fs error (device loop3): ext4_iget_extra_inode:4756: inode #15: comm syz-executor: corrupted in-inode xattr [ 168.582953][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 168.613468][ T4719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 168.648291][ T6009] device veth0_macvtap entered promiscuous mode [ 168.681041][ T6009] device veth1_macvtap entered promiscuous mode [ 168.906287][ T6009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 168.950935][ T6009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.996410][ T6009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.027432][ T6009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.059975][ T6009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.074499][ T6342] loop0: detected capacity change from 0 to 512 [ 169.081013][ T6009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.108000][ T6328] loop5: detected capacity change from 0 to 32768 [ 169.118964][ T6009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.132774][ T6328] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.601 (6328) [ 169.152360][ T6009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.162451][ T6342] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 169.183640][ T6342] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 169.206555][ T6328] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 169.224798][ T6009] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 169.232299][ T6328] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 169.243985][ T6328] BTRFS info (device loop5): using free space tree [ 169.249813][ T6342] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 169.262865][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 169.289692][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 169.307668][ T4270] EXT4-fs (loop3): unmounting filesystem. [ 169.333659][ T6342] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 169.354156][ T6342] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 169.363441][ T6342] EXT4-fs (loop0): orphan cleanup on readonly fs [ 169.367247][ T6009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.380803][ T6009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.391150][ T6009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.402256][ T6009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.413056][ T6009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.423837][ T6009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.433763][ T6009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.444501][ T6009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.464181][ T6342] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.605: bg 0: block 34: padding at end of block bitmap is not set [ 169.465599][ T6009] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 169.487305][ T6330] loop4: detected capacity change from 0 to 32768 [ 169.529567][ T6342] Quota error (device loop0): write_blk: dquota write failed [ 169.592688][ T6330] XFS (loop4): Mounting V5 Filesystem [ 169.609560][ T6328] BTRFS info (device loop5): enabling ssd optimizations [ 169.621963][ T6342] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 169.632272][ T6342] EXT4-fs error (device loop0): ext4_acquire_dquot:6835: comm syz.0.605: Failed to acquire dquot type 1 [ 169.657394][ T6342] EXT4-fs (loop0): 1 truncate cleaned up [ 169.717620][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 169.731810][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 169.795734][ T6330] XFS (loop4): Ending clean mount [ 169.807270][ T6342] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 169.910797][ T6009] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.969263][ T6009] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.009961][ T6009] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.049324][ T6009] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.074479][ T4579] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 170.094923][ T4283] EXT4-fs (loop0): unmounting filesystem. [ 170.106765][ T4267] XFS (loop4): Unmounting Filesystem [ 170.489015][ T4719] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.733239][ T4719] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.020128][ T4719] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.103633][ T30] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 171.137594][ T30] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 171.178026][ T6387] loop0: detected capacity change from 0 to 164 [ 171.207501][ T4719] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.226715][ T6387] rock: directory entry would overflow storage [ 171.245773][ T6387] rock: sig=0x66, size=4, remaining=3 [ 171.270340][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 171.279643][ T6387] rock: directory entry would overflow storage [ 171.306496][ T6387] rock: sig=0x66, size=4, remaining=3 [ 171.348266][ T4349] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 171.392958][ T4349] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 171.466378][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 171.622332][ T4282] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 171.644714][ T4282] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 171.664176][ T4282] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 171.684182][ T4282] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 171.692414][ T4282] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 171.710008][ T4282] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 172.718822][ T6425] netlink: 20 bytes leftover after parsing attributes in process `syz.0.623'. [ 172.735587][ T6401] loop5: detected capacity change from 0 to 32768 [ 172.951873][ T6401] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 172.972177][ T6437] loop0: detected capacity change from 0 to 1024 [ 173.185509][ T6437] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #3: block 2: comm syz.0.628: lblock 2 mapped to illegal pblock 2 (length 1) [ 173.229464][ T4579] ocfs2: Unmounting device (7,5) on (node local) [ 173.237325][ T6437] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 173.336095][ T6437] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #3: block 48: comm syz.0.628: lblock 0 mapped to illegal pblock 48 (length 1) [ 173.407256][ T6392] chnl_net:caif_netlink_parms(): no params data found [ 173.464233][ T6437] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 173.514273][ T6437] EXT4-fs error (device loop0): ext4_acquire_dquot:6835: comm syz.0.628: Failed to acquire dquot type 0 [ 173.577833][ T6437] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 173.633451][ T6437] EXT4-fs error (device loop0): ext4_evict_inode:279: inode #11: comm syz.0.628: mark_inode_dirty error [ 173.720116][ T6437] EXT4-fs warning (device loop0): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 173.753274][ T6437] EXT4-fs (loop0): 1 orphan inode deleted [ 173.772995][ T6437] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 173.782124][ T9] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:0: lblock 1 mapped to illegal pblock 1 (length 1) [ 173.814046][ T4282] Bluetooth: hci2: command 0x0409 tx timeout [ 173.833917][ T6392] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.841238][ T6392] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.850252][ T6392] device bridge_slave_0 entered promiscuous mode [ 173.859708][ T6392] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.867101][ T6392] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.875841][ T6392] device bridge_slave_1 entered promiscuous mode [ 173.914850][ T9] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 173.944140][ T9] EXT4-fs error (device loop0): ext4_release_dquot:6871: comm kworker/u4:0: Failed to release dquot type 0 [ 174.140967][ T6392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.143504][ T4283] EXT4-fs (loop0): unmounting filesystem. [ 174.163057][ T4366] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:7: lblock 1 mapped to illegal pblock 1 (length 1) [ 174.188419][ T6392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.230933][ T4366] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 174.263927][ T4366] EXT4-fs error (device loop0): ext4_release_dquot:6871: comm kworker/u4:7: Failed to release dquot type 0 [ 174.341899][ T4283] EXT4-fs error (device loop0): __ext4_get_inode_loc:4513: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 174.383951][ T4283] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 174.429125][ T4283] EXT4-fs error (device loop0): ext4_quota_off:7141: inode #3: comm syz-executor: mark_inode_dirty error [ 174.543815][ T5297] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 174.596800][ T6471] netlink: 20 bytes leftover after parsing attributes in process `syz.4.639'. [ 174.629975][ T6392] team0: Port device team_slave_0 added [ 174.670801][ T6392] team0: Port device team_slave_1 added [ 174.712758][ T4719] device hsr_slave_0 left promiscuous mode [ 174.722967][ T4719] device hsr_slave_1 left promiscuous mode [ 174.750163][ T5297] usb 6-1: Using ep0 maxpacket: 32 [ 174.763587][ T5297] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 174.773696][ T5297] usb 6-1: config 0 has no interface number 0 [ 174.795930][ T4719] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 174.803422][ T4719] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 174.819165][ T5297] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 174.854082][ T5297] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.862163][ T5297] usb 6-1: Product: syz [ 174.884022][ T5297] usb 6-1: Manufacturer: syz [ 174.888701][ T5297] usb 6-1: SerialNumber: syz [ 174.914032][ T5297] usb 6-1: config 0 descriptor?? [ 174.936373][ T5297] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 174.953922][ T5297] usb 6-1: selecting invalid altsetting 1 [ 174.961184][ T4719] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 174.984281][ T5297] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 174.998629][ T4719] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 175.025686][ T5297] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 175.060749][ T4719] device bridge_slave_1 left promiscuous mode [ 175.067961][ T5297] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 175.078822][ T4719] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.119639][ T5297] usb 6-1: media controller created [ 175.134149][ T4719] device bridge_slave_0 left promiscuous mode [ 175.140907][ T4719] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.150745][ T6467] usb 6-1: dvb_usb_ce6230: I2C read not implemented [ 175.209447][ T5297] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 175.295542][ T6487] loop0: detected capacity change from 0 to 64 [ 175.303669][ T4719] device veth1_macvtap left promiscuous mode [ 175.314387][ T5297] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 175.321552][ T5297] zl10353_read_register: readreg error (reg=127, ret==-71) [ 175.346722][ T4719] device veth0_macvtap left promiscuous mode [ 175.373284][ T4719] device veth1_vlan left promiscuous mode [ 175.374507][ T5297] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 175.400058][ T4719] device veth0_vlan left promiscuous mode [ 175.474322][ T5081] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 175.524738][ T5297] usb 6-1: USB disconnect, device number 4 [ 175.661729][ T6464] loop6: detected capacity change from 0 to 32768 [ 175.676771][ T5081] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 175.705282][ T5081] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.748063][ T5081] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 175.882195][ T5081] usb 5-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 175.894161][ T4282] Bluetooth: hci2: command 0x041b tx timeout [ 175.933626][ T5081] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.018251][ T5081] usb 5-1: config 0 descriptor?? [ 176.025796][ T6464] XFS (loop6): Mounting V5 Filesystem [ 176.244629][ T6464] XFS (loop6): Ending clean mount [ 176.452946][ T5081] thrustmaster 0003:044F:B323.0009: item fetching failed at offset 3/5 [ 176.478647][ T5081] thrustmaster 0003:044F:B323.0009: parse failed [ 176.499922][ T5081] thrustmaster: probe of 0003:044F:B323.0009 failed with error -22 [ 176.517918][ T6009] XFS (loop6): Unmounting Filesystem [ 176.654010][ T5297] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 176.671604][ T5081] usb 5-1: USB disconnect, device number 8 [ 176.877378][ T5297] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 176.897920][ T5297] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.917748][ T5297] usb 6-1: config 0 descriptor?? [ 176.943639][ T5297] cp210x 6-1:0.0: cp210x converter detected [ 177.334159][ T5217] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 177.479197][ T6523] loop4: detected capacity change from 0 to 8192 [ 177.506829][ T6523] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 177.520796][ T6523] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 177.532795][ T5217] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.545030][ T6523] REISERFS (device loop4): using ordered data mode [ 177.553726][ T5297] cp210x 6-1:0.0: failed to get vendor val 0x370c size 73: -71 [ 177.561617][ T5217] usb 7-1: New USB device found, idVendor=056a, idProduct=002a, bcdDevice= 0.00 [ 177.564078][ T6523] reiserfs: using flush barriers [ 177.576202][ T5297] cp210x 6-1:0.0: GPIO initialisation failed: -71 [ 177.584115][ T5217] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.593605][ T5297] usb 6-1: cp210x converter now attached to ttyUSB0 [ 177.603773][ T5217] usb 7-1: config 0 descriptor?? [ 177.624752][ T5297] usb 6-1: USB disconnect, device number 5 [ 177.640460][ T6523] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 177.649791][ T5297] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 177.666575][ T5297] cp210x 6-1:0.0: device disconnected [ 177.684543][ T6523] REISERFS (device loop4): checking transaction log (loop4) [ 177.699394][ T6523] REISERFS (device loop4): Using r5 hash to sort names [ 177.722350][ T6523] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 177.748826][ T6523] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 177.774656][ T4719] team0 (unregistering): Port device team_slave_1 removed [ 177.916417][ T4719] team0 (unregistering): Port device team_slave_0 removed [ 177.973988][ T4282] Bluetooth: hci2: command 0x040f tx timeout [ 177.994757][ T4719] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 178.069490][ T5217] wacom 0003:056A:002A.000A: unknown main item tag 0x0 [ 178.083341][ T5217] wacom 0003:056A:002A.000A: unknown main item tag 0x0 [ 178.090633][ T5217] wacom 0003:056A:002A.000A: unknown main item tag 0x0 [ 178.100800][ T5217] wacom 0003:056A:002A.000A: unknown main item tag 0x0 [ 178.113036][ T5217] wacom 0003:056A:002A.000A: unknown main item tag 0x0 [ 178.130474][ T5217] wacom 0003:056A:002A.000A: unknown main item tag 0x0 [ 178.146413][ T5217] wacom 0003:056A:002A.000A: Unknown device_type for 'HID 056a:002a'. Assuming pen. [ 178.172508][ T5217] wacom 0003:056A:002A.000A: hidraw0: USB HID v0.00 Device [HID 056a:002a] on usb-dummy_hcd.6-1/input0 [ 178.206290][ T5217] input: Wacom Intuos5 M Pen as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:056A:002A.000A/input/input15 [ 178.292163][ T4719] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 178.309960][ T5217] usb 7-1: USB disconnect, device number 2 [ 178.616983][ T6533] fido_id[6533]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 178.816262][ T6538] loop4: detected capacity change from 0 to 1024 [ 179.336809][ T4719] bond0 (unregistering): Released all slaves [ 179.625582][ T6392] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 179.632688][ T6392] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.833089][ T6392] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 179.860202][ T6392] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 179.885964][ T6392] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.963218][ T6392] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 180.055155][ T4282] Bluetooth: hci2: command 0x0419 tx timeout [ 180.222251][ T6392] device hsr_slave_0 entered promiscuous mode [ 180.245287][ T6392] device hsr_slave_1 entered promiscuous mode [ 180.368600][ T5297] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 180.576394][ T5297] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 180.607169][ T5297] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 180.640734][ T5297] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 180.665921][ T5297] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.697565][ T5297] usb 1-1: Product: syz [ 180.709031][ T5297] usb 1-1: Manufacturer: syz [ 180.726353][ T5297] usb 1-1: SerialNumber: syz [ 180.768108][ T6560] loop4: detected capacity change from 0 to 32768 [ 180.777003][ T5217] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 180.832631][ T6392] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 180.858573][ T6560] jfs_lookup: dtSearch returned -5 [ 180.883290][ T6392] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 180.921626][ T6392] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 180.955006][ T6392] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 180.983934][ T5217] usb 7-1: Using ep0 maxpacket: 8 [ 180.991252][ T5217] usb 7-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30 [ 181.029382][ T5217] usb 7-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 181.071481][ T5217] usb 7-1: config 0 interface 0 has no altsetting 0 [ 181.100696][ T5217] usb 7-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00 [ 181.140429][ T5217] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.165553][ T5297] usb 1-1: cannot find UAC_HEADER [ 181.218940][ T5217] usb 7-1: config 0 descriptor?? [ 181.315236][ T5297] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 181.378498][ T6392] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.423821][ T4604] udevd[4604]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 181.451868][ T5297] usb 1-1: USB disconnect, device number 5 [ 181.514742][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 181.522899][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 181.566200][ T6392] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.599683][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.625080][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.636896][ T5217] gt683r_led 0003:1770:FF00.000B: item fetching failed at offset 1/5 [ 181.652873][ T5217] gt683r_led 0003:1770:FF00.000B: hid parsing failed [ 181.662675][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.669907][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.691058][ T5217] gt683r_led: probe of 0003:1770:FF00.000B failed with error -22 [ 181.718738][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.760760][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.803661][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.828923][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.836169][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.847568][ T5885] usb 7-1: USB disconnect, device number 3 [ 181.901186][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.950068][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.965348][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.007926][ T6582] loop5: detected capacity change from 0 to 32768 [ 182.014953][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.036464][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.059582][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.113106][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 182.142044][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 182.196256][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.240130][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 182.270058][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 182.298638][ T6392] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 182.624877][ T6619] netlink: 8 bytes leftover after parsing attributes in process `syz.6.686'. [ 182.664569][ T6623] netlink: 8 bytes leftover after parsing attributes in process `syz.0.688'. [ 182.702477][ T6623] netlink: zone id is out of range [ 182.721938][ T6623] netlink: zone id is out of range [ 182.744004][ T6623] netlink: zone id is out of range [ 182.753963][ T6623] netlink: zone id is out of range [ 182.790888][ T6623] netlink: zone id is out of range [ 182.810945][ T6623] netlink: zone id is out of range [ 182.830925][ T6623] netlink: zone id is out of range [ 182.865125][ T6623] netlink: zone id is out of range [ 182.947080][ T6623] netlink: zone id is out of range [ 182.950035][ T6629] program syz.6.691 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 182.999012][ T6623] netlink: zone id is out of range [ 183.380506][ T6637] loop4: detected capacity change from 0 to 2048 [ 183.550064][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 183.561644][ T6637] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 183.593252][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 183.610541][ T6392] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.618873][ T6637] ext4 filesystem being mounted at /169/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.706616][ T4267] EXT4-fs (loop4): unmounting filesystem. [ 184.114075][ T6624] loop5: detected capacity change from 0 to 32768 [ 184.190267][ T6662] loop4: detected capacity change from 0 to 1024 [ 184.231784][ T6653] ALSA: seq fatal error: cannot create timer (-19) [ 184.249688][ T6624] XFS (loop5): DAX unsupported by block device. Turning off DAX. [ 184.272862][ T6624] XFS (loop5): Mounting V5 Filesystem [ 184.290112][ T6662] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #3: block 2: comm syz.4.700: lblock 2 mapped to illegal pblock 2 (length 1) [ 184.319340][ T6662] Quota error (device loop4): qtree_write_dquot: dquota write failed [ 184.342150][ T6662] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #3: block 48: comm syz.4.700: lblock 0 mapped to illegal pblock 48 (length 1) [ 184.387376][ T6624] XFS (loop5): Ending clean mount [ 184.419169][ T6624] XFS (loop5): Quotacheck needed: Please wait. [ 184.477625][ T6662] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 184.510399][ T6662] EXT4-fs error (device loop4): ext4_acquire_dquot:6835: comm syz.4.700: Failed to acquire dquot type 0 [ 184.528433][ T6624] XFS (loop5): Quotacheck: Done. [ 184.621460][ T6662] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 184.715847][ T6662] EXT4-fs error (device loop4): ext4_evict_inode:279: inode #11: comm syz.4.700: mark_inode_dirty error [ 184.780855][ T6662] EXT4-fs warning (device loop4): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 184.823520][ T6662] EXT4-fs (loop4): 1 orphan inode deleted [ 184.839555][ T9] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:0: lblock 1 mapped to illegal pblock 1 (length 1) [ 184.868163][ T6662] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 184.880418][ T4579] XFS (loop5): Unmounting Filesystem [ 184.927028][ T9] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 184.974210][ T9] EXT4-fs error (device loop4): ext4_release_dquot:6871: comm kworker/u4:0: Failed to release dquot type 0 [ 185.182388][ T4267] EXT4-fs (loop4): unmounting filesystem. [ 185.195788][ T4719] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 185.252580][ T4719] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 185.270646][ T4719] EXT4-fs error (device loop4): ext4_release_dquot:6871: comm kworker/u4:9: Failed to release dquot type 0 [ 185.311602][ T4267] EXT4-fs error (device loop4): __ext4_get_inode_loc:4513: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 185.338753][ T6683] loop0: detected capacity change from 0 to 8192 [ 185.347421][ T4267] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 185.381779][ T6683] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 185.400515][ T4267] EXT4-fs error (device loop4): ext4_quota_off:7141: inode #3: comm syz-executor: mark_inode_dirty error [ 185.435794][ T6683] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 185.454739][ T6683] REISERFS (device loop0): using journaled data mode [ 185.461492][ T6683] reiserfs: using flush barriers [ 185.553992][ T5081] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 185.573402][ T6683] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 185.624500][ T6683] REISERFS (device loop0): checking transaction log (loop0) [ 185.681281][ T6683] REISERFS (device loop0): Using r5 hash to sort names [ 185.724333][ T6683] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 185.766294][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 185.777578][ T5081] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30 [ 185.794726][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 185.823552][ T5081] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11 [ 185.824189][ T6683] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 185.884278][ T5081] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 185.900910][ T6702] loop5: detected capacity change from 0 to 64 [ 185.920167][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 185.935511][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 185.956836][ T6392] device veth0_vlan entered promiscuous mode [ 185.973827][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 185.973966][ T5081] usb 7-1: New USB device found, idVendor=09da, idProduct=001a, bcdDevice= 0.00 [ 185.973997][ T5081] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.018333][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 186.083565][ T6392] device veth1_vlan entered promiscuous mode [ 186.112350][ T5081] usb 7-1: config 0 descriptor?? [ 186.186375][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 186.216548][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 186.250842][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 186.291481][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 186.330414][ T6707] binder: 6706:6707 ioctl c0306201 200000000100 returned -14 [ 186.346586][ T6392] device veth0_macvtap entered promiscuous mode [ 186.374268][ T5080] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 186.396532][ T5081] usbhid 7-1:0.0: can't add hid device: -71 [ 186.420051][ T6392] device veth1_macvtap entered promiscuous mode [ 186.434325][ T5081] usbhid: probe of 7-1:0.0 failed with error -71 [ 186.467603][ T6392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.491890][ T5081] usb 7-1: USB disconnect, device number 4 [ 186.540525][ T6392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.577003][ T6392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.600330][ T6392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.611804][ T6392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.621797][ T5080] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 186.623791][ T6392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.642630][ T6392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.655512][ T6392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.667732][ T6392] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 186.675026][ T5080] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 186.675076][ T5080] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 186.675102][ T5080] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.706566][ T5080] usb 5-1: config 0 descriptor?? [ 186.750329][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 186.774399][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 186.817111][ T6712] loop5: detected capacity change from 0 to 2048 [ 186.836712][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 186.860900][ T5885] kernel write not supported for file /uinput (pid: 5885 comm: kworker/1:17) [ 186.890164][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 186.902071][ T6712] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 186.926873][ T6392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 186.966548][ T6392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.007207][ T6392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.034331][ T6392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.086966][ T6716] loop0: detected capacity change from 0 to 64 [ 187.097101][ T6392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.133257][ T6392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.150959][ T5080] kovaplus 0003:1E7D:2D50.000C: item fetching failed at offset 1/5 [ 187.173503][ T6392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.198420][ T5080] kovaplus 0003:1E7D:2D50.000C: parse failed [ 187.213923][ T6392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.236966][ T5080] kovaplus: probe of 0003:1E7D:2D50.000C failed with error -22 [ 187.253606][ T6392] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 187.284796][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 187.331651][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 187.362623][ T5080] usb 5-1: USB disconnect, device number 9 [ 187.415149][ T6392] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.464698][ T6392] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.514044][ T6392] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.523101][ T6392] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.658778][ T26] audit: type=1326 audit(1769425468.130:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6725 comm="syz.6.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f637119aeb9 code=0x7ffc0000 [ 187.754399][ T26] audit: type=1326 audit(1769425468.130:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6725 comm="syz.6.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f637119aeb9 code=0x7ffc0000 [ 187.795106][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.837698][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.873963][ T26] audit: type=1326 audit(1769425468.130:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6725 comm="syz.6.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f637119aeb9 code=0x7ffc0000 [ 187.934715][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 187.949342][ T26] audit: type=1326 audit(1769425468.130:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6725 comm="syz.6.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f637119aeb9 code=0x7ffc0000 [ 188.010165][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 188.042557][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 188.094320][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 188.109502][ T26] audit: type=1326 audit(1769425468.130:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6725 comm="syz.6.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f637119aeb9 code=0x7ffc0000 [ 188.220457][ T26] audit: type=1326 audit(1769425468.130:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6725 comm="syz.6.719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=232 compat=0 ip=0x7f637119aeb9 code=0x7ffc0000 [ 188.335153][ T6733] loop0: detected capacity change from 0 to 4096 [ 188.435147][ T6733] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 188.514456][ T6733] ntfs3: loop0: Failed to load $Extend. [ 188.698809][ T6754] netlink: 156 bytes leftover after parsing attributes in process `syz.5.727'. [ 188.814210][ T6221] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 189.008645][ T6221] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 189.050812][ T6221] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 189.081175][ T6221] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 189.116880][ T6221] usb 7-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 189.146526][ T6221] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.170868][ T6221] usb 7-1: config 0 descriptor?? [ 189.247148][ T6771] loop5: detected capacity change from 0 to 64 [ 189.381795][ T6771] hfs: request for non-existent node 131072 in B*Tree [ 189.438785][ T6771] hfs: request for non-existent node 131072 in B*Tree [ 189.615524][ T6221] thrustmaster 0003:044F:B323.000D: item fetching failed at offset 3/5 [ 189.644919][ T6221] thrustmaster 0003:044F:B323.000D: parse failed [ 189.664493][ T6221] thrustmaster: probe of 0003:044F:B323.000D failed with error -22 [ 189.809109][ T6783] loop5: detected capacity change from 0 to 512 [ 189.839854][ T6221] usb 7-1: USB disconnect, device number 5 [ 189.919439][ T6783] EXT4-fs error (device loop5): ext4_orphan_get:1399: inode #15: comm syz.5.740: inode has both inline data and extents flags [ 190.023513][ T6769] loop7: detected capacity change from 0 to 32768 [ 190.046202][ T6783] EXT4-fs error (device loop5): ext4_orphan_get:1404: comm syz.5.740: couldn't read orphan inode 15 (err -117) [ 190.065532][ T6783] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 190.110699][ T6769] XFS (loop7): Mounting V5 Filesystem [ 190.229524][ T4579] EXT4-fs (loop5): unmounting filesystem. [ 190.411965][ T6769] XFS (loop7): Ending clean mount [ 190.431051][ T6769] XFS (loop7): Quotacheck needed: Please wait. [ 190.507885][ T6769] XFS (loop7): Quotacheck: Done. [ 190.553492][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 190.553509][ T26] audit: type=1326 audit(1769425471.020:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6779 comm="syz.0.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99c9b9aeb9 code=0x7fc00000 [ 190.645780][ T6392] XFS (loop7): Unmounting Filesystem [ 190.678530][ T26] audit: type=1326 audit(1769425471.020:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6779 comm="syz.0.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f99c9b9aeb9 code=0x7fc00000 [ 190.723958][ T3599] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 190.793903][ T26] audit: type=1326 audit(1769425471.020:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6779 comm="syz.0.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99c9b9aeb9 code=0x7fc00000 [ 190.891772][ T26] audit: type=1326 audit(1769425471.030:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6779 comm="syz.0.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99c9b9aeb9 code=0x7fc00000 [ 190.923967][ T3599] usb 6-1: Using ep0 maxpacket: 8 [ 190.935238][ T3599] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 191.004193][ T3599] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 191.032528][ T6809] loop4: detected capacity change from 0 to 4096 [ 191.036562][ T26] audit: type=1326 audit(1769425471.030:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6779 comm="syz.0.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99c9b9aeb9 code=0x7fc00000 [ 191.067869][ T3599] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 191.090914][ T6809] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 191.121776][ T3599] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 191.125384][ T26] audit: type=1326 audit(1769425471.030:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6779 comm="syz.0.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99c9b9aeb9 code=0x7fc00000 [ 191.165660][ T3599] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 191.213335][ T3599] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 191.227386][ T26] audit: type=1326 audit(1769425471.030:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6779 comm="syz.0.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99c9b9aeb9 code=0x7fc00000 [ 191.268875][ T3599] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.306867][ T3599] usb 6-1: config 0 descriptor?? [ 191.344938][ T26] audit: type=1326 audit(1769425471.030:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6779 comm="syz.0.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99c9b9aeb9 code=0x7fc00000 [ 191.455000][ T26] audit: type=1326 audit(1769425471.030:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6779 comm="syz.0.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99c9b9aeb9 code=0x7fc00000 [ 191.539897][ T3599] usb 6-1: USB disconnect, device number 6 [ 191.590941][ T26] audit: type=1326 audit(1769425471.030:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6779 comm="syz.0.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99c9b9aeb9 code=0x7fc00000 [ 192.122026][ T6832] loop6: detected capacity change from 0 to 512 [ 192.302784][ T6835] loop4: detected capacity change from 0 to 2048 [ 192.372081][ T6835] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 192.653764][ T6842] loop7: detected capacity change from 0 to 256 [ 192.706127][ T6842] exfat: Deprecated parameter 'namecase' [ 192.779142][ T6842] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 193.183516][ T6852] loop6: detected capacity change from 0 to 4096 [ 193.279213][ T6860] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 193.466297][ T5085] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 193.658609][ T6833] loop0: detected capacity change from 0 to 32768 [ 193.665579][ T5085] usb 6-1: Using ep0 maxpacket: 16 [ 193.672655][ T5085] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 193.703807][ T5085] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 193.778367][ T5085] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 193.840652][ T5085] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 193.883960][ T5085] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 193.936405][ T5085] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 193.974008][ T5085] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 194.033276][ T5085] usb 6-1: Manufacturer: syz [ 194.057043][ T5085] usb 6-1: config 0 descriptor?? [ 194.158673][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.165266][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.317050][ T6884] netlink: 48 bytes leftover after parsing attributes in process `syz.7.773'. [ 194.564501][ T5085] rc_core: IR keymap rc-hauppauge not found [ 194.570495][ T5085] Registered IR keymap rc-empty [ 194.584466][ T5085] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 194.622368][ T5085] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 194.660276][ T5085] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 194.707721][ T5085] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input18 [ 194.829850][ T5085] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 194.914146][ T5085] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 194.964398][ T5085] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 194.977730][ T6905] loop6: detected capacity change from 0 to 256 [ 194.997475][ T6896] loop7: detected capacity change from 0 to 8192 [ 195.004516][ T5085] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 195.045690][ T5085] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 195.068636][ T6896] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 195.084191][ T5085] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 195.124147][ T5085] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 195.154092][ T5085] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 195.184137][ T5085] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 195.223978][ T5085] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 195.243942][ T6896] REISERFS (device loop7): found reiserfs format "3.6" with non-standard journal [ 195.253825][ T6896] REISERFS (device loop7): using ordered data mode [ 195.256534][ T5085] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 195.281640][ T6896] reiserfs: using flush barriers [ 195.319187][ T6896] REISERFS (device loop7): journal params: device loop7, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 195.336015][ T5085] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 195.386244][ T5085] usb 6-1: USB disconnect, device number 7 [ 195.416575][ T6896] REISERFS (device loop7): checking transaction log (loop7) [ 195.436742][ T6896] REISERFS (device loop7): Using r5 hash to sort names [ 195.457169][ T6896] REISERFS warning (device loop7): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 195.484031][ T6896] REISERFS (device loop7): Created .reiserfs_priv - reserved for xattr storage. [ 195.536597][ T6904] loop4: detected capacity change from 0 to 8192 [ 195.684041][ T6221] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 195.906136][ T6221] usb 1-1: New USB device found, idVendor=0c70, idProduct=f010, bcdDevice= 0.00 [ 195.937218][ T6221] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.971971][ T6221] usb 1-1: config 0 descriptor?? [ 196.246953][ T6928] loop4: detected capacity change from 0 to 164 [ 196.253709][ T6927] loop7: detected capacity change from 0 to 256 [ 196.294317][ T5085] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 196.316394][ T6928] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 196.382100][ T6928] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 196.421125][ T6221] aquacomputer_d5next 0003:0C70:F010.000E: item fetching failed at offset 2/5 [ 196.442762][ T6928] Symlink component flag not implemented [ 196.452275][ T6221] aquacomputer_d5next: probe of 0003:0C70:F010.000E failed with error -22 [ 196.461569][ T6928] Symlink component flag not implemented [ 196.517418][ T5085] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 196.589639][ T5085] usb 7-1: New USB device found, idVendor=0810, idProduct=0001, bcdDevice= 0.00 [ 196.660446][ T5085] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.687503][ T5085] usb 7-1: config 0 descriptor?? [ 196.704387][ T6221] usb 1-1: USB disconnect, device number 6 [ 197.123313][ T5085] pantherlord 0003:0810:0001.000F: unknown main item tag 0x0 [ 197.168359][ T5085] pantherlord 0003:0810:0001.000F: unknown main item tag 0x0 [ 197.194031][ T5085] pantherlord 0003:0810:0001.000F: unknown main item tag 0x0 [ 197.201781][ T5085] pantherlord 0003:0810:0001.000F: unknown main item tag 0x0 [ 197.254217][ T5085] pantherlord 0003:0810:0001.000F: unknown main item tag 0x0 [ 197.282874][ T5085] pantherlord 0003:0810:0001.000F: hidraw0: USB HID v0.00 Device [HID 0810:0001] on usb-dummy_hcd.6-1/input0 [ 197.319498][ T5085] pantherlord 0003:0810:0001.000F: no output reports found [ 197.320043][ T6950] loop4: detected capacity change from 0 to 512 [ 197.360959][ T5085] usb 7-1: USB disconnect, device number 6 [ 197.452101][ T6950] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 197.494184][ T6950] ext4 filesystem being mounted at /195/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 197.613200][ T6964] loop0: detected capacity change from 0 to 1764 [ 197.802393][ T4448] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 197.809865][ T6968] netlink: 6 bytes leftover after parsing attributes in process `syz.7.799'. [ 197.840768][ T6962] fido_id[6962]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 197.870298][ T4267] EXT4-fs (loop4): unmounting filesystem. [ 198.454016][ T5297] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 198.644118][ T5297] usb 8-1: Using ep0 maxpacket: 8 [ 198.652656][ T5297] usb 8-1: config 179 has an invalid interface number: 65 but max is 0 [ 198.712747][ T5297] usb 8-1: config 179 has no interface number 0 [ 198.739999][ T5297] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 198.771935][ T5297] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 198.832585][ T5297] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 198.870516][ T5297] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 198.909860][ T5297] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 198.936418][ T5297] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 198.963305][ T5297] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.042678][ T6976] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 199.356162][ T7013] netlink: 'syz.5.818': attribute type 3 has an invalid length. [ 199.434189][ T6221] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 199.600032][ T5081] usb 8-1: USB disconnect, device number 2 [ 199.600235][ C0] xpad 8-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 199.614309][ C0] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 199.623758][ C0] ================================================================== [ 199.631874][ C0] BUG: KASAN: use-after-free in register_lock_class+0x7dd/0x870 [ 199.639578][ C0] Read of size 1 at addr ffff88807aeda091 by task syz-executor/4579 [ 199.647600][ C0] [ 199.649977][ C0] CPU: 0 PID: 4579 Comm: syz-executor Not tainted syzkaller #0 [ 199.657575][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 199.667693][ C0] Call Trace: [ 199.671013][ C0] [ 199.673886][ C0] dump_stack_lvl+0x188/0x24e [ 199.678604][ C0] ? __lock_acquire+0x7d10/0x7d10 [ 199.683668][ C0] ? show_regs_print_info+0x12/0x12 [ 199.688891][ C0] ? load_image+0x400/0x400 [ 199.693418][ C0] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 199.698913][ C0] ? __virt_addr_valid+0x188/0x540 [ 199.704064][ C0] ? __virt_addr_valid+0x465/0x540 [ 199.709245][ C0] ? register_lock_class+0x7dd/0x870 [ 199.714579][ C0] print_report+0xa8/0x210 [ 199.719022][ C0] kasan_report+0x10b/0x140 [ 199.723586][ C0] ? register_lock_class+0x7dd/0x870 [ 199.728923][ C0] register_lock_class+0x7dd/0x870 [ 199.734091][ C0] ? is_dynamic_key+0x260/0x260 [ 199.738987][ C0] ? __up_console_sem+0x149/0x1a0 [ 199.744048][ C0] ? console_lock+0x1c0/0x1c0 [ 199.748770][ C0] __lock_acquire+0x16f/0x7d10 [ 199.753566][ C0] ? mark_lock+0x94/0x320 [ 199.757931][ C0] ? __lock_acquire+0x13cf/0x7d10 [ 199.762984][ C0] ? __wake_up_klogd+0xd9/0x100 [ 199.767905][ C0] ? __lock_acquire+0x13cf/0x7d10 [ 199.772962][ C0] ? verify_lock_unused+0x140/0x140 [ 199.778202][ C0] lock_acquire+0x1bb/0x4a0 [ 199.782755][ C0] ? __wake_up+0x107/0x1a0 [ 199.787203][ C0] ? read_lock_is_recursive+0x10/0x10 [ 199.792604][ C0] _raw_spin_lock_irqsave+0xb0/0x100 [ 199.797918][ C0] ? __wake_up+0x107/0x1a0 [ 199.802353][ C0] ? _raw_spin_lock+0x40/0x40 [ 199.807064][ C0] __wake_up+0x107/0x1a0 [ 199.811431][ C0] ? __wake_up_bit+0x210/0x210 [ 199.816232][ C0] __usb_hcd_giveback_urb+0x396/0x520 [ 199.821651][ C0] dummy_timer+0xbf6/0x3090 [ 199.826224][ C0] ? mark_lock+0x94/0x320 [ 199.830595][ C0] ? lock_chain_count+0x20/0x20 [ 199.835474][ C0] ? dummy_free_streams+0x530/0x530 [ 199.840691][ C0] __hrtimer_run_queues+0x560/0xd70 [ 199.845913][ C0] ? dummy_free_streams+0x530/0x530 [ 199.851134][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 199.856270][ C0] ? ktime_get_update_offsets_now+0x3ce/0x3e0 [ 199.862390][ C0] hrtimer_run_softirq+0x183/0x2a0 [ 199.867528][ C0] handle_softirqs+0x2a1/0x930 [ 199.872308][ C0] ? __irq_exit_rcu+0x13b/0x230 [ 199.877183][ C0] ? do_softirq+0x210/0x210 [ 199.881705][ C0] ? irqtime_account_irq+0xb2/0x1b0 [ 199.886924][ C0] __irq_exit_rcu+0x13b/0x230 [ 199.891623][ C0] ? irq_exit_rcu+0x20/0x20 [ 199.896143][ C0] irq_exit_rcu+0x5/0x20 [ 199.900404][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 199.906153][ C0] [ 199.909103][ C0] [ 199.912054][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 199.918064][ C0] RIP: 0010:kasan_check_range+0x80/0x290 [ 199.923816][ C0] Code: ff 4d 89 c1 49 c1 e9 03 4b 8d 1c 21 49 89 df 4d 29 df 49 83 ff 10 7f 29 4d 85 ff 0f 84 38 01 00 00 4c 89 cb 48 f7 d3 4c 01 f3 <41> 80 3b 00 0f 85 86 01 00 00 49 ff c3 48 ff c3 75 ee e9 18 01 00 [ 199.943441][ C0] RSP: 0018:ffffc900032e7510 EFLAGS: 00000286 [ 199.949528][ C0] RAX: ffffea00018db101 RBX: ffffffffffffffff RCX: ffffffff81bf13ff [ 199.957534][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffea00018db1b0 [ 199.965623][ C0] RBP: ffffc900032e7850 R08: ffffea00018db1b3 R09: 1ffffd400031b636 [ 199.973624][ C0] R10: dffffc0000000000 R11: fffff9400031b636 R12: dffffc0000000001 [ 199.981796][ C0] R13: ffffea00018db180 R14: 1ffffd400031b636 R15: 0000000000000001 [ 199.989803][ C0] ? copy_page_range+0x13af/0x3900 [ 199.994957][ C0] copy_page_range+0x13af/0x3900 [ 199.999940][ C0] ? pfn_valid+0x450/0x450 [ 200.004390][ C0] ? up_write+0x1bb/0x420 [ 200.008745][ C0] ? vma_interval_tree_insert_after+0x245/0x2a0 [ 200.015017][ C0] copy_mm+0xec3/0x1690 [ 200.019201][ C0] ? copy_signal+0x680/0x680 [ 200.023815][ C0] ? lockdep_init_map_type+0x98/0x8d0 [ 200.029258][ C0] ? __init_rwsem+0x11e/0x160 [ 200.033993][ C0] ? copy_signal+0x556/0x680 [ 200.038614][ C0] copy_process+0x1979/0x4030 [ 200.043320][ C0] ? wp_page_reuse+0x374/0x670 [ 200.048118][ C0] ? copy_process+0x94d/0x4030 [ 200.052914][ C0] ? do_raw_spin_unlock+0x11d/0x230 [ 200.058142][ C0] ? idle_dummy+0x10/0x10 [ 200.062498][ C0] kernel_clone+0x24b/0x900 [ 200.067071][ C0] ? create_io_thread+0x170/0x170 [ 200.072118][ C0] ? __lock_acquire+0x7d10/0x7d10 [ 200.077181][ C0] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 200.083227][ C0] __x64_sys_clone+0x1a7/0x220 [ 200.088012][ C0] ? __might_fault+0xc2/0x120 [ 200.092710][ C0] ? __ia32_sys_vfork+0x140/0x140 [ 200.097763][ C0] ? lock_chain_count+0x20/0x20 [ 200.102655][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 200.107885][ C0] do_syscall_64+0x4c/0xa0 [ 200.112338][ C0] ? clear_bhb_loop+0x60/0xb0 [ 200.117038][ C0] ? clear_bhb_loop+0x60/0xb0 [ 200.121735][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 200.127732][ C0] RIP: 0033:0x7f2d561c3952 [ 200.132188][ C0] Code: 89 e7 e8 f1 8b f7 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 89 c5 85 c0 75 3b 64 48 8b 04 25 10 00 00 [ 200.151903][ C0] RSP: 002b:00007ffc7ae61d60 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 200.160339][ C0] RAX: ffffffffffffffda RBX: 00007ffc7ae61d60 RCX: 00007f2d561c3952 [ 200.168338][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 200.176419][ C0] RBP: 00007ffc7ae61eec R08: 0000000000000000 R09: 0000000000000001 [ 200.184670][ C0] R10: 000055555fa157d0 R11: 0000000000000246 R12: 0000000000000001 [ 200.192658][ C0] R13: 00000000000927c0 R14: 0000000000030ac5 R15: 00007ffc7ae61f40 [ 200.200676][ C0] [ 200.203713][ C0] [ 200.206061][ C0] Allocated by task 5297: [ 200.210401][ C0] kasan_set_track+0x4b/0x70 [ 200.215026][ C0] __kasan_kmalloc+0x8e/0xa0 [ 200.219638][ C0] xpad_probe+0x41d/0x1d30 [ 200.224099][ C0] usb_probe_interface+0x5c5/0xb20 [ 200.229355][ C0] really_probe+0x2aa/0xc70 [ 200.233976][ C0] __driver_probe_device+0x18c/0x330 [ 200.239289][ C0] driver_probe_device+0x4f/0x420 [ 200.244393][ C0] __device_attach_driver+0x2c6/0x510 [ 200.249818][ C0] bus_for_each_drv+0x184/0x210 [ 200.254872][ C0] __device_attach+0x2a8/0x480 [ 200.259663][ C0] bus_probe_device+0xbc/0x1e0 [ 200.264495][ C0] device_add+0xa00/0xfb0 [ 200.268863][ C0] usb_set_configuration+0x1991/0x1fd0 [ 200.274440][ C0] usb_generic_driver_probe+0x89/0x150 [ 200.279914][ C0] usb_probe_device+0x139/0x270 [ 200.284803][ C0] really_probe+0x2aa/0xc70 [ 200.289338][ C0] __driver_probe_device+0x18c/0x330 [ 200.294643][ C0] driver_probe_device+0x4f/0x420 [ 200.299688][ C0] __device_attach_driver+0x2c6/0x510 [ 200.305094][ C0] bus_for_each_drv+0x184/0x210 [ 200.309966][ C0] __device_attach+0x2a8/0x480 [ 200.314754][ C0] bus_probe_device+0xbc/0x1e0 [ 200.319543][ C0] device_add+0xa00/0xfb0 [ 200.323896][ C0] usb_new_device+0xd66/0x1650 [ 200.328766][ C0] hub_event+0x2dcf/0x5560 [ 200.333291][ C0] process_one_work+0x8a2/0x1160 [ 200.338428][ C0] worker_thread+0xaa2/0x1270 [ 200.343125][ C0] kthread+0x29d/0x330 [ 200.347242][ C0] ret_from_fork+0x1f/0x30 [ 200.351817][ C0] [ 200.354153][ C0] Freed by task 5081: [ 200.358146][ C0] kasan_set_track+0x4b/0x70 [ 200.362758][ C0] kasan_save_free_info+0x2d/0x50 [ 200.367801][ C0] ____kasan_slab_free+0x126/0x1e0 [ 200.372934][ C0] slab_free_freelist_hook+0x131/0x1a0 [ 200.378414][ C0] __kmem_cache_free+0xb6/0x1f0 [ 200.383299][ C0] xpad_disconnect+0x34c/0x470 [ 200.388193][ C0] usb_unbind_interface+0x1ee/0x860 [ 200.393693][ C0] device_release_driver_internal+0x522/0x850 [ 200.399800][ C0] bus_remove_device+0x2e2/0x400 [ 200.404767][ C0] device_del+0x6af/0xaf0 [ 200.409128][ C0] usb_disable_device+0x3e2/0x890 [ 200.414174][ C0] usb_disconnect+0x348/0x8a0 [ 200.418878][ C0] hub_event+0x1e50/0x5560 [ 200.423333][ C0] process_one_work+0x8a2/0x1160 [ 200.428305][ C0] worker_thread+0xaa2/0x1270 [ 200.433138][ C0] kthread+0x29d/0x330 [ 200.437265][ C0] ret_from_fork+0x1f/0x30 [ 200.441711][ C0] [ 200.444055][ C0] The buggy address belongs to the object at ffff88807aeda000 [ 200.444055][ C0] which belongs to the cache kmalloc-1k of size 1024 [ 200.458140][ C0] The buggy address is located 145 bytes inside of [ 200.458140][ C0] 1024-byte region [ffff88807aeda000, ffff88807aeda400) [ 200.471535][ C0] [ 200.473890][ C0] The buggy address belongs to the physical page: [ 200.480348][ C0] page:ffffea0001ebb600 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807aedb000 pfn:0x7aed8 [ 200.491840][ C0] head:ffffea0001ebb600 order:3 compound_mapcount:0 compound_pincount:0 [ 200.500189][ C0] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 200.508215][ C0] raw: 00fff00000010200 ffffea0001dd6a08 ffffea0001ee3608 ffff888017441dc0 [ 200.516819][ C0] raw: ffff88807aedb000 000000000010000b 00000001ffffffff 0000000000000000 [ 200.525532][ C0] page dumped because: kasan: bad access detected [ 200.531967][ C0] page_owner tracks the page as allocated [ 200.537696][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4270, tgid 4270 (syz-executor), ts 79766083732, free_ts 79753799061 [ 200.558830][ C0] post_alloc_hook+0x173/0x1a0 [ 200.563643][ C0] get_page_from_freelist+0x1a1e/0x1ab0 [ 200.569222][ C0] __alloc_pages+0x1ec/0x4f0 [ 200.573842][ C0] alloc_slab_page+0x5d/0x160 [ 200.578551][ C0] new_slab+0x87/0x2c0 [ 200.582735][ C0] ___slab_alloc+0xbc6/0x1240 [ 200.587462][ C0] __kmem_cache_alloc_node+0x1a0/0x260 [ 200.592946][ C0] __kmalloc_node_track_caller+0x9e/0x230 [ 200.598694][ C0] __alloc_skb+0x22a/0x7e0 [ 200.603143][ C0] inet6_rt_notify+0xb0/0x240 [ 200.607855][ C0] fib6_add+0x1db0/0x3d10 [ 200.612227][ C0] ip6_route_add+0x86/0x130 [ 200.616772][ C0] addrconf_permanent_addr+0x692/0xa00 [ 200.622261][ C0] addrconf_notify+0x986/0xf40 [ 200.627048][ C0] raw_notifier_call_chain+0xcb/0x160 [ 200.632554][ C0] __dev_notify_flags+0x194/0x300 [ 200.637630][ C0] page last free stack trace: [ 200.642329][ C0] free_unref_page_prepare+0x8b4/0x9a0 [ 200.647830][ C0] free_unref_page+0x2e/0x3f0 [ 200.652555][ C0] __unfreeze_partials+0x1a5/0x200 [ 200.657694][ C0] put_cpu_partial+0x17c/0x250 [ 200.662485][ C0] qlist_free_all+0x76/0xe0 [ 200.667011][ C0] kasan_quarantine_reduce+0x144/0x160 [ 200.672487][ C0] __kasan_slab_alloc+0x1e/0x80 [ 200.677395][ C0] slab_post_alloc_hook+0x4b/0x480 [ 200.682548][ C0] __kmem_cache_alloc_node+0x140/0x260 [ 200.688129][ C0] __kmalloc+0xa0/0x240 [ 200.692328][ C0] fib6_info_alloc+0x2e/0xe0 [ 200.697051][ C0] ip6_route_info_create+0x44f/0x1210 [ 200.702726][ C0] ip6_route_add+0x24/0x130 [ 200.707258][ C0] addrconf_add_dev+0x298/0x3a0 [ 200.712125][ C0] inet6_addr_add+0x19a/0x9b0 [ 200.716829][ C0] inet6_rtm_newaddr+0x673/0x900 [ 200.721796][ C0] [ 200.724145][ C0] Memory state around the buggy address: [ 200.730086][ C0] ffff88807aed9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 200.738192][ C0] ffff88807aeda000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 200.746269][ C0] >ffff88807aeda080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 200.754344][ C0] ^ [ 200.758954][ C0] ffff88807aeda100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 200.767033][ C0] ffff88807aeda180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 200.775221][ C0] ================================================================== [ 200.783310][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 200.790540][ C0] CPU: 0 PID: 4579 Comm: syz-executor Not tainted syzkaller #0 [ 200.798102][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 200.808197][ C0] Call Trace: [ 200.811518][ C0] [ 200.814389][ C0] dump_stack_lvl+0x188/0x24e [ 200.819189][ C0] ? memcpy+0x3c/0x60 [ 200.823283][ C0] ? show_regs_print_info+0x12/0x12 [ 200.828501][ C0] ? load_image+0x400/0x400 [ 200.833026][ C0] panic+0x2e5/0x730 [ 200.836950][ C0] ? __lock_acquire+0x7d10/0x7d10 [ 200.842092][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 200.846631][ C0] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 200.852559][ C0] ? _raw_spin_unlock+0x40/0x40 [ 200.857448][ C0] check_panic_on_warn+0x80/0xa0 [ 200.862442][ C0] ? register_lock_class+0x7dd/0x870 [ 200.867764][ C0] end_report+0x66/0x110 [ 200.872045][ C0] kasan_report+0x118/0x140 [ 200.876619][ C0] ? register_lock_class+0x7dd/0x870 [ 200.881931][ C0] register_lock_class+0x7dd/0x870 [ 200.887086][ C0] ? is_dynamic_key+0x260/0x260 [ 200.891963][ C0] ? __up_console_sem+0x149/0x1a0 [ 200.897012][ C0] ? console_lock+0x1c0/0x1c0 [ 200.901735][ C0] __lock_acquire+0x16f/0x7d10 [ 200.906525][ C0] ? mark_lock+0x94/0x320 [ 200.910880][ C0] ? __lock_acquire+0x13cf/0x7d10 [ 200.916013][ C0] ? __wake_up_klogd+0xd9/0x100 [ 200.920894][ C0] ? __lock_acquire+0x13cf/0x7d10 [ 200.925940][ C0] ? verify_lock_unused+0x140/0x140 [ 200.931177][ C0] lock_acquire+0x1bb/0x4a0 [ 200.935703][ C0] ? __wake_up+0x107/0x1a0 [ 200.940168][ C0] ? read_lock_is_recursive+0x10/0x10 [ 200.945661][ C0] _raw_spin_lock_irqsave+0xb0/0x100 [ 200.950971][ C0] ? __wake_up+0x107/0x1a0 [ 200.955425][ C0] ? _raw_spin_lock+0x40/0x40 [ 200.960214][ C0] __wake_up+0x107/0x1a0 [ 200.964497][ C0] ? __wake_up_bit+0x210/0x210 [ 200.969289][ C0] __usb_hcd_giveback_urb+0x396/0x520 [ 200.974690][ C0] dummy_timer+0xbf6/0x3090 [ 200.979219][ C0] ? mark_lock+0x94/0x320 [ 200.983573][ C0] ? lock_chain_count+0x20/0x20 [ 200.988462][ C0] ? dummy_free_streams+0x530/0x530 [ 200.993678][ C0] __hrtimer_run_queues+0x560/0xd70 [ 200.998907][ C0] ? dummy_free_streams+0x530/0x530 [ 201.004130][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 201.009265][ C0] ? ktime_get_update_offsets_now+0x3ce/0x3e0 [ 201.015369][ C0] hrtimer_run_softirq+0x183/0x2a0 [ 201.020503][ C0] handle_softirqs+0x2a1/0x930 [ 201.025287][ C0] ? __irq_exit_rcu+0x13b/0x230 [ 201.030169][ C0] ? do_softirq+0x210/0x210 [ 201.034692][ C0] ? irqtime_account_irq+0xb2/0x1b0 [ 201.039907][ C0] __irq_exit_rcu+0x13b/0x230 [ 201.044626][ C0] ? irq_exit_rcu+0x20/0x20 [ 201.049152][ C0] irq_exit_rcu+0x5/0x20 [ 201.053422][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 201.059263][ C0] [ 201.062213][ C0] [ 201.065250][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 201.071253][ C0] RIP: 0010:kasan_check_range+0x80/0x290 [ 201.076923][ C0] Code: ff 4d 89 c1 49 c1 e9 03 4b 8d 1c 21 49 89 df 4d 29 df 49 83 ff 10 7f 29 4d 85 ff 0f 84 38 01 00 00 4c 89 cb 48 f7 d3 4c 01 f3 <41> 80 3b 00 0f 85 86 01 00 00 49 ff c3 48 ff c3 75 ee e9 18 01 00 [ 201.096648][ C0] RSP: 0018:ffffc900032e7510 EFLAGS: 00000286 [ 201.102731][ C0] RAX: ffffea00018db101 RBX: ffffffffffffffff RCX: ffffffff81bf13ff [ 201.110805][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffea00018db1b0 [ 201.118810][ C0] RBP: ffffc900032e7850 R08: ffffea00018db1b3 R09: 1ffffd400031b636 [ 201.126797][ C0] R10: dffffc0000000000 R11: fffff9400031b636 R12: dffffc0000000001 [ 201.134784][ C0] R13: ffffea00018db180 R14: 1ffffd400031b636 R15: 0000000000000001 [ 201.142775][ C0] ? copy_page_range+0x13af/0x3900 [ 201.147918][ C0] copy_page_range+0x13af/0x3900 [ 201.152908][ C0] ? pfn_valid+0x450/0x450 [ 201.157358][ C0] ? up_write+0x1bb/0x420 [ 201.161719][ C0] ? vma_interval_tree_insert_after+0x245/0x2a0 [ 201.167985][ C0] copy_mm+0xec3/0x1690 [ 201.172167][ C0] ? copy_signal+0x680/0x680 [ 201.176773][ C0] ? lockdep_init_map_type+0x98/0x8d0 [ 201.182177][ C0] ? __init_rwsem+0x11e/0x160 [ 201.186876][ C0] ? copy_signal+0x556/0x680 [ 201.191502][ C0] copy_process+0x1979/0x4030 [ 201.196203][ C0] ? wp_page_reuse+0x374/0x670 [ 201.200999][ C0] ? copy_process+0x94d/0x4030 [ 201.205782][ C0] ? do_raw_spin_unlock+0x11d/0x230 [ 201.210994][ C0] ? idle_dummy+0x10/0x10 [ 201.215447][ C0] kernel_clone+0x24b/0x900 [ 201.219968][ C0] ? create_io_thread+0x170/0x170 [ 201.225024][ C0] ? __lock_acquire+0x7d10/0x7d10 [ 201.230109][ C0] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 201.236128][ C0] __x64_sys_clone+0x1a7/0x220 [ 201.240913][ C0] ? __might_fault+0xc2/0x120 [ 201.245621][ C0] ? __ia32_sys_vfork+0x140/0x140 [ 201.250680][ C0] ? lock_chain_count+0x20/0x20 [ 201.255577][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 201.260831][ C0] do_syscall_64+0x4c/0xa0 [ 201.265290][ C0] ? clear_bhb_loop+0x60/0xb0 [ 201.270087][ C0] ? clear_bhb_loop+0x60/0xb0 [ 201.274963][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 201.280880][ C0] RIP: 0033:0x7f2d561c3952 [ 201.285319][ C0] Code: 89 e7 e8 f1 8b f7 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 89 c5 85 c0 75 3b 64 48 8b 04 25 10 00 00 [ 201.304948][ C0] RSP: 002b:00007ffc7ae61d60 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 201.313473][ C0] RAX: ffffffffffffffda RBX: 00007ffc7ae61d60 RCX: 00007f2d561c3952 [ 201.321464][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 201.329494][ C0] RBP: 00007ffc7ae61eec R08: 0000000000000000 R09: 0000000000000001 [ 201.337491][ C0] R10: 000055555fa157d0 R11: 0000000000000246 R12: 0000000000000001 [ 201.345563][ C0] R13: 00000000000927c0 R14: 0000000000030ac5 R15: 00007ffc7ae61f40 [ 201.353573][ C0] [ 201.357193][ C0] Kernel Offset: disabled [ 201.361537][ C0] Rebooting in 86400 seconds..