last executing test programs: 4m55.902753982s ago: executing program 3 (id=3181): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x18000000000002a0, 0x22, 0x0, &(0x7f0000000340)="b9e6033168440372b89e14f00800a25e414debf30a4dd2ff4f22ffd1120000000000", 0x0, 0x9, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 4m55.573263034s ago: executing program 3 (id=3185): syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file2\x00', 0x2810812, &(0x7f0000000a00)={[{@overriderock}, {@iocharset={'iocharset', 0x3d, 'cp864'}}, {@check_strict}, {@map_normal}, {@iocharset={'iocharset', 0x3d, 'cp866'}}, {@nocompress}, {@map_normal}, {@cruft}, {@dmode={'dmode', 0x3d, 0x6c}}]}, 0x1, 0xa34, &(0x7f00000017c0)="$eJzs3c1vXFdfB/Dv9Uviuo+SPH1CKVHbTFKSuq1xbKdNibooiT1JXPyCbEdqxKIpjYOiGAotSG2F1BQhVkQggVjArmIFm0rd0A10Bzt2LJBQ/4WKVVj50b0zjsf2jMd2nDhJP59oZu6953fP+d2XuScznpkTHne96+ZWDq+bW1mpbrucv/rPDy1rnggXJ3/4+pu75e2rOzmQ3rxV/GsykKSW9CV5IemfmJyfm+lS0e3kepLvkyLJwTQet+V6ir/Oz9bmv0/xj2W7HR3YNMEurfCTtt/nHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPI6KicnR0bHiQKZmr75fa0hqm0xMzs8VWVnZXLK6TsN31ajfvd3bTYryloGB1aG+Xzi6Vvx8ktrJvNiYe7EakDwD+eLZ54+884u+ntX1O2XzQA6uq7Yv7XZH06eff3H7w+XlpU8617byZWMb9jTFx8Xl+uzUwtzUzIXL9drUwlzt/Llzo2euXFqoXZqari9cW1isz9Qm5usXFufma0MTr9XGzp8/W6uPXJu7Ont5cmS6vrrw7d8YHx09V3tv5HfqF+YX5mbPvDeyMHFlanp6avZyFVMWlzFvlyfib08t1hbrF2ZqtZu3lpfObsipd+POLoPGum1JGTTeLWh8dHx8bGx8fOyr5ujZ9xece+v8W2+PjvaNbpBNEQ/ppOXx8kznw7y3F3B4AD2N/j+ZzlRmczXvp9b230QmM5+5zHQob2r0/8V3p87Ut2y3tf9v9vJ9LcXHyruTebk5O9Ch/++Qy6P792k+zxe5nQ+znOUs5ZOdrN2///k/6L/LqWc2U1nIXKYykwvVklpzSS3ncy7nMpoPciXHs5BaLmUq06lnIdeykMXUqzNqIvOp50IWM5f51DKUibyWWsZyPudzNrXUM5JrmcvVzOZyJnOhquVmblX7/ewWOd4PGttO0PgWQRs78/Jc31n/X39a/yfI1u6uHfa9v4jDLq00+/8Da4vO/Hv70KGJR5YVAAAAsJd+7T9z6Ohz//G/SZGXqvflL01N19/d77QAAACAPVR9XO/F8qG/nHopRfn6f3S/0wIAAAD2UFF9x65IMpjjjanVb0J5EwAAAACeEtXf/19OcXxtgdf/AAAA8JTp/hv7XSOK4dWf/63daDzeaEY05orBS1PT9ZGJuel3xnK6+pWB6psGm2rrTYr+6usHr+dEI+rEYONxcK3Gss2BMmps5J2xvJ6TzQ0ZeqV8eGWoTeR4I/LVRuSrrZG9WRd5towEgKfdyS364+32/69nuBExfKzq8vuOtfbBfY2edVTPCgCPi/tj7Px/c0izNv1/M+LlTv3/m1u8/i8jnsvN442PFIzko3yc5dzIcJqfODjertbV0QgaH0MY7vJuwGBuZqVoFA1vej9g4P62rsauDvQy3PYdgZZ6i9Uczjbiug9rCABPhJNb9sPb6/+Ht3z939rn+kghADwOVg4m1Qj294ey7z7xZbui1dfGbYr2eRMBgA300gAAAAAAAAAAAAAAAAAAAAAAAAAAALD3tvWz//91OlleXkq2P0bAg08M7CTDrSd68ohy3veJ3iQ7Wqu409jLe9D6uzseSGKpPMYP0Oi/PPNAqz9VE+VB3PMKAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeNoVSW+75T3JwSSjSc48+qx2oe/ZbYXdeeiJPCK13a1W3Mu9fJZDe50OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBPXfP3/3vSeHy2sSh9PcmpJNeT/O5+57iX7u13AvvmD6r7lt//70n6s1Kkr3HYU/RPTM7PzZSHvzhYlv/w9Td3y1v3ujePqlBWULawbnCJZgstS/rXr/Xzaq3ByaVPb//Jx39Um7xYnZgXFy9NT85cnv+ttcDni28bQyC0DoOwmu+fnfq3v2lZfKDZ+Lfllra3sd1LVbuTm9v91XZrd2h3G24tL42XLS3W31/80z+89VlL0XM5kbwylAytb+n3y1uHlk5s3J/rFT8Wf1kcyt/nenX8y71RrBTlITpcbf8zN28tL4189PHyjWZOf/7ml+tyOpLjSW4kA9vP6Xh1PWmrOut6+stWR6ug8u5ol/q21FLjWIf9+vPqlBnc0TbUOm9Dpct+b2Z0tm1Gf/vHv8jpHR/p011abKv4sfif4kr+O3/RMv5HT3n8T6Xts7NNFVVky5nSWrbu6dXTiKy2fLy14IONdXZ8VvIQ/FV+L795//j3tFz/m8fq0VyPWlps/7xIdv68+KfDm3qUNVWPdHRDj9S8+nRap5nn0UZUhzx/JW8kfceaV5Qj28gzeaPLFeVhPf//oRjK/+WO8X8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHX5H0tlvek5xKciTJ4XK+lqxsjLmzi/Z6BovdpLlndpPzk6fouKHFvWr/H3rECQEAAAAAAADwkFyc/OHrb+6Wt+rvwb359Z5mSS3pS3Kk+Lv+icn5uZkuFfUn11f/pD+wsxyul3c/W5v/vpx7octK+/vxAQB4ov0yAAD//2zRYo8=") open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x88) 4m55.314231692s ago: executing program 3 (id=3188): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder1\x00', 0x800, 0x0) ioctl$BINDER_FREEZE(r0, 0x400c620e, &(0x7f0000000240)={0x0, 0x1, 0x74}) 4m55.139686149s ago: executing program 3 (id=3191): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000300)='./file0\x00', 0x2000004, &(0x7f0000000500)=ANY=[@ANYBLOB="00e3078fbb81fca067351e718b1742354077ee6bdefb8addaf7c0c235850b66dac0ba564a370a77264f1a57d44c84efc49fa6c64b9351ea8fd59a458a7791fedcc466b0eab6ca6dd32fcc642517fa3219450b91e3118bf2b9d3cfa562ea44c058252d29181c81c637c6ba7d179122eee61e5c9f68165b6abd469da8d90c0632f7265bb040411d5748c475bb33a7ce77afb2ea533f1653d8cb67dad989bb0a1c16881f0d91d6cbd3751c289aecf4a00"/185, @ANYBLOB="b12398658f5ec6488081d04c33b5a507b1cac8c4376c1895046a1e6e068e53d002eb4279796b4c014f4febee026f87bd0eea7d27598f7ff2687552fdd651", @ANYRESOCT=0x0, @ANYRES64], 0x1, 0x497, &(0x7f0000002480)="$eJzs281vG8Ufx/HPbGJnk/b3w31yC6qEJSSKiiix05I+gRRa0iL1gbYJAqEWhcYJVhMnitOqraCtxKFHoEggJA7l0AtCVZHgAgcOcOM/4MKtBy6YEycQms2sd+26JK0fEjfvl5R4vPv17uzM7OysdywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACC9/MpQf9Ysdy4AAEA7HTt1sj/H9R8AgFVlhPt/AACA1cTI0ycy+uHTsjkavF/gHykUz18cPThc/2O9JvhkVxBv//xsbmDnrhcGd4ev//35Zntcx0+NDGUOzEzPzuVLpfx4ZrRYODsznl/yFhr9fK3tQQFkps+dH5+YKGVyOwaqVl9M3e1Zk07tG0zvfzqMHT04PHwqFtOdeOi93+N+I/ykPF2XUfnj2+aYJE+Nl8UibafVeoOD2B4cxOjB4eBApgpjxXm70oQF4VWXSTIsozbURUM2SjZfJtmce7aEPJVktCldNscldYXl8GzwxfDiG/Cako0HZvN5WlJGHVBnK1iPPO2S0Y09Kb1myyys/27p/eXOHFquW55uy2jbS2VzIugP7Plku80jr2deLU7MxGKNcWdUp18f2mmF902+PB0LzviyObncmUHb2cHSaRntHLkQjCsUjEsf2zd46PBIfISxeZHt2NgdLr2Ua3IiNnQwyzSGAAAAAAAAAB51vvGC7+I+/8YP3mfcMyCsEsbT8zL683A5eDQen5fQFZvfUdHpz35am/9e/8DM7KW5wuS783XX9/lD75Tm58bO1l+tXnvyVX0dvtg8hgYljKfdMrr6z51ovylj064biHZ0a3+UN9/UrA3azf8X5rOEzxD2Dm+Op+tm+QGej6XcfumfgOYwxtOQjCa+3+LmfvTpnj7IxX0roz9ubnVxXtIGhadpKvjvTxSm8v029icZffl3GBtMM9MaF7shis3aWE9GHx2tjl3rYjdGsTkbe0hGP5+pH7spih2wsR/IaPb3TBjbZ2OfdLHpKHbH2Zmp8ZYV8Apn+/8rMlr/YsaEdenKy3WzXZXYW+9F/f212g3dp89vtP9PxZZdc+3wrm2vZ7YEbS9or1799npdRl9/t9XFLbSVpFu/Lvgftdc3ZDT5S3Vsn4tdH8Vml1ywHcLW/9syyhXvVMrG1b+rgdj1P1b/T9S2jhbV/7rYspTbb09zDh2SSpcunxubmsrPkSBBYgmJHq2IbCySCPvlh9/OMndMaAt7/f9MRm+e+LUy3nHXfzesjsZ/f12Jrv97azfUouv/+tiyvW40kuiW/Pnp2URa8kuXLj9XmB6bzE/miwO57J7+PTsHs4lkOLaLUg0X1SMp4e7VLnz4VeX+rHr8V3/831e7oRbV/waXzXCfUSfVlMNf9Wz9/yajt368U7mPtvV/sxJRPf4P77OeeWrhtXJ+tqj+N8aWpdx+/9eE4wYAAAAAAAAAAAAAAACATpcwnm7IyD/dbcLfRi1l/t89P5hq0fyvdGzZeJt+r9BwoQJAB/Dk6QsZbVPZXLUL1kpH4694pP0bAAD//3VdHM0=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 4m54.550319839s ago: executing program 3 (id=3198): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0xb15, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000180)={0xf0f03e, 0xfffffffd}) 4m54.046572347s ago: executing program 3 (id=3206): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000080)={[{@none}, {@favordynmods}, {@subsystem='cpuacct'}]}) 4m53.774348826s ago: executing program 32 (id=3206): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000080)={[{@none}, {@favordynmods}, {@subsystem='cpuacct'}]}) 1.648295463s ago: executing program 1 (id=7224): socketpair(0x1e, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000001200), 0xc, &(0x7f0000001400)={0x0, 0x124}}, 0x0) sendmmsg$alg(r0, &(0x7f0000001340)=[{0x0, 0x0, 0x0}], 0x7, 0x0) 1.546515286s ago: executing program 0 (id=7225): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x4, 0x8, 0xb}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000ff80850000002d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r1}, 0xc) 1.531658447s ago: executing program 2 (id=7226): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x8501) ioctl$SG_IO(r0, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000240)="9ed7f97978bd", 0x0, 0x3, 0x10000, 0x1, 0x0}) 1.481237098s ago: executing program 4 (id=7227): syz_mount_image$nilfs2(&(0x7f0000000140), &(0x7f0000000f00)='./file1\x00', 0x208800, &(0x7f0000003100)=ANY=[], 0x2, 0xf04, &(0x7f0000000f40)="$eJzs3U9sHNUZAPA3a6/txCZeAwUDJaTQikDBDkmkprcgUI+IS++gkNAIQ1FDD0T8MT0gKiGKhDhVHKi4UCqlSK0EqlShntqeWvXWE+qFSlUqBfXQRkpc2X5vvX72sOuxPbv2/n7St2/fvNn5vslazsx49m0AhlZj5fHkydkihHc/fefRl58qfru87K72GkdWHovYa4UQmh39Itve53HBtSsvndmsLcLxlcfUD49dbr92MoSwGI6Ez0IrfDS/8OWH7z1y9OPXJ2556+Izr+zS7rfl+wEAAPvRpT8v/P2+f/7pgZmrlw6fDuPt5en4vBX7k/G4/1g8UE7Hy42wvl90RKexbL2RGI1svZFsvdEsz2hJvma2nWbJemNd8o10LNtsPwEAAGAvSue1rVA05tb1G425udXz/mWfT48Vc8+dXzh3oU+FAgAAAJX959WVm26FEEIIIUSt0RyAGoQQQgxTLE33+woEAAAAMGzy+cI2WNzZmbraW2v1lv/yw43NXw87oO6ff/n3Vv4PXvMbBwCA6vbr0WTar3QcneYxyOcRHMlet9Xj/0a2ndEt1lk2r+C65cXgvk1l9ef/roOqrP6tvo/9UlZ/Ph/moCqrP5+nc1CV1T9ecx1VldU/UXMdVZXVf6DmOqoqq/9gzXVUVVb/ZM11VFVW/1TNdVRVVv8NNddRVVn9h2quo6qy+vfKbbVl9bdqrqOqsvpnaq6jqrL6b6y5jqrK6r+p5jqqKqv/5prr6Jc7Y5v+HQ5n453nz/k53V45xwMAAIBh9z/z/wkhhBAbYuU+iAGoQ4j9HcUA1CC+Ktp/7xuAWoQQ249X+3r1AQAAABgE6XMB6QPoS1EaH+kyPho/S7QyPrG2Qhpvdnn9WJfx8S7jAAAAQAi/e+PcbW8Xa5/z3+58eB3zRl0PFeYxyie622r+7c57tt38e2XeMgAAAIZL8b3Prt//6PsvzFy9dPh0x9nv9Xi+m+YBHY3XBj6J/XRfwFTWL9I59On1eRol6+XXB24o297j29xRAAAAGGLp/L0VisZcx3l3KzQac3Nr5+OzoVmcO79w9ljsp+9n+eN0c3x5+UM11w0AAAD0bu18f/Pz//Q9vrNhrJh77vzCuQur/an28maj87rA9NryovO6QCtbfrxk+YnYT9/f+YPpAyvL5878cOGpnd55AAAAGBIXXrz4zJMLC2d/5IknnnjSftLv30wAAMBO++KLd5o/PjH1+9XP/6/Nf5c+/38k9ltxbr+/xBXSfQLpcwAbPq//xPo802XrPb9+vVa23kiM8azuiY7tLDuQvW6mLF9r/XbGSvJNZvmmsnz5PAWj2fop36FseT4/YVpvOluez8M4muUosvx3BwAAACg3/8Kzz89fePHig+efffLps0+ffe7E8VPfPXXq2EPfeWh+5b7++c67+wEAAIC9aO2m335XAgAAAAAAAAAAAAAAAAAAAMOrjq8T6/c+AgAAwLD796shhEUhhKgcS+P9r0EIIYQQQog9Eyvf7V5/3ka/rz8AAAAAw+falZfOhDARQlhuN7FY7Gi+9tZaq831K6t5Uzv14N9mliOtdvnhkXWvP7ij1TDsrsWfu9RusMM///LvrfwfvLaz+SfSk55//2WXjE9Xy3vv/C9nO/PfPtpj/nz/H6+W/2iW/97QW/6l97P8T1TLf1+W/2CP+Tfs//PV8t8f88/G/tF7es2//v0fj23ajwM95v92tv9PhV7zZ/vf6jFh5oGYHwCG0X69ASAdJaTj6MnYT/sbDzfDSPa6rR7/N7LtjG678vXbTcdBt8Z+Ol6ayvImW61/MtveDRXrzOV1Daqy+nfqfdxtZfU3a66jqrL6x2quo6qy+sdrrqOqsvonaq6jqrL6ez0P7bey+vfKdeWy+idrrqOqsvqnaq6jqrL6t/r/eL+U1X+o5jqqKqt/uuY6qiqrv+JltdqV1T9Tcx1VldV/Y811VFVW/00111FVWf0311xHv9wR27Lz4XT+OR3HUr+V9cc3+bfcr9cWAAAAYK/519DO/xevdPS9DiGEEELs1ZgY9GOJZFe2P7rL2xd1x3+XVvW7DiHE7sXSUt1XHBgku/tpZgAGld//w837P9y8/8PN+89XSffwF1k/GekyPtplvNllfCwbz39ex7uM35Rtdyld14xu7jL+tS7jh7qM39plfLbL+G1dxm/vMn5Hl3EAAACGwy2xdX4IAAAA+9fLv/rkzd/c+8SVmauXDp8OYxvmnT8W++Pxb+tvxH4+733SjH/z/0ns/yK2f4jtP7L13X8CAAAAuy99T4y//wMAAMD+lb6n1Pk/AAAA7F8zsXX+DwAAAPvXjbF1/g8AAAD7WDGx+eLYpusCd8e213n9AIDB9/XY3hnbw7G9K7bfiG06Drgntt+sqT4AYOf8/Ps/PfV2sTbf/4ls/FpcntoNFlevFBSN9TP5H4jtwdh+q8d68u8D6DV/cqjHPLuVf3qb+QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/aOx8njy5GwRwrufvvPoz8be/OvysrvaaxxZeSxirxVCaLZfl0bX+r+OK1678tKZzvZ6bItwPBShaC8Pj11uZ5oMISyGI+Gz0AofzS98+eF7jxz9+PWJW966+Mwru/hPsG7/AAAAYD/6fwAAAP//ScMebw==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSLABEL(r0, 0x40106e8c, &(0x7f0000000100)) 1.354575713s ago: executing program 5 (id=7228): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c000240000000000000000908000340"], 0xdc}}, 0x0) 1.354334453s ago: executing program 0 (id=7229): r0 = syz_open_dev$loop(&(0x7f0000000540), 0x3ff, 0x22800) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000680)={'\x00', 0x6, 0x1, 0x7cd5b8c2, 0x5, 0xe9}) 1.327376104s ago: executing program 1 (id=7230): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x2, 0xfe, 0x7fff0006}]}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) clock_nanosleep(0xfffffff2, 0x0, &(0x7f0000000140)={0x77359400}, 0x0) 1.289477695s ago: executing program 2 (id=7231): r0 = socket$netlink(0x10, 0x3, 0x8000000004) capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) writev(r0, &(0x7f0000000140)=[{&(0x7f00000001c0)="580000001400192340834b80040d8c560a067f024e22000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100070c10000000010000000000", 0x58}], 0x1) 1.12646107s ago: executing program 5 (id=7232): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0xd0}, @printk={@d, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x17}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xe, 0x0, &(0x7f0000000300)="0101000071a78326c799dbe888a8", 0x0, 0x1, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1.126198661s ago: executing program 0 (id=7233): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x4010, &(0x7f0000000200)={[{@jqfmt_vfsv1}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@norecovery}, {@commit={'commit', 0x3d, 0x5}}, {@nombcache}]}, 0x8, 0x5fc, &(0x7f00000004c0)="$eJzs3c1vFVUbAPBnpp+07/u2kDcqLqSJMZAoLS1giDER9oTgx85VpYUghRJao0USS4IbE+PGhYkrF+J/oSRuXbh14caVISHGsBBD5Jq5nSnT23tLv+69pff3S4aeM8Odc6bw9Jl7es7cADrWSPZHGrE/Iq4mEUOlY92RHxxZ+nv3/7xxLtuSqFTe/iOJG58ki+VzJfnXwfzF/wxF8nMasa9rdbtzC9cvTc7MTF/L62Pzl6+OzS1cP3zx8uSF6QvTVyZenThx/NjxE+NHtnR9aal8+tb7Hw59dubdb79+mIx/9+uZJE7Go7xv2XXVvrZvSy1n37ORqCx5UN6ffV9PbPHcO8VfQ8X/k8eS2h3sWOcjIouwnoh4Noaiq/SvORSfvtnWzgFNVUmiyFFAx0k2Ff/9298RoMWK+4DivX2998GrpU2+KwFa4d6ppQGppdjviYgi/ruXxgajvzo2MHA/WTHOk+TjBluVtfHTj2duZVs0GIcDmmPxZjHKXZv/k2psDkd/tTZwP10R/2lpy/a/tcn2R2rq4h9aZ/FmRDyX5//e2FD8j5Ti/71Nti/+AQAAAAAAYPvcORURr9Sb/5cuz//prTP/ZzAiTm5D+0/+/V96Ny8k29AcUHLvVMTrdef/Ls/xHe7Ka/+tzgfoSc5fnJk+EhH/i4hD0dOX1cdrzlueIXz4831fNWq/PP8v27L2i7mA+ZnudtcsxJ2anJ/c6nUDEfduRjxfnf97IN+zcv5Plv+TOvk/i++r62xj30u3zzY69uT4B5ql8k3Ewbr5//HtdrL28znGqvcDY8VdwWovfPzF943aF//QPln+H1g7/vuS8vN65jZ2/t6IOLrQXWl0fLP3/73JO13F+TMfTc7PXxuP6E1Or94/sbE+w25VxEMRL1n8H3px7fG/5fv/UhzuiYjFdbb5zKPB3xodk/+hfbL4n1o7/w+vzP8bL0zcHv6hUftn15X/j1Vz+qF8j/E/KFv9PI71BmhbugsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT7k0Iv4TSTq6XE7T0dGIwYj4fwykM7Nz8y+fn/3gylR2rPr5/2nxSb9DS/Wk+Pz/4VJ9oqZ+NCL2RsSXXXuq9dFzszNT7b54AAAAAAAAAAAAAAAAAAAA2CEGq2v+K3216/8zv3e1u3dA03XnX8U7dJ7uTb+y0retHQFabvPxDzzt1h//PU3tB9B6jeP/wcNKVUu7A7SQ+3/oXJuMf78ugF1A/odOtc4xvf5m9wNoB/kfAAAAAAB2lb0H7vySRMTia3uqW6Y3P2ayP+xuabs7ALSNObzQubpn290DoF28xweS5dLfdRf7N579nzSnQwAAAAAAAAAAAADAKgf3W/8PnWrt9f/m9sNutsb6/3rB73EBsIs0/ugPuR92O+/xgSdle+v/AQAAAAAAAAAAAGAH6L9+aXJmZvra3MLTV3hjZ3RjY4XFyR3RjW0tPGrOmXsiYmdcYKsLxSM42tiNNv9cAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlv0bAAD//1VjJ6k=") r0 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8b0b, &(0x7f0000000200)={'virt_wifi0\x00', @remote}) 1.052162113s ago: executing program 1 (id=7234): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000a00)={0x3, &(0x7f0000000940)=[{0x20, 0x7f, 0x6, 0xfffff00c}, {0x28, 0x0, 0x1, 0x5ae9}, {0x6, 0x9, 0xa1, 0x1000}]}, 0x10) sendmmsg$inet(r0, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x3ec0}], 0x1}}], 0x400000000000292, 0x0) 982.826495ms ago: executing program 4 (id=7235): syz_mount_image$fuse(0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000'], 0x1, 0x0, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default trusted:syz -922337'], 0x2d, 0xfffffffffffffff9) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) 922.480298ms ago: executing program 2 (id=7236): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015"], 0x38}, 0x1, 0x300}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 889.875829ms ago: executing program 5 (id=7237): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x0, 0x25dfdbfb, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}]}, 0x2c}}, 0x0) 743.235254ms ago: executing program 4 (id=7238): r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x22) 590.55098ms ago: executing program 0 (id=7239): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000090037d1d90e997bca3b08"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x94) r0 = socket$kcm(0xa, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8918, &(0x7f0000000000)={r0}) 590.32668ms ago: executing program 5 (id=7240): r0 = socket$kcm(0x11, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0xdd86, 0x2c}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000080)='b', 0x28}], 0x1}, 0x0) 570.8732ms ago: executing program 2 (id=7241): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000080), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x300, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="410000000000000001000603000014000300060a0004090300f006e8ffffffffffff070007003a3a0909140002"], 0x44}, 0x1, 0x1000000}, 0x200000000000000) 541.802611ms ago: executing program 1 (id=7242): timer_create(0x0, 0x0, &(0x7f0000000340)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00') preadv(r0, &(0x7f0000002380)=[{&(0x7f0000000200)=""/122, 0x7a}], 0x1, 0x0, 0x0) 438.570885ms ago: executing program 4 (id=7243): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001840), r0) sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000001880)={0x2c, r1, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x355}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4020}, 0x8084) 406.609046ms ago: executing program 5 (id=7244): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000900000006000009080004000000000008000500e0000002040007"], 0x34}, 0x2, 0x34005, 0x0, 0x24080040}, 0x24000000) 361.426557ms ago: executing program 0 (id=7245): r0 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) keyctl$setperm(0x5, r0, 0x8) add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc2}, &(0x7f00000002c0)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd780bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138", 0x18}, 0x48, 0xffffffffffffffff) 332.494518ms ago: executing program 2 (id=7246): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='yeah', 0x4) getsockopt$inet_tcp_buf(r0, 0x6, 0x1a, 0x0, &(0x7f0000000040)) 332.264808ms ago: executing program 1 (id=7247): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket(0x1d, 0x2, 0x6) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, 0x0, 0x801, {0x2, 0x0, 0x2}}, 0x18) 190.474193ms ago: executing program 4 (id=7248): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000200)={0x2, 0x2, 0x4, 0xadeb, 0x7, "ea710e00000000f91500ff000200", 0xffffffff, 0xfffeffff}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000001280)=0xff) 161.890574ms ago: executing program 0 (id=7249): unshare(0x22020400) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000500)=@abs={0x1, 0x0, 0x4e23}, 0x8a) 151.529745ms ago: executing program 2 (id=7250): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) getsockopt$bt_hci(r0, 0x84, 0x1f, &(0x7f0000000080)=""/4057, &(0x7f0000001180)=0xfd9) 62.563898ms ago: executing program 5 (id=7251): r0 = semget$private(0x0, 0x4000000009, 0x42a) semop(r0, &(0x7f00000001c0)=[{0x3, 0x204}, {0x3, 0x0, 0x1000}], 0x2) semctl$GETNCNT(r0, 0x3, 0xe, 0x0) 62.296358ms ago: executing program 1 (id=7252): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xd845}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a5c000000060a010400000000000000000a0000040900010073797a31000000000900020073797a3200000000300004802c0001800a0001006d6174636800c9211c00028008000240000000020800030000000d0008000100736574"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010) 0s ago: executing program 4 (id=7253): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000600)={'8255\x00', [0x4f27, 0x2, 0x3, 0xc466, 0x4, 0xcc7, 0xc9, 0x5c952399, 0x5, 0x1000, 0x802, 0x1607, 0x1, 0x6, 0xc, 0x81, 0x6fd5, 0x4, 0x3ff, 0x2, 0x8, 0x0, 0x0, 0xfffffff5, 0x475c, 0x3, 0x10002, 0x8, 0x0, 0x7fffffe, 0x6]}) kernel console output (not intermixed with test programs): ncate cleaned up [ 565.164885][T17477] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 565.178719][ T5044] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 565.289279][T17477] Quota error (device loop1): do_check_range: Getting block 196613 out of range 0-5 [ 565.398974][ T5044] usb 3-1: Using ep0 maxpacket: 8 [ 565.418961][T17485] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set [ 565.440219][ T5044] usb 3-1: config 0 has an invalid descriptor of length 112, skipping remainder of the config [ 565.500069][ T5044] usb 3-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=5f.0e [ 565.531093][ T5044] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 565.548008][ T5044] usb 3-1: config 0 descriptor?? [ 565.569976][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 565.615291][ T5044] usb 3-1: bad CDC descriptors [ 565.673098][ T5044] usb 3-1: bad CDC descriptors [ 565.678448][ T5044] cdc_acm 3-1:0.0: Control and data interfaces are not separated! [ 565.733742][ T5044] cdc_acm 3-1:0.0: This needs exactly 3 endpoints [ 565.761205][ T5044] cdc_acm: probe of 3-1:0.0 failed with error -22 [ 565.812460][ T5044] usb 3-1: USB disconnect, device number 22 [ 566.389935][T17530] loop1: detected capacity change from 0 to 512 [ 566.460481][T17500] loop5: detected capacity change from 0 to 32768 [ 566.570499][T17530] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 566.583108][T17500] ERROR: (device loop5): diAllocAG: error reading iag [ 566.583108][T17500] [ 566.603452][T17500] ialloc: diAlloc returned -5! [ 567.197654][ T7012] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 567.428596][ T7012] usb 3-1: Using ep0 maxpacket: 16 [ 567.440800][ T7012] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 567.475837][T17569] netlink: 'syz.0.5964': attribute type 3 has an invalid length. [ 567.480379][ T7012] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.535399][T17569] netlink: 766 bytes leftover after parsing attributes in process `syz.0.5964'. [ 567.553019][ T7012] usb 3-1: Product: syz [ 567.557305][ T7012] usb 3-1: Manufacturer: syz [ 567.579213][ T7012] usb 3-1: SerialNumber: syz [ 567.601930][ T7012] usb 3-1: config 0 descriptor?? [ 567.641314][ T7012] visor 3-1:0.0: Sony Clie 3.5 converter detected [ 567.797964][T17578] loop4: detected capacity change from 0 to 256 [ 567.871772][T17579] delete_channel: no stack [ 567.912109][T17578] FAT-fs (loop4): Directory bread(block 64) failed [ 567.937192][T17583] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5969'. [ 567.950871][T17578] FAT-fs (loop4): Directory bread(block 65) failed [ 567.957570][T17578] FAT-fs (loop4): Directory bread(block 66) failed [ 567.984921][T17583] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5969'. [ 568.015381][T17578] FAT-fs (loop4): Directory bread(block 67) failed [ 568.039635][T17583] netlink: 5 bytes leftover after parsing attributes in process `syz.1.5969'. [ 568.045921][ T7012] usb 3-1: clie_3_5_startup: get interface number failed: -71 [ 568.060383][T17578] FAT-fs (loop4): Directory bread(block 68) failed [ 568.099231][T17578] FAT-fs (loop4): Directory bread(block 69) failed [ 568.099700][ T7012] visor: probe of 3-1:0.0 failed with error -71 [ 568.106168][T17578] FAT-fs (loop4): Directory bread(block 70) failed [ 568.182348][ T7012] usb 3-1: USB disconnect, device number 23 [ 568.188359][T17578] FAT-fs (loop4): Directory bread(block 71) failed [ 568.188605][T17578] FAT-fs (loop4): Directory bread(block 72) failed [ 568.208806][T17578] FAT-fs (loop4): Directory bread(block 73) failed [ 568.374896][ T26] audit: type=1800 audit(1781856841.846:330): pid=17578 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.5967" name="memory.swap.current" dev="loop4" ino=1048658 res=0 errno=0 [ 568.380803][T17578] FAT-fs (loop4): error, invalid access to FAT (entry 0x00006a61) [ 568.466305][T17592] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 568.473730][T17592] IPv6: NLM_F_CREATE should be set when creating new route [ 568.481113][T17592] IPv6: NLM_F_CREATE should be set when creating new route [ 568.985516][T17610] loop0: detected capacity change from 0 to 8 [ 569.088857][ T5044] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 569.187810][T17612] loop1: detected capacity change from 0 to 4096 [ 569.213335][T17612] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 569.283028][ T5044] usb 5-1: Using ep0 maxpacket: 8 [ 569.298517][ T5044] usb 5-1: unable to get BOS descriptor or descriptor too short [ 569.319721][ T5044] usb 5-1: config 6 has an invalid interface number: 212 but max is 1 [ 569.352407][ T5044] usb 5-1: config 6 has an invalid interface number: 188 but max is 1 [ 569.391614][ T5044] usb 5-1: config 6 has no interface number 0 [ 569.418760][ T5044] usb 5-1: config 6 has no interface number 1 [ 569.438810][ T5044] usb 5-1: config 6 interface 212 has no altsetting 0 [ 569.491902][ T5044] usb 5-1: config 6 interface 188 has no altsetting 0 [ 569.527434][ T5044] usb 5-1: New USB device found, idVendor=04c8, idProduct=0720, bcdDevice=b6.51 [ 569.553936][ T5044] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 569.582568][ T5044] usb 5-1: Product: syz [ 569.586818][ T5044] usb 5-1: Manufacturer: syz [ 569.618449][ T5044] usb 5-1: SerialNumber: syz [ 569.663760][T17628] netlink: 'syz.0.5991': attribute type 3 has an invalid length. [ 569.731013][T17628] netlink: 232 bytes leftover after parsing attributes in process `syz.0.5991'. [ 569.914405][ T5044] usb 5-1: USB disconnect, device number 21 [ 570.031401][ T26] audit: type=1326 audit(1781856843.506:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17637 comm="syz.1.5996" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc587d9ce59 code=0x7ffc0000 [ 570.066774][ T26] audit: type=1326 audit(1781856843.506:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17637 comm="syz.1.5996" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc587d9ce59 code=0x7ffc0000 [ 570.134374][ T26] audit: type=1326 audit(1781856843.536:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17637 comm="syz.1.5996" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7fc587d9ce59 code=0x7ffc0000 [ 570.251644][ T26] audit: type=1326 audit(1781856843.536:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17637 comm="syz.1.5996" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc587d9ce59 code=0x7ffc0000 [ 570.331138][ T26] audit: type=1326 audit(1781856843.536:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17637 comm="syz.1.5996" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc587d9ce59 code=0x7ffc0000 [ 570.930682][ T5302] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 570.943233][T17668] ./file0: Can't open blockdev [ 571.129034][ T5302] usb 5-1: Using ep0 maxpacket: 16 [ 571.140106][ T5302] usb 5-1: config 0 has an invalid interface number: 105 but max is 0 [ 571.195847][ T5302] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 571.216538][ T5302] usb 5-1: config 0 has no interface number 0 [ 571.225952][ T5302] usb 5-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.17 [ 571.282397][ T5302] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.298713][ T5302] usb 5-1: Product: syz [ 571.313393][ T5302] usb 5-1: Manufacturer: syz [ 571.327561][ T5302] usb 5-1: SerialNumber: syz [ 571.355843][ T5302] usb 5-1: config 0 descriptor?? [ 571.398395][ T5302] usb 5-1: Found UVC 0.00 device syz (046d:08d3) [ 571.423153][ T5302] usb 5-1: No valid video chain found. [ 571.542876][T17685] device wlan0 entered promiscuous mode [ 571.563586][T17685] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 571.640971][T17690] loop5: detected capacity change from 0 to 256 [ 571.684536][ T5044] usb 5-1: USB disconnect, device number 22 [ 571.761726][T17690] FAT-fs (loop5): Directory bread(block 64) failed [ 571.768360][T17690] FAT-fs (loop5): Directory bread(block 65) failed [ 571.808014][T17690] FAT-fs (loop5): Directory bread(block 66) failed [ 571.829119][T17690] FAT-fs (loop5): Directory bread(block 67) failed [ 571.835835][T17690] FAT-fs (loop5): Directory bread(block 68) failed [ 571.844133][T17694] netlink: 14 bytes leftover after parsing attributes in process `syz.2.6024'. [ 571.856145][T17690] FAT-fs (loop5): Directory bread(block 69) failed [ 571.863149][T17690] FAT-fs (loop5): Directory bread(block 70) failed [ 571.872445][T17690] FAT-fs (loop5): Directory bread(block 71) failed [ 571.879915][T17690] FAT-fs (loop5): Directory bread(block 72) failed [ 571.897861][T17690] FAT-fs (loop5): Directory bread(block 73) failed [ 572.931426][T17734] loop1: detected capacity change from 0 to 128 [ 572.983993][T17734] FAT-fs (loop1): Directory bread(block 162) failed [ 573.049430][T17734] FAT-fs (loop1): Directory bread(block 163) failed [ 573.056223][T17734] FAT-fs (loop1): Directory bread(block 164) failed [ 573.064285][T17737] cgroup: Need name or subsystem set [ 573.087731][T17734] FAT-fs (loop1): Directory bread(block 165) failed [ 573.115469][T17734] FAT-fs (loop1): Directory bread(block 166) failed [ 573.138927][T17734] FAT-fs (loop1): Directory bread(block 167) failed [ 573.149250][T17734] FAT-fs (loop1): Directory bread(block 168) failed [ 573.165944][T17734] FAT-fs (loop1): Directory bread(block 169) failed [ 573.178844][T17734] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 573.230497][T17734] FAT-fs (loop1): Directory bread(block 162) failed [ 573.279945][T17734] FAT-fs (loop1): Directory bread(block 163) failed [ 573.309733][T17734] syz.1.6044: attempt to access beyond end of device [ 573.309733][T17734] loop1: rw=3, sector=226, nr_sectors = 6 limit=128 [ 573.352344][T17734] syz.1.6044: attempt to access beyond end of device [ 573.352344][T17734] loop1: rw=2051, sector=232, nr_sectors = 2 limit=128 [ 573.462011][T17748] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 573.969482][T17768] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6061'. [ 574.458716][T17792] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6073'. [ 574.468834][ T5044] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 574.508715][ T5046] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 574.613062][ T26] audit: type=1326 audit(1781856848.086:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17797 comm="syz.5.6077" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0df9ce59 code=0x50000 [ 574.661190][ T5044] usb 1-1: config index 0 descriptor too short (expected 7768, got 18) [ 574.678838][ T5044] usb 1-1: config 0 has an invalid interface number: 115 but max is 0 [ 574.694655][ T5044] usb 1-1: config 0 has no interface number 0 [ 574.703312][ T5046] usb 5-1: Using ep0 maxpacket: 16 [ 574.710537][ T5046] usb 5-1: config 1 has an invalid interface number: 62 but max is 0 [ 574.723539][ T26] audit: type=1326 audit(1781856848.116:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17797 comm="syz.5.6077" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0df9ce59 code=0x50000 [ 574.747820][ T5044] usb 1-1: too many endpoints for config 0 interface 115 altsetting 116: 101, using maximum allowed: 30 [ 574.768742][ T5046] usb 5-1: config 1 has no interface number 0 [ 574.774925][ T5046] usb 5-1: config 1 interface 62 altsetting 253 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 574.788741][ T5044] usb 1-1: config 0 interface 115 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 101 [ 574.810810][ T5046] usb 5-1: config 1 interface 62 altsetting 253 bulk endpoint 0x3 has invalid maxpacket 768 [ 574.828707][ T26] audit: type=1326 audit(1781856848.116:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17797 comm="syz.5.6077" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0df9ce59 code=0x50000 [ 574.853099][ T5044] usb 1-1: config 0 interface 115 has no altsetting 0 [ 574.868724][ T5046] usb 5-1: config 1 interface 62 altsetting 253 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 574.882425][ T5044] usb 1-1: New USB device found, idVendor=0483, idProduct=3747, bcdDevice=52.4d [ 574.898739][ T5044] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.907489][ T5046] usb 5-1: config 1 interface 62 has no altsetting 0 [ 574.923300][ T5044] usb 1-1: config 0 descriptor?? [ 574.929324][ T5046] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 574.935258][ T26] audit: type=1326 audit(1781856848.116:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17797 comm="syz.5.6077" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0df9ce59 code=0x50000 [ 574.938520][ T5046] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 575.001163][ T5044] ftdi_sio 1-1:0.115: FTDI USB Serial Device converter detected [ 575.020632][ T5044] ftdi_sio ttyUSB0: unknown device type: 0x524d [ 575.044935][ T26] audit: type=1326 audit(1781856848.116:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17797 comm="syz.5.6077" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0df9ce59 code=0x50000 [ 575.096516][ T5046] usb 5-1: SerialNumber: syz [ 575.122618][T17782] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 575.125236][ T26] audit: type=1326 audit(1781856848.116:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17797 comm="syz.5.6077" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0df9ce59 code=0x50000 [ 575.231540][ T26] audit: type=1326 audit(1781856848.116:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17797 comm="syz.5.6077" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0df9ce59 code=0x50000 [ 575.242260][ T5044] usb 1-1: USB disconnect, device number 20 [ 575.306329][ T5044] ftdi_sio 1-1:0.115: device disconnected [ 575.325200][ T26] audit: type=1326 audit(1781856848.116:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17797 comm="syz.5.6077" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0df9ce59 code=0x50000 [ 575.380428][ T5046] cdc_acm 5-1:1.62: ttyACM0: USB ACM device [ 575.408074][ T5046] usb 5-1: USB disconnect, device number 23 [ 575.442738][ T26] audit: type=1326 audit(1781856848.116:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17797 comm="syz.5.6077" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0df9ce59 code=0x50000 [ 575.546973][ T26] audit: type=1326 audit(1781856848.116:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17797 comm="syz.5.6077" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0df9ce59 code=0x50000 [ 575.598372][ T26] audit: type=1326 audit(1781856848.136:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17797 comm="syz.5.6077" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0df9ce59 code=0x50000 [ 575.634354][ T26] audit: type=1326 audit(1781856848.146:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17797 comm="syz.5.6077" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f6d0df9ce59 code=0x50000 [ 575.658441][ T26] audit: type=1326 audit(1781856848.146:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17797 comm="syz.5.6077" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6d0df5d68e code=0x50000 [ 575.682784][ T26] audit: type=1326 audit(1781856848.146:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17797 comm="syz.5.6077" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f6d0df9ce59 code=0x50000 [ 575.983079][T17824] loop0: detected capacity change from 0 to 64 [ 576.409343][T17837] netlink: zone id is out of range [ 576.934320][T17860] netlink: 'syz.2.6107': attribute type 7 has an invalid length. [ 576.943929][T17860] netlink: 'syz.2.6107': attribute type 8 has an invalid length. [ 576.968820][ T5046] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 577.015057][T17862] netlink: 132 bytes leftover after parsing attributes in process `syz.5.6108'. [ 577.098903][ T5302] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 577.158716][ T5044] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 577.176664][ T5046] usb 5-1: config index 0 descriptor too short (expected 7768, got 18) [ 577.190505][ T5046] usb 5-1: config 0 has an invalid interface number: 115 but max is 0 [ 577.218788][ T5046] usb 5-1: config 0 has no interface number 0 [ 577.225081][ T5046] usb 5-1: too many endpoints for config 0 interface 115 altsetting 116: 101, using maximum allowed: 30 [ 577.241296][ T5046] usb 5-1: config 0 interface 115 altsetting 116 has 0 endpoint descriptors, different from the interface descriptor's value: 101 [ 577.268759][ T5046] usb 5-1: config 0 interface 115 has no altsetting 0 [ 577.285866][ T5046] usb 5-1: New USB device found, idVendor=0483, idProduct=3747, bcdDevice=52.4d [ 577.303557][ T5302] usb 1-1: Using ep0 maxpacket: 16 [ 577.305403][ T5046] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.317612][ T5302] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 255 [ 577.337383][ T5046] usb 5-1: config 0 descriptor?? [ 577.351119][ T5046] ftdi_sio 5-1:0.115: FTDI USB Serial Device converter detected [ 577.359631][ T5044] usb 2-1: Using ep0 maxpacket: 32 [ 577.366884][ T5044] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 577.368191][ T5302] usb 1-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 577.389635][ T5046] ftdi_sio ttyUSB0: unknown device type: 0x524d [ 577.399069][ T5044] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 577.426844][ T5044] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 577.453458][ T5302] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 577.457353][ T5044] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.473856][ T5302] usb 1-1: Product: syz [ 577.478094][ T5302] usb 1-1: Manufacturer: syz [ 577.487281][ T5302] usb 1-1: SerialNumber: syz [ 577.505239][ T5044] usb 2-1: config 0 descriptor?? [ 577.519486][ T5302] usb 1-1: config 0 descriptor?? [ 577.525267][T17852] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 577.528386][ T5044] hub 2-1:0.0: USB hub found [ 577.561447][ T5302] mcba_usb 1-1:0.0: Microchip CAN BUS Analyzer connected [ 577.576489][ T125] usb 5-1: USB disconnect, device number 24 [ 577.601610][ T125] ftdi_sio 5-1:0.115: device disconnected [ 577.722805][ T5044] hub 2-1:0.0: 26 ports detected [ 577.733452][ T5044] hub 2-1:0.0: insufficient power available to use all downstream ports [ 577.779934][ C1] mcba_usb 1-1:0.0 can0: Tx URB aborted (-71) [ 577.780895][ T5046] usb 1-1: USB disconnect, device number 21 [ 577.786127][ C1] mcba_usb 1-1:0.0 can0: Tx URB aborted (-71) [ 577.819412][ T5046] mcba_usb 1-1:0.0 can0: device disconnected [ 577.925129][ T5044] hub 2-1:0.0: hub_hub_status failed (err = -71) [ 577.942128][ T5044] hub 2-1:0.0: config failed, can't get hub status (err -71) [ 577.970034][ T5044] usbhid 2-1:0.0: can't add hid device: -71 [ 577.986923][ T5044] usbhid: probe of 2-1:0.0 failed with error -71 [ 578.019581][ T5044] usb 2-1: USB disconnect, device number 25 [ 578.874369][T17914] netlink: 132 bytes leftover after parsing attributes in process `syz.0.6129'. [ 579.231867][T17928] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6135'. [ 579.292904][T17928] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6135'. [ 579.430670][T17931] xt_l2tp: missing protocol rule (udp|l2tpip) [ 579.516529][T17935] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6138'. [ 579.556939][T17935] netlink: 140 bytes leftover after parsing attributes in process `syz.0.6138'. [ 580.611319][T17969] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 580.697706][T17063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 580.740164][T17063] bridge0: port 2(bridge_slave_1) entered blocking state [ 580.747385][T17063] bridge0: port 2(bridge_slave_1) entered forwarding state [ 580.827119][T17976] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 580.849005][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 580.887241][T17980] random: crng reseeded on system resumption [ 580.989307][ T4284] Bluetooth: hci0: unexpected event for opcode 0x2041 [ 581.028406][T17988] netlink: 'syz.0.6158': attribute type 21 has an invalid length. [ 581.109046][T17988] netlink: 132 bytes leftover after parsing attributes in process `syz.0.6158'. [ 581.624661][T18003] netlink: 'syz.5.6165': attribute type 1 has an invalid length. [ 581.649354][T18003] netlink: 'syz.5.6165': attribute type 1 has an invalid length. [ 581.929082][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 581.932848][T18010] netlink: 1010 bytes leftover after parsing attributes in process `syz.0.6167'. [ 581.987057][T18010] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 582.129377][T17983] loop1: detected capacity change from 0 to 32768 [ 582.164629][T18015] futex_wake_op: syz.2.6180 tries to shift op by 144; fix this program [ 582.218074][T18015] futex_wake_op: syz.2.6180 tries to shift op by 144; fix this program [ 582.963595][T18038] [U]  [ 583.215930][T18055] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6190'. [ 583.262245][T18055] IPv6: sit3: Disabled Multicast RS [ 583.289547][ T4285] Bluetooth: hci2: command 0x2016 tx timeout [ 583.392455][T18062] loop0: detected capacity change from 0 to 256 [ 583.487364][T18062] FAT-fs (loop0): Directory bread(block 64) failed [ 583.518776][T18062] FAT-fs (loop0): Directory bread(block 65) failed [ 583.525482][T18062] FAT-fs (loop0): Directory bread(block 66) failed [ 583.575391][T18062] FAT-fs (loop0): Directory bread(block 67) failed [ 583.592650][T18066] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6195'. [ 583.604986][T18062] FAT-fs (loop0): Directory bread(block 68) failed [ 583.638760][T18062] FAT-fs (loop0): Directory bread(block 69) failed [ 583.676554][T18062] FAT-fs (loop0): Directory bread(block 70) failed [ 583.698704][T18062] FAT-fs (loop0): Directory bread(block 71) failed [ 583.723456][T18062] FAT-fs (loop0): Directory bread(block 72) failed [ 583.758715][T18062] FAT-fs (loop0): Directory bread(block 73) failed [ 583.890076][ T26] audit: type=1800 audit(1781856857.366:350): pid=18062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.6193" name="memory.swap.current" dev="loop0" ino=1048660 res=0 errno=0 [ 583.921645][T18062] FAT-fs (loop0): error, invalid access to FAT (entry 0x00006a61) [ 584.071633][T18080] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.6202'. [ 584.246196][T18088] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6206'. [ 584.356672][T18090] loop4: detected capacity change from 0 to 512 [ 584.395293][T18090] EXT4-fs: Ignoring removed mblk_io_submit option [ 584.580242][T18090] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 584.651747][T18090] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.6207: attempt to clear invalid blocks 2 len 1 [ 584.675376][T18090] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 584.705434][T18090] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.6207: invalid indirect mapped block 1819239214 (level 0) [ 584.742424][T18090] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.6207: invalid indirect mapped block 1819239214 (level 1) [ 584.797265][T18090] EXT4-fs (loop4): 1 truncate cleaned up [ 584.818793][T18090] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 585.045304][ T4276] EXT4-fs (loop4): unmounting filesystem. [ 585.388106][T18129] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6224'. [ 585.617235][T18140] netlink: 'syz.5.6232': attribute type 1 has an invalid length. [ 585.707314][T18144] loop1: detected capacity change from 0 to 512 [ 585.771623][T18144] EXT4-fs error (device loop1): mb_free_blocks:1839: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 585.846684][T18144] EXT4-fs error (device loop1): ext4_do_update_inode:5279: inode #11: comm syz.1.6233: corrupted inode contents [ 585.868916][T18144] EXT4-fs error (device loop1): ext4_dirty_inode:6156: inode #11: comm syz.1.6233: mark_inode_dirty error [ 585.881743][T18144] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.6233: invalid indirect mapped block 1 (level 1) [ 585.896359][T18144] EXT4-fs error (device loop1): ext4_do_update_inode:5279: inode #11: comm syz.1.6233: corrupted inode contents [ 585.909611][T18144] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 585.923784][T18144] EXT4-fs error (device loop1): ext4_do_update_inode:5279: inode #11: comm syz.1.6233: corrupted inode contents [ 585.949938][T18144] EXT4-fs error (device loop1): ext4_truncate:4325: inode #11: comm syz.1.6233: mark_inode_dirty error [ 585.964266][T18144] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 585.975828][T18144] EXT4-fs (loop1): 1 truncate cleaned up [ 585.983464][T18144] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 585.998330][T18149] device wlan0 entered promiscuous mode [ 586.018685][ T5046] usb 1-1: new full-speed USB device number 22 using dummy_hcd [ 586.031321][T18149] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 586.048528][T18144] EXT4-fs error (device loop1): ext4_lookup:1858: inode #12: comm syz.1.6233: iget: bogus i_mode (3355) [ 586.141087][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 586.228782][ T125] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 586.251663][ T5046] usb 1-1: config 0 has an invalid interface number: 231 but max is 0 [ 586.266857][ T5046] usb 1-1: config 0 has no interface number 0 [ 586.275124][ T5046] usb 1-1: config 0 interface 231 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 586.299422][ T5046] usb 1-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 586.319212][ T5046] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.327319][ T5046] usb 1-1: Product: syz [ 586.359565][ T5046] usb 1-1: Manufacturer: syz [ 586.384717][ T5046] usb 1-1: SerialNumber: syz [ 586.417713][ T5046] usb 1-1: config 0 descriptor?? [ 586.424879][ T125] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config [ 586.436172][ T125] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 586.451950][T18146] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 586.471597][ T125] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 586.481305][ T5046] plusb 1-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.0-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, be:6c:71:3b:82:13 [ 586.494879][ T125] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.505622][ T125] usb 5-1: Product: syz [ 586.548912][ T125] usb 5-1: Manufacturer: syz [ 586.553758][ T125] usb 5-1: SerialNumber: syz [ 586.559087][ T5044] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 586.589750][ T125] rtl8150 5-1:1.0: couldn't find required endpoints [ 586.596560][ T125] rtl8150: probe of 5-1:1.0 failed with error -5 [ 586.758905][ T5044] usb 3-1: Using ep0 maxpacket: 8 [ 586.766361][ T5044] usb 3-1: config 0 has an invalid interface number: 7 but max is 0 [ 586.793847][ T7012] usb 5-1: USB disconnect, device number 25 [ 586.802016][ T5044] usb 3-1: config 0 has no interface number 0 [ 586.808176][ T5044] usb 3-1: config 0 interface 7 has no altsetting 0 [ 586.857825][ T5044] usb 3-1: New USB device found, idVendor=05da, idProduct=0094, bcdDevice=c3.32 [ 586.886807][ T5044] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.912852][ T5044] usb 3-1: Product: syz [ 586.917152][ T5044] usb 3-1: Manufacturer: syz [ 586.931639][ T5044] usb 3-1: SerialNumber: syz [ 586.936659][T18173] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6245'. [ 586.948825][ T5044] usb 3-1: config 0 descriptor?? [ 587.006728][T18173] IPv6: sit1: Disabled Multicast RS [ 587.186802][ T5044] usb 3-1: bad CDC descriptors [ 587.193389][ T5044] usb 3-1: bad CDC descriptors [ 587.220925][ T5044] microtek usb (rev 0.4.3): expecting 3 got 0 endpoints! Bailing out. [ 587.247660][ T5044] usb 3-1: USB disconnect, device number 24 [ 587.291425][T18185] loop5: detected capacity change from 0 to 64 [ 587.550624][T18192] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6250'. [ 587.578955][T18192] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6250'. [ 587.614261][T18192] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6250'. [ 587.902305][T18206] netdevsim netdevsim1: Firmware load for '..' refused, path contains '..' component [ 588.143513][T18212] loop5: detected capacity change from 0 to 512 [ 588.179554][T18212] EXT4-fs: Ignoring removed mblk_io_submit option [ 588.232607][T18212] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13 [ 588.259170][T18212] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #13: comm syz.5.6259: attempt to clear invalid blocks 2 len 1 [ 588.274410][T18212] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 588.289775][T18212] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.6259: invalid indirect mapped block 1819239214 (level 0) [ 588.304553][T18212] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.6259: invalid indirect mapped block 1819239214 (level 1) [ 588.322813][T18212] EXT4-fs (loop5): 1 truncate cleaned up [ 588.328816][T18212] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 588.534685][T18221] netlink: 129384 bytes leftover after parsing attributes in process `syz.2.6262'. [ 588.559196][T18222] xt_ipcomp: unknown flags 1D [ 588.591758][T11347] EXT4-fs (loop5): unmounting filesystem. [ 588.669557][ T5044] usb 1-1: USB disconnect, device number 22 [ 588.676577][ T5044] plusb 1-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.0-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 589.333600][T18249] random: crng reseeded on system resumption [ 590.107301][T18280] binder: 18279:18280 ioctl c018620c 0 returned -14 [ 591.165210][T18319] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 591.425641][T18330] sctp: [Deprecated]: syz.4.6307 (pid 18330) Use of int in max_burst socket option. [ 591.425641][T18330] Use struct sctp_assoc_value instead [ 591.687823][T18338] loop5: detected capacity change from 0 to 1024 [ 591.820122][T18338] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 591.998773][T18338] EXT4-fs error (device loop5): ext4_map_blocks:637: inode #3: block 2: comm syz.5.6312: lblock 2 mapped to illegal pblock 2 (length 1) [ 592.068398][T18338] Quota error (device loop5): qtree_write_dquot: dquota write failed [ 592.097000][T18338] EXT4-fs error (device loop5): ext4_map_blocks:637: inode #3: block 48: comm syz.5.6312: lblock 0 mapped to illegal pblock 48 (length 1) [ 592.118568][T18338] Quota error (device loop5): v2_write_file_info: Can't write info structure [ 592.118873][T18338] EXT4-fs error (device loop5): ext4_acquire_dquot:6841: comm syz.5.6312: Failed to acquire dquot type 0 [ 592.119972][T18338] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5952: Corrupt filesystem [ 592.141652][T18338] EXT4-fs error (device loop5): ext4_evict_inode:281: inode #11: comm syz.5.6312: mark_inode_dirty error [ 592.145390][T18338] EXT4-fs warning (device loop5): ext4_evict_inode:284: couldn't mark inode dirty (err -117) [ 592.145477][T18338] EXT4-fs (loop5): 1 orphan inode deleted [ 592.145508][T18338] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 592.158850][ T4336] EXT4-fs error (device loop5): ext4_map_blocks:637: inode #3: block 1: comm kworker/u4:7: lblock 1 mapped to illegal pblock 1 (length 1) [ 592.165119][ T4336] Quota error (device loop5): remove_tree: Can't read quota data block 1 [ 592.165175][ T4336] EXT4-fs error (device loop5): ext4_release_dquot:6877: comm kworker/u4:7: Failed to release dquot type 0 [ 592.326851][T11347] EXT4-fs (loop5): unmounting filesystem. [ 592.329116][T11457] EXT4-fs error (device loop5): ext4_map_blocks:637: inode #3: block 1: comm kworker/u4:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 592.329475][T11457] Quota error (device loop5): remove_tree: Can't read quota data block 1 [ 592.329509][T11457] EXT4-fs error (device loop5): ext4_release_dquot:6877: comm kworker/u4:9: Failed to release dquot type 0 [ 592.331877][T11347] EXT4-fs error (device loop5): __ext4_get_inode_loc:4520: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 592.339483][T11347] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5952: Corrupt filesystem [ 592.339694][T11347] EXT4-fs error (device loop5): ext4_quota_off:7147: inode #3: comm syz-executor: mark_inode_dirty error [ 593.284586][T18382] netlink: 'syz.1.6329': attribute type 28 has an invalid length. [ 593.329053][T18382] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6329'. [ 593.540719][T18389] loop5: detected capacity change from 0 to 128 [ 593.582450][T18389] VFS: Found a Xenix FS (block size = 1024) on device loop5 [ 593.599536][T18393] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6334'. [ 593.624355][T18393] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6334'. [ 593.820823][T11347] sysv_free_block: flc_count > flc_size [ 593.826472][T11347] sysv_free_block: flc_count > flc_size [ 593.838343][T11347] sysv_free_block: flc_count > flc_size [ 593.848499][T11347] sysv_free_block: flc_count > flc_size [ 593.854120][T11347] sysv_free_block: flc_count > flc_size [ 593.870992][ T26] audit: type=1326 audit(1781856867.346:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18400 comm="syz.2.6339" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 593.915657][T11347] sysv_free_block: flc_count > flc_size [ 593.928685][T11347] sysv_free_block: flc_count > flc_size [ 593.934347][T11347] sysv_free_block: flc_count > flc_size [ 593.978469][ T26] audit: type=1326 audit(1781856867.376:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18400 comm="syz.2.6339" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 594.008387][T11347] sysv_free_block: flc_count > flc_size [ 594.014010][T11347] sysv_free_block: flc_count > flc_size [ 594.059138][T11347] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 594.088812][ T26] audit: type=1326 audit(1781856867.376:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18400 comm="syz.2.6339" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 594.198326][ T26] audit: type=1326 audit(1781856867.376:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18400 comm="syz.2.6339" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 594.272189][T18414] vim2m vim2m.0: Fourcc format (0x47524247) invalid. [ 594.813999][ T4285] Bluetooth: hci0: unexpected event for opcode 0x2060 [ 594.828851][T18439] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6356'. [ 594.837906][T18439] netlink: 'syz.1.6356': attribute type 2 has an invalid length. [ 594.855530][T18439] netlink: 'syz.1.6356': attribute type 2 has an invalid length. [ 594.864119][T18439] netlink: 'syz.1.6356': attribute type 1 has an invalid length. [ 594.872894][T18439] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6356'. [ 595.058068][T18435] loop0: detected capacity change from 0 to 8192 [ 595.114435][T18435] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 595.158552][T18448] netlink: 'syz.2.6361': attribute type 1 has an invalid length. [ 595.166364][T18448] netlink: 192 bytes leftover after parsing attributes in process `syz.2.6361'. [ 595.178523][T18435] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 595.187851][T18435] REISERFS (device loop0): using ordered data mode [ 595.195685][T18435] reiserfs: using flush barriers [ 595.204556][T18435] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 595.221442][T18435] REISERFS (device loop0): checking transaction log (loop0) [ 595.230107][T18435] REISERFS (device loop0): Using r5 hash to sort names [ 595.241159][T18435] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 595.337660][T18450] xt_TCPMSS: Only works on TCP SYN packets [ 595.684163][T18460] loop5: detected capacity change from 0 to 2048 [ 595.717761][T18460] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 597.218145][ T7012] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 597.238083][ T125] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 597.428115][ T7012] usb 5-1: Using ep0 maxpacket: 8 [ 597.435446][ T7012] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 597.438579][ T125] usb 1-1: Using ep0 maxpacket: 16 [ 597.460035][ T125] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 597.476233][ T7012] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 597.478759][ T125] usb 1-1: config 0 has no interface number 0 [ 597.500927][ T125] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 597.514688][ T7012] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.524523][ T125] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 597.544561][ T7012] usb 5-1: config 0 descriptor?? [ 597.552198][ T125] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 597.566266][ T7012] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 597.586850][ T125] usb 1-1: Product: syz [ 597.593395][ T125] usb 1-1: SerialNumber: syz [ 597.622634][ T125] usb 1-1: config 0 descriptor?? [ 597.638080][ T125] cm109 1-1:0.8: invalid payload size 208, expected 4 [ 597.646248][ T125] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input23 [ 597.849516][ T26] audit: type=1326 audit(1781856871.296:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18543 comm="syz.2.6409" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 597.920718][ T26] audit: type=1326 audit(1781856871.366:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18543 comm="syz.2.6409" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 597.961140][ T26] audit: type=1326 audit(1781856871.366:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18543 comm="syz.2.6409" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 597.988242][ T7012] gspca_vc032x: reg_w err -71 [ 597.993049][ T7012] vc032x: probe of 5-1:0.0 failed with error -71 [ 598.014629][ T26] audit: type=1326 audit(1781856871.366:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18543 comm="syz.2.6409" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 598.039570][ T7012] usb 5-1: USB disconnect, device number 26 [ 598.082676][ T26] audit: type=1326 audit(1781856871.366:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18543 comm="syz.2.6409" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 598.115224][ C0] cm109 1-1:0.8: cm109_urb_irq_callback: urb status -71 [ 598.122519][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 598.134222][ T4667] usb 1-1: USB disconnect, device number 23 [ 598.141911][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 598.148924][ C0] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 598.163687][ T4667] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 598.204672][ T26] audit: type=1326 audit(1781856871.366:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18543 comm="syz.2.6409" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 598.284564][T18551] netlink: 'syz.1.6412': attribute type 4 has an invalid length. [ 598.300814][ T26] audit: type=1326 audit(1781856871.366:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18543 comm="syz.2.6409" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 598.367260][ T26] audit: type=1326 audit(1781856871.366:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18543 comm="syz.2.6409" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 598.697656][T18563] netlink: 'syz.4.6419': attribute type 1 has an invalid length. [ 598.713629][T18563] netlink: 112865 bytes leftover after parsing attributes in process `syz.4.6419'. [ 599.105726][T18581] netlink: 'syz.1.6427': attribute type 1 has an invalid length. [ 599.538095][ T125] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 599.737939][ T125] usb 1-1: Using ep0 maxpacket: 8 [ 599.745827][ T125] usb 1-1: unable to get BOS descriptor or descriptor too short [ 599.773914][ T125] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 599.818025][ T125] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 599.881214][ T125] usb 1-1: New USB device found, idVendor=2466, idProduct=8010, bcdDevice= 0.40 [ 599.912085][ T125] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 599.953467][ T125] usb 1-1: Product: syz [ 599.978210][ T125] usb 1-1: Manufacturer: syz [ 599.982894][ T125] usb 1-1: SerialNumber: syz [ 600.028166][T18615] xt_TCPMSS: Only works on TCP SYN packets [ 600.442800][ T125] usb 1-1: 0:2 : does not exist [ 600.500713][ T125] usb 1-1: USB disconnect, device number 24 [ 600.639102][ T5041] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 600.839508][ T5041] usb 2-1: Using ep0 maxpacket: 16 [ 600.852062][ T5041] usb 2-1: config 0 has too many interfaces: 66, using maximum allowed: 32 [ 600.897183][ T5041] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 66 [ 600.933604][ T5041] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 600.962665][ T5041] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 601.007957][ T5041] usb 2-1: Product: syz [ 601.012792][ T5041] usb 2-1: Manufacturer: syz [ 601.017440][ T5041] usb 2-1: SerialNumber: syz [ 601.054939][ T5041] r8152-cfgselector 2-1: config 0 descriptor?? [ 601.297635][ T5041] r8152-cfgselector 2-1: Unknown version 0x0000 [ 601.319561][ T5041] r8152-cfgselector 2-1: USB disconnect, device number 26 [ 601.524214][T18654] libceph: resolve '0..' (ret=-3): failed [ 601.666153][T18660] syz.0.6464 uses old SIOCAX25GETINFO [ 601.807926][ T5046] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 602.008247][ T5046] usb 6-1: Using ep0 maxpacket: 16 [ 602.019591][ T5046] usb 6-1: unable to get BOS descriptor or descriptor too short [ 602.047262][ T5046] usb 6-1: string descriptor 0 read error: -22 [ 602.059640][ T5046] usb 6-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 0.40 [ 602.077193][ T5046] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 602.343919][ T5046] snd-usb-audio: probe of 6-1:1.0 failed with error -2 [ 602.416459][ T4385] udevd[4385]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 602.552306][ T5046] usb 6-1: USB disconnect, device number 13 [ 603.786198][T18739] netlink: 80 bytes leftover after parsing attributes in process `syz.4.6504'. [ 604.669559][T18767] netlink: 'syz.1.6518': attribute type 1 has an invalid length. [ 604.823098][T18764] loop4: detected capacity change from 0 to 8192 [ 604.845038][T18772] loop5: detected capacity change from 0 to 256 [ 604.874221][T18764] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 604.903594][T18764] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 604.913858][T18764] REISERFS (device loop4): using ordered data mode [ 604.920522][T18764] reiserfs: using flush barriers [ 604.941524][T18764] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 604.958433][T18764] REISERFS (device loop4): checking transaction log (loop4) [ 604.985161][T18764] REISERFS (device loop4): Using r5 hash to sort names [ 604.995200][T18764] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 605.025700][T18772] FAT-fs (loop5): Directory bread(block 64) failed [ 605.037803][T18772] FAT-fs (loop5): Directory bread(block 65) failed [ 605.044507][T18772] FAT-fs (loop5): Directory bread(block 66) failed [ 605.082693][T18772] FAT-fs (loop5): Directory bread(block 67) failed [ 605.119322][T18772] FAT-fs (loop5): Directory bread(block 68) failed [ 605.135495][T18772] FAT-fs (loop5): Directory bread(block 69) failed [ 605.150103][T18772] FAT-fs (loop5): Directory bread(block 70) failed [ 605.156724][T18772] FAT-fs (loop5): Directory bread(block 71) failed [ 605.233564][T18772] FAT-fs (loop5): Directory bread(block 72) failed [ 605.254236][T18772] FAT-fs (loop5): Directory bread(block 73) failed [ 605.306084][ T26] audit: type=1326 audit(1781856878.777:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18780 comm="syz.1.6523" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc587d9ce59 code=0x7ffc0000 [ 605.470907][ T26] audit: type=1326 audit(1781856878.777:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18780 comm="syz.1.6523" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc587d9ce59 code=0x7ffc0000 [ 605.606016][ T26] audit: type=1326 audit(1781856878.807:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18780 comm="syz.1.6523" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc587d9ce59 code=0x7ffc0000 [ 605.670629][ T26] audit: type=1326 audit(1781856878.807:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18780 comm="syz.1.6523" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7fc587d9ce59 code=0x7ffc0000 [ 605.765399][ T26] audit: type=1326 audit(1781856878.807:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18780 comm="syz.1.6523" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc587d9ce59 code=0x7ffc0000 [ 605.884326][T18794] netlink: 'syz.2.6530': attribute type 32 has an invalid length. [ 605.927367][ T26] audit: type=1326 audit(1781856878.807:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18780 comm="syz.1.6523" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc587d9ce59 code=0x7ffc0000 [ 606.022757][ T26] audit: type=1326 audit(1781856878.807:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18780 comm="syz.1.6523" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc587d9ce59 code=0x7ffc0000 [ 606.157396][ T26] audit: type=1326 audit(1781856878.807:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18780 comm="syz.1.6523" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fc587d9ce59 code=0x7ffc0000 [ 606.237724][ T26] audit: type=1326 audit(1781856878.807:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18780 comm="syz.1.6523" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fc587d9ce59 code=0x7ffc0000 [ 606.304000][T18810] netlink: 'syz.1.6537': attribute type 2 has an invalid length. [ 607.185927][T18812] loop5: detected capacity change from 0 to 32768 [ 607.212382][T18812] (syz.5.6539,18812,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 607.272820][T18812] (syz.5.6539,18812,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 607.297737][ T5044] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 607.401684][T18812] JBD2: Ignoring recovery information on journal [ 607.426441][T18850] xt_nfacct: accounting object `syz0' does not exist [ 607.489390][ T5044] usb 5-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 607.508046][ T5044] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 607.541458][T18812] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 607.565408][ T5044] usb 5-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 607.607542][ T5044] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 607.636006][ T5044] usb 5-1: Product: syz [ 607.657273][ T5044] usb 5-1: Manufacturer: syz [ 607.668928][ T5044] usb 5-1: SerialNumber: syz [ 607.691091][ T5044] usb 5-1: config 0 descriptor?? [ 607.692198][ T5302] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 607.709270][ T26] audit: type=1326 audit(1781856881.187:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18856 comm="syz.2.6560" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 607.729209][ T5044] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 607.897070][T11347] ocfs2: Unmounting device (7,5) on (node local) [ 607.939283][ T5302] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 607.967501][ T5302] usb 2-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 607.995511][ T5302] usb 2-1: config 220 interface 0 has no altsetting 0 [ 608.020090][ T5302] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 608.057511][ T5302] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 608.075840][ T5302] usb 2-1: Product: syz [ 608.091133][ T5302] usb 2-1: Manufacturer: syz [ 608.106576][ T5302] usb 2-1: SerialNumber: syz [ 608.118707][ T5044] gspca_sunplus: reg_r err -71 [ 608.123713][ T5044] sunplus: probe of 5-1:0.0 failed with error -71 [ 608.135093][ T5044] usb 5-1: USB disconnect, device number 27 [ 608.363782][ T5302] usb 2-1: USB disconnect, device number 27 [ 608.398281][T18868] loop0: detected capacity change from 0 to 4096 [ 608.420147][T18868] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 609.142768][ T5044] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 609.337580][ T5044] usb 1-1: Using ep0 maxpacket: 16 [ 609.345616][ T5044] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 609.387587][ T5044] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 609.429561][ T5044] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 609.452758][ T5044] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 609.470098][ T5044] usb 1-1: Product: syz [ 609.474450][ T5044] usb 1-1: Manufacturer: syz [ 609.485028][ T5044] usb 1-1: SerialNumber: syz [ 609.492700][ T5044] r8152-cfgselector 1-1: config 0 descriptor?? [ 609.627563][T18913] netlink: 'syz.1.6587': attribute type 10 has an invalid length. [ 609.635512][T18913] netlink: 156 bytes leftover after parsing attributes in process `syz.1.6587'. [ 609.737877][ T5044] usbip-host 1-1: 1-1 is not in match_busid table... skip! [ 609.752647][ T4336] usb 1-1: config 0 descriptor?? [ 609.871116][T18917] loop5: detected capacity change from 0 to 8192 [ 609.917186][T18917] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 609.931249][ T4667] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 609.945164][T18917] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 609.967388][ T4336] usb 1-1: can't set config #0, error -71 [ 609.968305][ T5041] usb 1-1: USB disconnect, device number 25 [ 609.994026][T18917] REISERFS (device loop5): using ordered data mode [ 610.023923][T18917] reiserfs: using flush barriers [ 610.049858][T18917] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 610.107729][T18917] REISERFS (device loop5): checking transaction log (loop5) [ 610.117487][ T4667] usb 5-1: Using ep0 maxpacket: 16 [ 610.125363][ T4667] usb 5-1: unable to get BOS descriptor or descriptor too short [ 610.161925][ T4667] usb 5-1: string descriptor 0 read error: -22 [ 610.195571][ T4667] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 0.40 [ 610.225501][ T4667] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 610.393816][T18917] REISERFS (device loop5): Using tea hash to sort names [ 610.413506][T18917] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 610.486956][ T4667] snd-usb-audio: probe of 5-1:1.0 failed with error -2 [ 610.547190][ T4385] udevd[4385]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 610.696648][ T5046] usb 5-1: USB disconnect, device number 28 [ 610.791146][T18929] dlm: Unknown command passed to DLM device : 8 [ 610.791146][T18929] [ 611.635049][T18954] xt_addrtype: ipv6 does not support BROADCAST matching [ 611.794213][T18958] netlink: 76 bytes leftover after parsing attributes in process `syz.4.6609'. [ 611.818834][T18958] netlink: 76 bytes leftover after parsing attributes in process `syz.4.6609'. [ 611.842960][T18962] xt_TCPMSS: Only works on TCP SYN packets [ 611.870241][T18956] loop0: detected capacity change from 0 to 4096 [ 611.909262][T18956] __ntfs_error: 4 callbacks suppressed [ 611.909279][T18956] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 612.007951][T18956] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 612.044237][T18934] loop1: detected capacity change from 0 to 32768 [ 612.052116][T18956] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 612.088593][T18956] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 612.102193][T18956] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 612.128948][T18956] ntfs: volume version 3.1. [ 612.136075][T18956] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 612.153389][T18956] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 612.165130][T18956] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 612.185068][T18956] ntfs: (device loop0): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute is corrupt. [ 612.195543][T18956] ntfs: (device loop0): ntfs_read_locked_index_inode(): Failed with error code -5 while reading index inode (mft_no 0x18, name_len 2. [ 612.200067][T18934] XFS (loop1): Mounting V5 Filesystem [ 612.323114][T18934] XFS (loop1): Ending clean mount [ 612.359129][T18934] XFS (loop1): Quotacheck needed: Please wait. [ 612.496340][T18934] XFS (loop1): Quotacheck: Done. [ 612.622136][ T4279] XFS (loop1): Unmounting Filesystem [ 612.677517][T18986] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6620'. [ 613.327234][ T7012] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 613.538846][ T7012] usb 3-1: config 0 has an invalid interface number: 120 but max is 0 [ 613.557284][ T7012] usb 3-1: config 0 has no interface number 0 [ 613.587217][ T7012] usb 3-1: config 0 interface 120 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 613.639995][ T7012] usb 3-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 613.690822][ T7012] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.719139][ T7012] usb 3-1: config 0 descriptor?? [ 613.738733][ T7012] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.120/input/input24 [ 613.979347][ T7012] usb 3-1: USB disconnect, device number 25 [ 614.059086][T19017] loop4: detected capacity change from 0 to 8192 [ 614.110381][T19017] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 614.161012][T19017] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 614.170989][T19017] REISERFS (device loop4): using ordered data mode [ 614.178049][T19017] reiserfs: using flush barriers [ 614.184486][T19017] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 614.201635][T19017] REISERFS (device loop4): checking transaction log (loop4) [ 614.287415][T19017] REISERFS (device loop4): Using tea hash to sort names [ 614.313706][T19017] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 614.531548][T19036] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 614.871591][T19045] netlink: 'syz.5.6647': attribute type 1 has an invalid length. [ 614.953764][T19045] netlink: 216 bytes leftover after parsing attributes in process `syz.5.6647'. [ 614.994574][T19047] netlink: 572 bytes leftover after parsing attributes in process `syz.0.6648'. [ 615.064243][T19047] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6648'. [ 615.707170][ T5044] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 615.897940][T19079] xt_TCPMSS: Only works on TCP SYN packets [ 615.918953][ T5044] usb 6-1: config 0 has an invalid interface number: 120 but max is 0 [ 615.939950][ T5044] usb 6-1: config 0 has no interface number 0 [ 615.946139][ T5044] usb 6-1: config 0 interface 120 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 615.982594][ T5044] usb 6-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 616.018184][T19083] loop4: detected capacity change from 0 to 1024 [ 616.025449][T19083] EXT4-fs: Ignoring removed mblk_io_submit option [ 616.036029][ T5044] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.125755][ T5044] usb 6-1: config 0 descriptor?? [ 616.144852][T19083] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 616.157564][ T5044] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.120/input/input25 [ 616.413227][ T5044] usb 6-1: USB disconnect, device number 14 [ 616.413442][ C1] usbtouchscreen 6-1:0.120: usbtouch_irq - usb_submit_urb failed with result: -19 [ 616.432907][ T4276] EXT4-fs (loop4): unmounting filesystem. [ 616.464326][T19096] netlink: 'syz.2.6671': attribute type 21 has an invalid length. [ 616.474285][T19096] netlink: 'syz.2.6671': attribute type 1 has an invalid length. [ 616.482551][T19096] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6671'. [ 616.829258][T19089] loop0: detected capacity change from 0 to 32768 [ 616.861521][T19089] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.6668 (19089) [ 616.887565][T19106] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 616.955477][T19089] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 616.976110][T19089] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 616.996587][T19089] BTRFS info (device loop0): force clearing of disk cache [ 617.034020][T19089] BTRFS info (device loop0): metadata ratio 0 [ 617.065985][T19089] BTRFS info (device loop0): enabling ssd optimizations [ 617.089928][T19089] BTRFS info (device loop0): using spread ssd allocation scheme [ 617.121583][T19089] BTRFS info (device loop0): using free space tree [ 617.250400][T19121] x_tables: unsorted entry at hook 3 [ 617.384320][T19089] BTRFS info (device loop0): rebuilding free space tree [ 617.708973][ T4274] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 618.124325][T19161] loop1: detected capacity change from 0 to 256 [ 618.168603][T19163] vim2m vim2m.0: Fourcc format (0x47425247) invalid. [ 618.208278][T19161] exfat: Deprecated parameter 'namecase' [ 618.249458][T19161] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001fe89, chksum : 0xeb34f926, utbl_chksum : 0xe619d30d) [ 618.321617][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 618.321635][ T26] audit: type=1326 audit(1781856891.797:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19166 comm="syz.2.6698" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 618.505466][ T26] audit: type=1326 audit(1781856891.857:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19166 comm="syz.2.6698" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 618.637789][ T26] audit: type=1326 audit(1781856891.857:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19166 comm="syz.2.6698" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 618.784678][T19178] loop5: detected capacity change from 0 to 2048 [ 618.798067][ T26] audit: type=1326 audit(1781856891.857:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19166 comm="syz.2.6698" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 618.876231][T19178] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 618.910036][T19184] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6703'. [ 619.513174][T19204] loop5: detected capacity change from 0 to 64 [ 619.896043][T19176] loop4: detected capacity change from 0 to 32768 [ 619.915897][T19214] netlink: 822 bytes leftover after parsing attributes in process `syz.5.6718'. [ 619.945014][T19214] bridge: RTM_NEWNEIGH with unconfigured vlan 1033 on bridge0 [ 620.051662][T19176] XFS (loop4): Mounting V5 Filesystem [ 620.320657][T19176] XFS (loop4): Ending clean mount [ 620.563851][ T4276] XFS (loop4): Unmounting Filesystem [ 620.585210][T19238] netlink: 132 bytes leftover after parsing attributes in process `syz.0.6725'. [ 621.802172][T19276] loop0: detected capacity change from 0 to 512 [ 621.898029][T19276] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 621.978155][T19276] EXT4-fs (loop0): 1 truncate cleaned up [ 621.983933][T19276] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 622.127647][T19276] EXT4-fs error (device loop0): ext4_generic_delete_entry:2729: inode #2: block 13: comm syz.0.6744: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 622.210233][T19276] EXT4-fs error (device loop0) in ext4_delete_entry:2800: Corrupt filesystem [ 622.356268][ T4274] EXT4-fs (loop0): unmounting filesystem. [ 622.402062][T19275] loop4: detected capacity change from 0 to 32768 [ 622.512114][T19275] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 622.553376][T19275] (syz.4.6745,19275,1):ocfs2_parse_options:1458 ERROR: Invalid heartbeat mount options [ 622.841343][ T4276] ocfs2: Unmounting device (7,4) on (node local) [ 622.878593][T19303] device wlan1 entered promiscuous mode [ 622.885515][T19303] device macsec1 entered promiscuous mode [ 622.962887][T19303] device wlan1 left promiscuous mode [ 623.429013][T19315] loop4: detected capacity change from 0 to 2048 [ 623.487193][T19315] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 623.526306][T19315] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 623.716876][ T7012] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 623.921628][ T7012] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 623.946621][ T7012] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 623.984999][ T7012] usb 1-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 624.041690][ T7012] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.085222][ T7012] usb 1-1: config 0 descriptor?? [ 624.188097][T19311] loop5: detected capacity change from 0 to 32768 [ 624.249695][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.256617][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.305515][T19311] jfs_strtoUCS: char2uni returned -22. [ 624.331142][T19311] charset = cp932, char = 0xfc [ 624.569956][ T7012] playstation 0003:054C:0DF2.0002: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.0-1/input0 [ 624.725002][ T7012] playstation 0003:054C:0DF2.0002: Failed to retrieve feature with reportID 9: -71 [ 624.765512][ T7012] playstation 0003:054C:0DF2.0002: Failed to retrieve DualSense pairing info: -71 [ 624.786235][ T7012] playstation 0003:054C:0DF2.0002: Failed to get MAC address from DualSense [ 624.830196][ T7012] playstation 0003:054C:0DF2.0002: Failed to create dualsense. [ 624.881411][ T7012] playstation: probe of 0003:054C:0DF2.0002 failed with error -71 [ 624.933997][ T7012] usb 1-1: USB disconnect, device number 26 [ 625.111777][T19343] fido_id[19343]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 625.169722][T19346] xt_socket: unknown flags 0x40 [ 625.254562][T19332] loop4: detected capacity change from 0 to 32768 [ 625.270034][T19344] loop1: detected capacity change from 0 to 8192 [ 625.378418][T19344] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 625.435139][T19344] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 625.444543][T19344] REISERFS (device loop1): using ordered data mode [ 625.473042][T19332] XFS (loop4): Mounting V5 Filesystem [ 625.493944][T19344] reiserfs: using flush barriers [ 625.586816][T19344] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 625.614557][T19332] XFS (loop4): Ending clean mount [ 625.664497][T19332] XFS (loop4): Quotacheck needed: Please wait. [ 625.710636][T19344] REISERFS (device loop1): checking transaction log (loop1) [ 625.762323][T19332] XFS (loop4): Quotacheck: Done. [ 625.959256][ T4276] XFS (loop4): Unmounting Filesystem [ 626.111734][T19344] REISERFS (device loop1): Using tea hash to sort names [ 626.126844][T19344] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 626.250420][T19370] tipc: Started in network mode [ 626.268090][T19370] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 626.305468][T19370] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 626.351398][T19370] tipc: Enabled bearer , priority 10 [ 626.573146][T19374] tipc: Enabling of bearer rejected, media not registered [ 626.878298][T19381] loop5: detected capacity change from 0 to 4096 [ 626.954233][T19387] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 626.995942][T19381] NILFS error (device loop5): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 627.006673][T19388] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 627.047465][T19381] Remounting filesystem read-only [ 627.322605][T19396] loop4: detected capacity change from 0 to 512 [ 627.418609][T19396] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 627.479547][ T7012] tipc: Node number set to 1 [ 627.518259][T19396] EXT4-fs (loop4): 1 truncate cleaned up [ 627.524010][T19396] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 627.687002][T19396] EXT4-fs: user quota file already specified [ 627.841163][ T4276] EXT4-fs (loop4): unmounting filesystem. [ 627.968401][T19415] netlink: 124 bytes leftover after parsing attributes in process `syz.5.6802'. [ 628.285912][T19419] loop4: detected capacity change from 0 to 8192 [ 628.345856][T19419] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 628.426863][T19419] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 628.438050][T19419] REISERFS (device loop4): using ordered data mode [ 628.444616][T19419] reiserfs: using flush barriers [ 628.451806][T19419] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 628.468858][T19419] REISERFS (device loop4): checking transaction log (loop4) [ 628.478052][T19419] REISERFS (device loop4): Using r5 hash to sort names [ 628.538967][T19419] reiserfs: enabling write barrier flush mode [ 628.604217][T19419] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2 [ 628.651868][T19408] loop0: detected capacity change from 0 to 32768 [ 628.681927][T19419] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 628.687532][T19168] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 628.722590][T19419] REISERFS (device loop4): Remounting filesystem read-only [ 628.744404][T19408] ERROR: (device loop0): dbAlloc: the hint is outside the map [ 628.744404][T19408] [ 628.755597][T19419] REISERFS error (device loop4): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 628.792072][T19408] ERROR: (device loop0): remounting filesystem as read-only [ 628.800972][T19419] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2 [ 628.843959][T19419] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 628.855267][T19419] REISERFS error (device loop4): zam-7001 reiserfs_find_entry: io error [ 628.879430][T19419] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2 [ 628.899536][T19419] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 628.911587][T19168] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 628.922900][T19419] REISERFS error (device loop4): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 628.941701][T19168] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 628.976424][T19168] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.984096][T19419] REISERFS warning (device loop4): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 629.027979][T19168] usb 2-1: config 0 descriptor?? [ 629.060159][T19168] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 629.070283][T19419] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2 [ 629.139303][T19419] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 629.180070][T19419] REISERFS (device loop4): Remounting filesystem read-only [ 629.203762][T19419] REISERFS error (device loop4): zam-7001 reiserfs_find_entry: io error [ 629.267325][T19438] tipc: Started in network mode [ 629.287901][ T7012] usb 2-1: USB disconnect, device number 28 [ 629.295681][T19438] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 629.325779][T19438] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 629.345286][T19438] tipc: Enabled bearer , priority 10 [ 629.672003][ T26] audit: type=1326 audit(1781856903.148:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19443 comm="syz.2.6816" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 629.737268][ T26] audit: type=1326 audit(1781856903.178:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19443 comm="syz.2.6816" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 629.792589][ T26] audit: type=1326 audit(1781856903.178:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19443 comm="syz.2.6816" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 629.836350][ T26] audit: type=1326 audit(1781856903.188:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19443 comm="syz.2.6816" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 629.861085][ T7012] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 629.916313][ T26] audit: type=1326 audit(1781856903.188:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19443 comm="syz.2.6816" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 629.956795][ T26] audit: type=1326 audit(1781856903.188:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19443 comm="syz.2.6816" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 630.011647][ T26] audit: type=1326 audit(1781856903.188:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19443 comm="syz.2.6816" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 630.045105][ T26] audit: type=1326 audit(1781856903.188:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19443 comm="syz.2.6816" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 630.076576][ T7012] usb 2-1: Using ep0 maxpacket: 16 [ 630.086092][ T7012] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 630.103975][ T26] audit: type=1326 audit(1781856903.188:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19443 comm="syz.2.6816" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 630.138361][ T7012] usb 2-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.40 [ 630.148584][ T7012] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.156878][ T26] audit: type=1326 audit(1781856903.188:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19443 comm="syz.2.6816" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455f19ce59 code=0x7ffc0000 [ 630.191053][ T7012] usb 2-1: config 0 descriptor?? [ 630.211236][ T7012] pegasus_notetaker: probe of 2-1:0.0 failed with error -22 [ 630.229822][ T7012] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 630.413326][ T4360] usb 2-1: USB disconnect, device number 29 [ 630.456328][ T7012] tipc: Node number set to 1 [ 630.963773][T19457] loop5: detected capacity change from 0 to 32768 [ 630.998052][T19457] ERROR: (device loop5): dbAlloc: the hint is outside the map [ 630.998052][T19457] [ 631.064638][T19457] ERROR: (device loop5): remounting filesystem as read-only [ 631.416054][T19488] netlink: 'syz.1.6836': attribute type 2 has an invalid length. [ 631.438003][T19489] sg_write: data in/out 2011/14 bytes for SCSI command 0x0-- guessing data in; [ 631.438003][T19489] program syz.0.6835 not setting count and/or reply_len properly [ 631.479043][ T4285] Bluetooth: hci0: unexpected event for opcode 0x080b [ 631.776346][T19497] loop5: detected capacity change from 0 to 2048 [ 631.801585][T19503] device wlan1 entered promiscuous mode [ 631.817222][T19503] device macsec1 entered promiscuous mode [ 631.827133][T19497] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 631.853569][T19503] device wlan1 left promiscuous mode [ 631.885883][T19505] loop4: detected capacity change from 0 to 4096 [ 631.912264][T19497] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 632.001856][T19507] loop0: detected capacity change from 0 to 512 [ 632.040440][T19508] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 632.120447][T19507] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 632.141637][T19507] EXT4-fs error (device loop0): ext4_get_branch:178: inode #13: block 1024: comm syz.0.6844: invalid block [ 632.174228][ T4285] Bluetooth: hci3: command 0x0405 tx timeout [ 632.226926][T19507] EXT4-fs (loop0): 1 truncate cleaned up [ 632.232685][T19507] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 632.488014][T19507] EXT4-fs: user quota file already specified [ 632.734768][ T4274] EXT4-fs (loop0): unmounting filesystem. [ 632.749455][T19522] loop4: detected capacity change from 0 to 256 [ 632.828635][T19524] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 632.873508][T19522] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xdbae3f17, utbl_chksum : 0xe619d30d) [ 632.888416][T19524] bridge0: port 1(bridge_slave_0) entered disabled state [ 632.929767][T19524] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 633.216337][T19536] netlink: 790 bytes leftover after parsing attributes in process `syz.5.6858'. [ 633.302134][T19538] loop1: detected capacity change from 0 to 1764 [ 633.519128][T19546] smc: net device wlan0 applied user defined pnetid SYZ1 [ 633.556485][T19546] smc: ib device syz1 ibport 1 applied user defined pnetid SYZ1 [ 633.886175][ T7012] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 633.965690][T19562] bridge0: port 1(bridge_slave_0) entered disabled state [ 633.990959][T19562] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 634.112648][ T7012] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 634.131146][ T7012] usb 2-1: config 0 has no interface number 0 [ 634.160484][ T7012] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 634.173494][ T7012] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.180620][T19570] loop0: detected capacity change from 0 to 512 [ 634.204548][ T7012] usb 2-1: config 0 descriptor?? [ 634.223671][T19570] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 634.235285][ T7012] usb 2-1: selecting invalid altsetting 1 [ 634.246083][ T4667] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 634.290110][T19570] EXT4-fs (loop0): 1 truncate cleaned up [ 634.295885][T19570] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 634.329170][T19575] netlink: 120 bytes leftover after parsing attributes in process `syz.2.6877'. [ 634.341064][ T7012] dvb_ttusb_budget: ttusb_init_controller: error [ 634.371925][ T7012] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 634.457311][ T4667] usb 6-1: Using ep0 maxpacket: 8 [ 634.469772][ T4667] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 634.495080][ T4667] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 634.518039][ T4667] usb 6-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00 [ 634.532659][ T4667] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.545323][ T4667] usb 6-1: config 0 descriptor?? [ 634.576399][ T4274] EXT4-fs (loop0): unmounting filesystem. [ 634.587503][T19573] device wlan0 entered promiscuous mode [ 634.613611][ T7012] DVB: Unable to find symbol cx22700_attach() [ 634.676298][T19572] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 634.751751][ T7012] DVB: Unable to find symbol tda10046_attach() [ 634.758620][ T7012] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 634.796345][ T7012] usb 2-1: USB disconnect, device number 30 [ 634.978177][ T4667] macally 0003:060B:0001.0003: unknown main item tag 0x0 [ 634.999337][ T4667] macally 0003:060B:0001.0003: unknown main item tag 0x0 [ 635.008198][ T4667] macally 0003:060B:0001.0003: unknown main item tag 0x0 [ 635.015314][ T4667] macally 0003:060B:0001.0003: unknown main item tag 0x0 [ 635.029040][ T4667] macally 0003:060B:0001.0003: unknown main item tag 0x0 [ 635.061535][ T4667] macally 0003:060B:0001.0003: unknown main item tag 0x0 [ 635.071344][ T4667] macally 0003:060B:0001.0003: unknown main item tag 0x0 [ 635.082634][ T4667] macally 0003:060B:0001.0003: item fetching failed at offset 42/43 [ 635.092696][ T4667] macally: probe of 0003:060B:0001.0003 failed with error -22 [ 635.111754][T19594] sock: sock_set_timeout: `syz.0.6884' (pid 19594) tries to set negative timeout [ 635.177559][ T4667] usb 6-1: USB disconnect, device number 15 [ 635.503774][T19608] loop1: detected capacity change from 0 to 8 [ 635.542089][T19608] SQUASHFS error: lzo decompression failed, data probably corrupt [ 635.560897][T19608] SQUASHFS error: Failed to read block 0x91: -5 [ 635.594234][T19608] SQUASHFS error: Unable to read metadata cache entry [8f] [ 635.616054][T19608] SQUASHFS error: Unable to read inode 0x11f [ 636.277413][T19604] loop4: detected capacity change from 0 to 32768 [ 636.375539][T19604] JBD2: Ignoring recovery information on journal [ 636.467250][T19604] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 636.498692][T19612] loop0: detected capacity change from 0 to 32768 [ 636.516834][T19612] BTRFS: device fsid db05bf05-c4f4-4d41-ba1f-eb57295b561b devid 1 transid 8 /dev/loop0 scanned by syz.0.6893 (19612) [ 636.550459][T19612] BTRFS info (device loop0): first mount of filesystem db05bf05-c4f4-4d41-ba1f-eb57295b561b [ 636.561897][T19612] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 636.572621][T19612] BTRFS info (device loop0): using free space tree [ 636.721025][ T4276] ocfs2: Unmounting device (7,4) on (node local) [ 636.787043][T19616] loop5: detected capacity change from 0 to 32768 [ 636.867157][T19616] XFS (loop5): Mounting V5 Filesystem [ 636.956934][T19656] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6902'. [ 636.995597][T19612] BTRFS info (device loop0): enabling ssd optimizations [ 637.023567][T19616] XFS (loop5): Ending clean mount [ 637.114799][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 637.114816][ T26] audit: type=1800 audit(1781856910.588:399): pid=19612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.6893" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 637.240572][T11347] XFS (loop5): Unmounting Filesystem [ 637.321370][ T4274] BTRFS info (device loop0): last unmount of filesystem db05bf05-c4f4-4d41-ba1f-eb57295b561b [ 638.109217][ T4323] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 638.203280][ T22] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 638.305820][ T4323] usb 2-1: Using ep0 maxpacket: 16 [ 638.322657][ T4323] usb 2-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 638.354701][ T4323] usb 2-1: config 0 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 12 [ 638.378327][ T4323] usb 2-1: config 0 interface 0 has no altsetting 0 [ 638.388490][ T4323] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 638.408729][ T4323] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 638.425802][ T22] usb 5-1: Using ep0 maxpacket: 16 [ 638.431954][ T4323] usb 2-1: config 0 descriptor?? [ 638.436992][ T22] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 638.437024][ T22] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 638.437047][ T22] usb 5-1: config 0 interface 0 has no altsetting 0 [ 638.437078][ T22] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 638.533454][ T22] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 638.548857][T19695] loop0: detected capacity change from 0 to 128 [ 638.572423][ T22] usb 5-1: config 0 descriptor?? [ 638.890647][ T4323] koneplus 0003:1E7D:2E22.0004: unknown main item tag 0x0 [ 638.914904][ T4323] koneplus 0003:1E7D:2E22.0004: unknown main item tag 0x0 [ 638.922768][ T4323] koneplus 0003:1E7D:2E22.0004: unknown main item tag 0x0 [ 638.953015][ T4323] koneplus 0003:1E7D:2E22.0004: unknown main item tag 0x0 [ 638.973321][ T4323] koneplus 0003:1E7D:2E22.0004: unknown main item tag 0x0 [ 638.992949][T19703] loop5: detected capacity change from 0 to 1024 [ 638.993972][ T4323] koneplus 0003:1E7D:2E22.0004: unknown main item tag 0x0 [ 639.010170][ T22] nzxt-smart2 0003:1E71:2009.0005: unknown main item tag 0xe [ 639.029009][T19703] EXT4-fs: Ignoring removed i_version option [ 639.035113][T19703] EXT4-fs: inline encryption not supported [ 639.041535][ T22] nzxt-smart2 0003:1E71:2009.0005: item fetching failed at offset 4/5 [ 639.056378][ T4323] koneplus 0003:1E7D:2E22.0004: unbalanced collection at end of report description [ 639.061845][ T22] nzxt-smart2: probe of 0003:1E71:2009.0005 failed with error -22 [ 639.098071][T19703] EXT4-fs (loop5): Test dummy encryption mode enabled [ 639.116441][ T4323] koneplus 0003:1E7D:2E22.0004: parse failed [ 639.141692][ T4323] koneplus: probe of 0003:1E7D:2E22.0004 failed with error -22 [ 639.161775][T19703] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 639.189404][T19703] EXT4-fs error (device loop5): __ext4_remount:6650: comm syz.5.6923: Abort forced by user [ 639.204710][ T4323] usb 2-1: USB disconnect, device number 31 [ 639.212318][ T22] usb 5-1: USB disconnect, device number 29 [ 639.220742][T19703] EXT4-fs (loop5): re-mounted. Quota mode: writeback. [ 639.316362][T19715] CUSE: zero length info key specified [ 639.351658][T11347] EXT4-fs (loop5): unmounting filesystem. [ 639.442265][T19717] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 639.530966][ T5041] usb 1-1: new full-speed USB device number 27 using dummy_hcd [ 639.720745][ T5041] usb 1-1: config 0 has an invalid interface number: 234 but max is 0 [ 639.748989][ T5041] usb 1-1: config 0 has no interface number 0 [ 639.760150][ T5041] usb 1-1: config 0 interface 234 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 639.794963][ T5041] usb 1-1: config 0 interface 234 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 639.842576][ T5041] usb 1-1: config 0 interface 234 has no altsetting 0 [ 639.872979][ T5041] usb 1-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00 [ 639.889524][ T5041] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.922311][ T5041] usb 1-1: config 0 descriptor?? [ 640.371328][ T5041] uclogic 0003:28BD:0909.0006: interface is invalid, ignoring [ 640.387932][T19741] loop4: detected capacity change from 0 to 512 [ 640.468597][T19741] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 640.483904][T19744] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6941'. [ 640.538802][T19741] EXT4-fs (loop4): orphan cleanup on readonly fs [ 640.553236][T19746] nbd: socks must be embedded in a SOCK_ITEM attr [ 640.580333][ T5041] usb 1-1: USB disconnect, device number 27 [ 640.586612][T19741] EXT4-fs error (device loop4): __ext4_iget:5102: inode #11: block 1: comm syz.4.6940: invalid block [ 640.652401][T19723] loop5: detected capacity change from 0 to 32768 [ 640.671516][T19741] EXT4-fs error (device loop4): ext4_orphan_get:1410: comm syz.4.6940: couldn't read orphan inode 11 (err -117) [ 640.737021][T19741] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 640.814886][T19723] XFS (loop5): Mounting V5 Filesystem [ 640.962739][T19758] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6944'. [ 640.976818][T19723] XFS (loop5): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 641.096444][ T4276] EXT4-fs (loop4): unmounting filesystem. [ 641.106282][T19723] XFS (loop5): Starting recovery (logdev: internal) [ 641.212286][T19723] XFS (loop5): Ending recovery (logdev: internal) [ 641.517287][T11347] XFS (loop5): Unmounting Filesystem [ 641.835814][ T22] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 642.027312][ T22] usb 5-1: too many endpoints for config 0 interface 0 altsetting 15: 254, using maximum allowed: 30 [ 642.045532][ T22] usb 5-1: config 0 interface 0 altsetting 15 endpoint 0x81 has invalid maxpacket 1056, setting to 64 [ 642.065860][T19168] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 642.077155][ T22] usb 5-1: config 0 interface 0 altsetting 15 endpoint 0x2 has invalid maxpacket 1967, setting to 64 [ 642.125632][ T22] usb 5-1: config 0 interface 0 altsetting 15 has 2 endpoint descriptors, different from the interface descriptor's value: 254 [ 642.165718][ T22] usb 5-1: config 0 interface 0 has no altsetting 0 [ 642.172429][ T22] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 642.191247][T19785] loop5: detected capacity change from 0 to 2048 [ 642.205535][ T22] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.246923][ T22] usb 5-1: config 0 descriptor?? [ 642.253367][T19773] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 642.262329][T19773] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 642.278594][T19168] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 642.296548][T19785] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 642.305277][T19168] usb 2-1: config 0 has no interface number 0 [ 642.378648][T19168] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 642.436243][T19790] loop0: detected capacity change from 0 to 4096 [ 642.436889][T19168] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 642.482542][T19785] EXT4-fs: Ignoring removed bh option [ 642.488465][T19785] EXT4-fs: Remounting file system with no journal so ignoring journalled data option [ 642.492120][T19791] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 642.538959][T19168] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 642.549754][T19785] EXT4-fs (loop5): can't enable nombcache during remount [ 642.575856][T19168] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.596950][T19168] usb 2-1: config 0 descriptor?? [ 642.713771][T11347] EXT4-fs (loop5): unmounting filesystem. [ 642.728911][ T22] corsair 0003:1B1C:1B02.0007: unknown main item tag 0x2 [ 642.765514][ T22] corsair 0003:1B1C:1B02.0007: unknown main item tag 0x7 [ 642.811879][ T22] corsair 0003:1B1C:1B02.0007: hidraw0: USB HID v10.08 Device [HID 1b1c:1b02] on usb-dummy_hcd.4-1/input0 [ 642.928300][ T22] corsair 0003:1B1C:1B02.0007: Failed to get K90 initial state (error -71). [ 642.980737][ T22] usb 5-1: USB disconnect, device number 30 [ 643.035752][T19168] prodikeys 0003:041E:2801.0008: unknown main item tag 0x0 [ 643.053895][T19168] prodikeys 0003:041E:2801.0008: unknown main item tag 0x5 [ 643.094368][T19168] prodikeys 0003:041E:2801.0008: item fetching failed at offset 5/7 [ 643.121311][T19168] prodikeys 0003:041E:2801.0008: hid parse failed [ 643.132253][T19168] prodikeys: probe of 0003:041E:2801.0008 failed with error -22 [ 643.239003][T19799] netlink: 452 bytes leftover after parsing attributes in process `syz.5.6961'. [ 643.257652][T19800] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 643.267146][T19168] usb 2-1: USB disconnect, device number 32 [ 643.286687][T19799] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6961'. [ 643.393990][T19796] fido_id[19796]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 644.410702][T19827] loop5: detected capacity change from 0 to 64 [ 644.638218][T19817] loop0: detected capacity change from 0 to 32768 [ 644.713059][T19816] loop4: detected capacity change from 0 to 32768 [ 644.954525][T19804] syz.2.6962 (19804): drop_caches: 2 [ 644.960934][ T7012] usb 2-1: new full-speed USB device number 33 using dummy_hcd [ 644.989722][T19817] [ 644.989722][T19817] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 644.989722][T19817] [ 645.048895][T19827] syz.5.6973: attempt to access beyond end of device [ 645.048895][T19827] loop5: rw=0, sector=1024, nr_sectors = 2 limit=64 [ 645.095806][T19816] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 645.140508][T19817] ERROR: (device loop0): dbDiscardAG: -EIO [ 645.140508][T19817] [ 645.159044][T19827] Buffer I/O error on dev loop5, logical block 512, async page read [ 645.204766][T19827] syz.5.6973: attempt to access beyond end of device [ 645.204766][T19827] loop5: rw=0, sector=113152, nr_sectors = 2 limit=64 [ 645.235989][ T7012] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 645.257125][T19827] Buffer I/O error on dev loop5, logical block 56576, async page read [ 645.265404][ T7012] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 645.265453][ T7012] usb 2-1: New USB device found, idVendor=28bd, idProduct=0055, bcdDevice= 0.00 [ 645.339839][ T4274] [ 645.339839][ T4274] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 645.339839][ T4274] [ 645.357776][ T7012] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 645.372822][T19833] syz.5.6973: attempt to access beyond end of device [ 645.372822][T19833] loop5: rw=0, sector=1024, nr_sectors = 2 limit=64 [ 645.392415][ T7012] usb 2-1: config 0 descriptor?? [ 645.416760][ T4274] [ 645.416760][ T4274] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 645.416760][ T4274] [ 645.427396][T19833] Buffer I/O error on dev loop5, logical block 512, async page read [ 645.456557][ T4276] ocfs2: Unmounting device (7,4) on (node local) [ 645.476200][T19833] syz.5.6973: attempt to access beyond end of device [ 645.476200][T19833] loop5: rw=0, sector=113152, nr_sectors = 2 limit=64 [ 645.555605][T19833] Buffer I/O error on dev loop5, logical block 56576, async page read [ 645.810757][ T7012] uclogic 0003:28BD:0055.0009: interface is invalid, ignoring [ 646.011118][ T7012] usb 2-1: USB disconnect, device number 33 [ 646.104159][T19847] device macsec1 entered promiscuous mode [ 646.121302][T19847] device wlan1 entered promiscuous mode [ 646.153359][T19847] device wlan1 left promiscuous mode [ 646.941697][T19866] loop1: detected capacity change from 0 to 512 [ 647.389512][T19880] loop4: detected capacity change from 0 to 256 [ 647.430382][T19880] exfat: Deprecated parameter 'utf8' [ 647.453833][T19880] exfat: Deprecated parameter 'namecase' [ 647.478627][T19884] device wlan1 entered promiscuous mode [ 647.494791][T19884] device macsec1 entered promiscuous mode [ 647.509191][T19880] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d) [ 647.540760][T19884] device wlan1 left promiscuous mode [ 647.971013][T19896] loop0: detected capacity change from 0 to 512 [ 648.447073][T19912] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7013'. [ 648.774708][T19925] netlink: 'syz.4.7018': attribute type 2 has an invalid length. [ 648.805541][ T7012] usb 6-1: new full-speed USB device number 16 using dummy_hcd [ 648.816406][T19923] sp0: Synchronizing with TNC [ 648.877948][T19922] [U] è [ 648.983926][T19929] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7020'. [ 649.007441][ T7012] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 649.025179][ T7012] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 649.065208][ T7012] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 649.065239][ T7012] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 649.073841][ T7012] usb 6-1: config 0 descriptor?? [ 649.090567][ T7012] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 649.091074][ T7012] dvb-usb: bulk message failed: -22 (3/0) [ 649.100769][ T7012] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 649.111013][ T7012] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 649.111103][ T7012] usb 6-1: media controller created [ 649.113178][ T7012] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 649.134608][ T7012] dvb-usb: bulk message failed: -22 (6/0) [ 649.377656][ T7012] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 649.418386][ T7012] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input28 [ 649.469844][ T7012] dvb-usb: schedule remote query interval to 150 msecs. [ 649.485186][ T7012] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 649.526143][ T7012] usb 6-1: USB disconnect, device number 16 [ 649.554409][T19944] netlink: 300 bytes leftover after parsing attributes in process `syz.2.7028'. [ 649.576687][ T7012] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 649.758883][T19950] loop0: detected capacity change from 0 to 256 [ 649.876114][T19956] loop1: detected capacity change from 0 to 512 [ 650.007639][T19956] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 650.042850][T19956] ext4 filesystem being mounted at /1395/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 650.246147][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 650.554933][T19979] loop5: detected capacity change from 0 to 16 [ 650.573350][T19979] erofs: (device loop5): mounted with root inode @ nid 36. [ 650.829569][T19985] loop4: detected capacity change from 0 to 256 [ 650.922582][T19985] FAT-fs (loop4): Directory bread(block 64) failed [ 650.942037][T19985] FAT-fs (loop4): Directory bread(block 65) failed [ 650.963657][T19985] FAT-fs (loop4): Directory bread(block 66) failed [ 650.988538][T19985] FAT-fs (loop4): Directory bread(block 67) failed [ 651.022659][T19985] FAT-fs (loop4): Directory bread(block 68) failed [ 651.039897][T19985] FAT-fs (loop4): Directory bread(block 69) failed [ 651.057574][T19985] FAT-fs (loop4): Directory bread(block 70) failed [ 651.091751][T19985] FAT-fs (loop4): Directory bread(block 71) failed [ 651.109677][T19985] FAT-fs (loop4): Directory bread(block 72) failed [ 651.134322][T19985] FAT-fs (loop4): Directory bread(block 73) failed [ 651.145139][ T125] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 651.169377][T19967] loop0: detected capacity change from 0 to 32768 [ 651.335082][ T125] usb 6-1: Using ep0 maxpacket: 32 [ 651.347204][ T125] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 651.373639][ T125] usb 6-1: config 0 has no interface number 0 [ 651.410083][ T125] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 651.459440][ T125] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 651.490831][ T125] usb 6-1: Product: syz [ 651.502154][ T125] usb 6-1: Manufacturer: syz [ 651.515437][ T125] usb 6-1: SerialNumber: syz [ 651.538679][ T125] usb 6-1: config 0 descriptor?? [ 651.570282][ T125] smsc95xx v2.0.0 [ 651.758921][T20003] loop1: detected capacity change from 0 to 1024 [ 651.814890][T20003] EXT4-fs: Ignoring removed nobh option [ 651.820717][T20003] EXT4-fs: Ignoring removed bh option [ 651.907734][T20003] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 652.177500][ T125] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 652.195229][ T125] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 652.220021][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 652.226810][T20015] netlink: 19 bytes leftover after parsing attributes in process `syz.4.7061'. [ 652.266306][ T125] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 652.288934][ T125] smsc95xx: probe of 6-1:0.67 failed with error -71 [ 652.339117][ T125] usb 6-1: USB disconnect, device number 17 [ 652.540611][T20023] netlink: 143932 bytes leftover after parsing attributes in process `syz.1.7064'. [ 652.557971][T20023] netlink: zone id is out of range [ 652.569476][T20023] netlink: zone id is out of range [ 652.580916][T20023] netlink: zone id is out of range [ 652.592126][T20023] netlink: zone id is out of range [ 652.603112][T20023] netlink: zone id is out of range [ 652.621831][T20023] netlink: zone id is out of range [ 652.632952][T20023] netlink: zone id is out of range [ 652.643965][T20023] netlink: zone id is out of range [ 652.655206][T20023] netlink: zone id is out of range [ 652.672956][T20023] netlink: zone id is out of range [ 652.739029][T20019] loop0: detected capacity change from 0 to 8192 [ 652.765179][T20019] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 652.807105][T20019] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 652.855407][T20019] ntfs3: loop0: Failed to load $Extend. [ 652.870624][ T26] audit: type=1800 audit(1781856926.349:400): pid=20019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.7055" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 653.007654][T20032] loop4: detected capacity change from 0 to 1024 [ 653.185148][ T5041] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 653.231503][T20029] IPVS: Scheduler module ip_vs_sip not found [ 653.357271][T20038] loop4: detected capacity change from 0 to 8 [ 653.385138][ T5041] usb 2-1: Using ep0 maxpacket: 8 [ 653.392595][ T5041] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 653.453784][ T5041] usb 2-1: config 0 interface 0 has no altsetting 0 [ 653.504442][ T5041] usb 2-1: New USB device found, idVendor=056a, idProduct=006b, bcdDevice= 0.00 [ 653.539820][ T5041] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 653.584091][ T5041] usb 2-1: config 0 descriptor?? [ 653.728924][T20044] loop4: detected capacity change from 0 to 512 [ 653.777273][T20044] EXT4-fs: Ignoring removed i_version option [ 653.909151][T20044] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 653.925473][T20044] ext4 filesystem being mounted at /1393/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 653.962070][T20044] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 654.038171][ T5041] wacom 0003:056A:006B.000A: unknown main item tag 0x2 [ 654.045368][ T5041] wacom 0003:056A:006B.000A: unknown main item tag 0x6 [ 654.054563][ T5041] wacom 0003:056A:006B.000A: Unknown device_type for 'HID 056a:006b'. Assuming pen. [ 654.094442][ T4276] EXT4-fs (loop4): unmounting filesystem. [ 654.155509][ T5041] wacom 0003:056A:006B.000A: hidraw0: USB HID v0.c1 Device [HID 056a:006b] on usb-dummy_hcd.1-1/input0 [ 654.198188][ T5041] input: Wacom Bamboo1 5x8 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:006B.000A/input/input29 [ 654.328280][ T5041] usb 2-1: USB disconnect, device number 34 [ 654.670324][T20059] fido_id[20059]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 654.724880][T19168] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 654.925086][T19168] usb 3-1: Using ep0 maxpacket: 8 [ 654.932236][T19168] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 654.941352][T20071] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 654.974540][T19168] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 655.001552][T20075] loop1: detected capacity change from 0 to 256 [ 655.005227][T19168] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 655.032075][T19168] usb 3-1: Product: syz [ 655.044477][T19168] usb 3-1: Manufacturer: syz [ 655.056207][T19168] usb 3-1: SerialNumber: syz [ 655.097487][T19168] usb 3-1: config 0 descriptor?? [ 655.110626][T20075] FAT-fs (loop1): Directory bread(block 64) failed [ 655.122425][T19168] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 655.154960][T20075] FAT-fs (loop1): Directory bread(block 65) failed [ 655.161663][T20075] FAT-fs (loop1): Directory bread(block 66) failed [ 655.169024][T19168] usb 3-1: setting power ON [ 655.185621][T19168] dvb-usb: bulk message failed: -22 (2/0) [ 655.194131][T20075] FAT-fs (loop1): Directory bread(block 67) failed [ 655.220559][T20075] FAT-fs (loop1): Directory bread(block 68) failed [ 655.228295][T19168] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 655.252063][T20075] FAT-fs (loop1): Directory bread(block 69) failed [ 655.261814][T20075] FAT-fs (loop1): Directory bread(block 70) failed [ 655.266530][T19168] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 655.275411][T20075] FAT-fs (loop1): Directory bread(block 71) failed [ 655.305202][T20075] FAT-fs (loop1): Directory bread(block 72) failed [ 655.312457][T19168] usb 3-1: media controller created [ 655.313546][T20075] FAT-fs (loop1): Directory bread(block 73) failed [ 655.325422][T20063] dvb-usb: bulk message failed: -22 (3/0) [ 655.354149][T20063] cxusb: i2c wr: len=79 is too big! [ 655.354149][T20063] [ 655.374404][T19168] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 655.456320][T20075] syz.1.7086: attempt to access beyond end of device [ 655.456320][T20075] loop1: rw=0, sector=1768, nr_sectors = 4 limit=256 [ 655.474208][T19168] usb 3-1: selecting invalid altsetting 6 [ 655.493960][T19168] usb 3-1: digital interface selection failed (-22) [ 655.532467][T19168] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 655.582635][T19168] usb 3-1: setting power OFF [ 655.598594][T19168] dvb-usb: bulk message failed: -22 (2/0) [ 655.617055][T19168] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 655.665730][T19168] (NULL device *): no alternate interface [ 655.741747][T19168] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 655.815005][T19168] usb 3-1: USB disconnect, device number 26 [ 656.081436][T20077] loop0: detected capacity change from 0 to 32768 [ 656.101825][T20077] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz.0.7087 (20077) [ 656.178886][T20097] loop5: detected capacity change from 0 to 2048 [ 656.224762][T20077] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 656.281104][T20103] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 656.305393][T20077] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 656.314191][T20077] BTRFS info (device loop0): using free space tree [ 656.489615][T20100] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.551936][T20100] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 42629 - 0 [ 656.564937][T20100] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 46549 - 0 [ 656.724942][ T4668] usb 2-1: new full-speed USB device number 35 using dummy_hcd [ 656.740118][T20077] BTRFS info (device loop0): enabling ssd optimizations [ 656.806687][ T26] audit: type=1800 audit(1781856930.289:401): pid=20077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.7087" name="file2" dev="loop0" ino=261 res=0 errno=0 [ 656.947003][ T4668] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 656.977222][ T4668] usb 2-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 656.988270][T20131] loop5: detected capacity change from 0 to 64 [ 657.013623][T20100] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 657.027589][ T4668] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 657.062886][ T4668] usb 2-1: Product: syz [ 657.074793][ T4668] usb 2-1: Manufacturer: syz [ 657.079483][ T4668] usb 2-1: SerialNumber: syz [ 657.115635][ T4668] usb 2-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 657.169182][T20100] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 42629 - 0 [ 657.190159][T20100] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 46549 - 0 [ 657.333143][ T4668] usb 2-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 657.370377][T20138] loop5: detected capacity change from 0 to 64 [ 657.411487][ T4668] usb 2-1: USB disconnect, device number 35 [ 657.523280][T20100] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 657.554827][T20100] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 42629 - 0 [ 657.590521][T20100] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 46549 - 0 [ 657.611687][ T4274] BTRFS info (device loop0): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 658.155743][T20145] loop1: detected capacity change from 0 to 2048 [ 658.223438][T20100] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.273844][T20145] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 658.306847][T20154] hugetlbfs: Bad value for 'size' [ 658.314964][T20100] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 42629 - 0 [ 658.332324][T20100] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 46549 - 0 [ 658.479994][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 658.601953][T20160] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7116'. [ 658.778953][T20100] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 46549 - 0 [ 658.794661][T20100] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 42629 - 0 [ 658.820116][T20100] netdevsim netdevsim2 eth0: set [1, 2] type 2 family 0 port 6081 - 0 [ 658.880696][T20100] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 46549 - 0 [ 658.909703][T20100] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 42629 - 0 [ 658.930742][T20164] loop4: detected capacity change from 0 to 4096 [ 658.952896][T20100] netdevsim netdevsim2 eth1: set [1, 2] type 2 family 0 port 6081 - 0 [ 658.953008][T20164] ntfs: (device loop4): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 659.041876][T20100] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 46549 - 0 [ 659.060895][T20100] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 42629 - 0 [ 659.112491][T20100] netdevsim netdevsim2 eth2: set [1, 2] type 2 family 0 port 6081 - 0 [ 659.167560][T20164] ntfs: volume version 3.1. [ 659.191551][T20100] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 46549 - 0 [ 659.221646][T20172] loop5: detected capacity change from 0 to 4096 [ 659.230985][T20100] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 42629 - 0 [ 659.242197][T20164] ntfs: (device loop4): ntfs_nlstoucs(): Name using character set cp869 contains characters that cannot be converted to Unicode. [ 659.263935][T20172] EXT4-fs: Ignoring removed nomblk_io_submit option [ 659.273170][T20100] netdevsim netdevsim2 eth3: set [1, 2] type 2 family 0 port 6081 - 0 [ 659.299076][T20164] ntfs: (device loop4): ntfs_lookup(): Failed to convert name to Unicode. [ 659.330351][T20172] EXT4-fs (loop5): Test dummy encryption mode enabled [ 659.398061][T20172] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 659.418610][T20172] System zones: 0-5 [ 659.434822][T20172] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 659.452457][T20172] EXT4-fs (loop5): re-mounted. Quota mode: writeback. [ 659.541085][T11347] EXT4-fs (loop5): unmounting filesystem. [ 659.930593][T20189] net_ratelimit: 3660 callbacks suppressed [ 659.930613][T20189] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 660.238063][T20202] loop1: detected capacity change from 0 to 512 [ 660.285877][T19168] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 660.301102][T20202] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 660.390942][T20202] EXT4-fs error (device loop1): ext4_orphan_get:1431: comm syz.1.7136: bad orphan inode 131083 [ 660.461939][T20202] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 660.474558][ T5302] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 660.496333][T19168] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 660.527181][T19168] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 660.553944][ T26] audit: type=1800 audit(1781856934.030:402): pid=20202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.7136" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 660.586917][T19168] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 660.622358][T19168] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 660.641898][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 660.642617][T19168] usb 6-1: SerialNumber: syz [ 660.694815][ T5302] usb 3-1: Using ep0 maxpacket: 32 [ 660.708651][ T5302] usb 3-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 660.746266][ T5302] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 660.793193][ T5302] usb 3-1: Product: syz [ 660.797669][ T5302] usb 3-1: Manufacturer: syz [ 660.802315][ T5302] usb 3-1: SerialNumber: syz [ 660.830891][ T5302] usb 3-1: config 0 descriptor?? [ 660.861782][ T5302] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 660.890372][ T5302] dvb-usb: bulk message failed: -22 (4/0) [ 660.898396][T19168] usb 6-1: 0:2 : does not exist [ 660.900710][ T5302] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 660.960053][ T5302] dvb-usb: bulk message failed: -22 (5/0) [ 660.967175][T19168] usb 6-1: USB disconnect, device number 18 [ 660.976298][ T5302] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 661.020898][ T5302] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 661.042194][ T5302] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 661.051070][ T5302] usb 3-1: media controller created [ 661.076620][T20199] dvb-usb: bulk message failed: -22 (7/0) [ 661.104524][T20199] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0) [ 661.118147][ T5302] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 661.131561][T20199] ttusb2: i2c transfer failed. [ 661.157826][ T5302] usb 3-1: selecting invalid altsetting 3 [ 661.163635][ T5302] ttusb2: set interface to alts=3 failed [ 661.246267][ T4382] udevd[4382]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 661.390784][ T5302] DVB: Unable to find symbol tda10086_attach() [ 661.409826][ T5302] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 661.441519][ T5302] dvb-usb: bulk message failed: -22 (4/0) [ 661.455173][ T5302] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 661.498300][ T5302] dvb-usb: bulk message failed: -22 (5/0) [ 661.504135][ T5302] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 661.550244][ T5302] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 661.600613][ T5302] usb 3-1: USB disconnect, device number 27 [ 661.718179][ T5302] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 661.790347][T20239] program syz.0.7154 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 661.906027][T20243] loop5: detected capacity change from 0 to 256 [ 662.028482][T20243] FAT-fs (loop5): Directory bread(block 64) failed [ 662.048508][T20243] FAT-fs (loop5): Directory bread(block 65) failed [ 662.074551][T20243] FAT-fs (loop5): Directory bread(block 66) failed [ 662.081320][T20243] FAT-fs (loop5): Directory bread(block 67) failed [ 662.101675][T20243] FAT-fs (loop5): Directory bread(block 68) failed [ 662.110659][T20243] FAT-fs (loop5): Directory bread(block 69) failed [ 662.125000][T20243] FAT-fs (loop5): Directory bread(block 70) failed [ 662.141134][T20243] FAT-fs (loop5): Directory bread(block 71) failed [ 662.159043][T20243] FAT-fs (loop5): Directory bread(block 72) failed [ 662.166022][T20243] FAT-fs (loop5): Directory bread(block 73) failed [ 662.191236][T20250] loop0: detected capacity change from 0 to 2048 [ 662.225102][T20250] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 662.496369][T20255] loop1: detected capacity change from 0 to 512 [ 662.599332][T20259] usb usb8: usbfs: process 20259 (syz.2.7164) did not claim interface 5 before use [ 662.792900][T20255] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 662.844727][T20255] ext4 filesystem being mounted at /1422/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 662.870039][T20255] EXT4-fs warning (device loop1): ext4_group_add:1723: Can't resize non-sparse filesystem further [ 663.129393][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 663.634601][ T5046] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 663.771980][T20304] netlink: 132 bytes leftover after parsing attributes in process `syz.2.7182'. [ 663.804507][T20304] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7182'. [ 663.824566][ T5046] usb 1-1: Using ep0 maxpacket: 32 [ 663.831906][ T5046] usb 1-1: config 0 has an invalid interface number: 12 but max is 0 [ 663.871755][ T5046] usb 1-1: config 0 has no interface number 0 [ 663.892039][ T5046] usb 1-1: config 0 interface 12 has no altsetting 0 [ 663.956963][ T5046] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 663.990511][ T5046] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 664.004717][ T5046] usb 1-1: Product: syz [ 664.009013][ T5046] usb 1-1: Manufacturer: syz [ 664.020470][ T5046] usb 1-1: SerialNumber: syz [ 664.036619][ T5046] usb 1-1: config 0 descriptor?? [ 664.215739][T20286] loop1: detected capacity change from 0 to 32768 [ 664.291983][T20317] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7189'. [ 664.623243][T20326] loop4: detected capacity change from 0 to 2048 [ 664.653471][ T5046] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 664.664319][ T125] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 664.672989][ T5046] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 664.685432][T20326] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 664.704338][ T5046] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 664.715960][T20326] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 664.734363][ T5046] f81534: probe of 1-1:0.12 failed with error -71 [ 664.752347][T20326] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 664.773300][ T5046] usb 1-1: USB disconnect, device number 28 [ 664.856190][ T125] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 664.874402][T20330] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7196'. [ 664.883573][ T125] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 664.902378][T20330] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7196'. [ 664.915004][ T125] usb 6-1: config 0 descriptor?? [ 665.128540][ T125] [drm] vendor descriptor length:6 data:06 5f 01 25 00 00 00 00 00 00 00 [ 665.147432][ T125] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 665.316088][T20336] netlink: 260 bytes leftover after parsing attributes in process `syz.4.7199'. [ 665.329634][ T125] [drm:udl_init] *ERROR* Selecting channel failed [ 665.364904][ T125] [drm] Initialized udl 0.0.1 20120220 for 6-1:0.0 on minor 2 [ 665.383432][ T125] [drm] Initialized udl on minor 2 [ 665.397509][ T125] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 665.414537][ T125] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 665.445393][ T125] usb 6-1: USB disconnect, device number 19 [ 665.451785][ T5046] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 665.460923][ T5046] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 665.489538][ T5046] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 665.573430][T20324] loop1: detected capacity change from 0 to 32768 [ 665.665663][T20324] jfs_create: dtInsert returned -EIO [ 665.671819][T20324] ERROR: (device loop1): jfs_create: [ 665.671819][T20324] [ 666.041905][T20350] loop0: detected capacity change from 0 to 4096 [ 666.557542][T20366] loop5: detected capacity change from 0 to 128 [ 666.635225][T20366] EXT4-fs (loop5): Test dummy encryption mode enabled [ 666.715511][T20366] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a806c018, mo2=0042] [ 666.723559][T20366] System zones: 1-3, 19-19, 35-36 [ 666.784360][T20366] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 666.801322][T20366] ext4 filesystem being mounted at /760/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 666.999832][T20383] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7221'. [ 667.009893][T11347] EXT4-fs (loop5): unmounting filesystem. [ 667.388695][T20395] netlink: 24 bytes leftover after parsing attributes in process `syz.5.7228'. [ 667.448535][T20393] loop4: detected capacity change from 0 to 4096 [ 667.543034][T20402] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 667.665675][T20406] loop0: detected capacity change from 0 to 1024 [ 667.742966][T20406] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 667.756307][T20406] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (29950!=20869) [ 667.813734][T20406] EXT4-fs (loop0): group descriptors corrupted! [ 667.846687][T20412] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7236'. [ 667.892320][T20412] Zero length message leads to an empty skb [ 668.438557][T20435] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7244'. [ 668.686959][T20445] [ 668.689378][T20445] ====================================================== [ 668.696424][T20445] WARNING: possible circular locking dependency detected [ 668.703485][T20445] syzkaller #0 Not tainted [ 668.707970][T20445] ------------------------------------------------------ [ 668.715022][T20445] syz.1.7252/20445 is trying to acquire lock: [ 668.721123][T20445] ffffffff970292b8 (nfnl_subsys_ipset){+.+.}-{3:3}, at: ip_set_nfnl_get_byindex+0x63/0x230 [ 668.731305][T20445] [ 668.731305][T20445] but task is already holding lock: [ 668.738710][T20445] ffff888146e4b0b8 (&nft_net->commit_mutex){+.+.}-{3:3}, at: nf_tables_valid_genid+0x37/0x100 [ 668.749153][T20445] [ 668.749153][T20445] which lock already depends on the new lock. [ 668.749153][T20445] [ 668.759596][T20445] [ 668.759596][T20445] the existing dependency chain (in reverse order) is: [ 668.768661][T20445] [ 668.768661][T20445] -> #2 (&nft_net->commit_mutex){+.+.}-{3:3}: [ 668.776984][T20445] __mutex_lock+0x12d/0xaf0 [ 668.782196][T20445] nf_tables_dumpreset_obj+0x6e/0x90 [ 668.788048][T20445] netlink_dump+0x6a3/0xd00 [ 668.793193][T20445] __netlink_dump_start+0x537/0x6f0 [ 668.798967][T20445] nft_netlink_dump_start_rcu+0xdb/0x1a0 [ 668.805183][T20445] nf_tables_getobj_reset+0x1cb/0x610 [ 668.811130][T20445] nfnetlink_rcv_msg+0x8a0/0x12b0 [ 668.816837][T20445] netlink_rcv_skb+0x1fb/0x450 [ 668.822193][T20445] nfnetlink_rcv+0x2b0/0x2480 [ 668.827495][T20445] netlink_unicast+0x74d/0x8d0 [ 668.832828][T20445] netlink_sendmsg+0x8ad/0xbd0 [ 668.838176][T20445] ____sys_sendmsg+0x5be/0x970 [ 668.843580][T20445] ___sys_sendmsg+0x2a2/0x360 [ 668.848818][T20445] __se_sys_sendmsg+0x1bb/0x2a0 [ 668.854238][T20445] do_syscall_64+0x4c/0xa0 [ 668.858914][T20447] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 668.859241][T20445] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 668.870526][T20447] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 668.872081][T20445] [ 668.872081][T20445] -> #1 (nlk_cb_mutex-NETFILTER){+.+.}-{3:3}: [ 668.879698][T20447] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 668.886840][T20445] __mutex_lock+0x12d/0xaf0 [ 668.886873][T20445] __netlink_dump_start+0x11f/0x6f0 [ 668.886894][T20445] ip_set_dump+0x152/0x1e0 [ 668.886948][T20445] nfnetlink_rcv_msg+0xbec/0x12b0 [ 668.886979][T20445] netlink_rcv_skb+0x1fb/0x450 [ 668.886997][T20445] nfnetlink_rcv+0x2b0/0x2480 [ 668.887027][T20445] netlink_unicast+0x74d/0x8d0 [ 668.887046][T20445] netlink_sendmsg+0x8ad/0xbd0 [ 668.887065][T20445] ____sys_sendmsg+0x5be/0x970 [ 668.894468][T20447] comedi comedi3: 8255: I/O port conflict (0xc9,4) [ 668.898519][T20445] ___sys_sendmsg+0x2a2/0x360 [ 668.898547][T20445] __se_sys_sendmsg+0x1bb/0x2a0 [ 668.898567][T20445] do_syscall_64+0x4c/0xa0 [ 668.898587][T20445] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 668.898617][T20445] [ 668.898617][T20445] -> #0 (nfnl_subsys_ipset){+.+.}-{3:3}: [ 668.898651][T20445] __lock_acquire+0x2d07/0x7d10 [ 668.980414][T20447] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 668.983099][T20445] lock_acquire+0x1bb/0x4a0 [ 668.995271][T20445] __mutex_lock+0x12d/0xaf0 [ 669.000352][T20445] ip_set_nfnl_get_byindex+0x63/0x230 [ 669.006295][T20445] set_match_v1_checkentry+0x6d/0x220 [ 669.012352][T20445] xt_check_match+0x4e6/0xc50 [ 669.017604][T20445] __nft_match_init+0x663/0x890 [ 669.021358][T20447] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 669.023078][T20445] nf_tables_newrule+0x1731/0x2810 [ 669.023112][T20445] nfnetlink_rcv+0x1124/0x2480 [ 669.040560][T20445] netlink_unicast+0x74d/0x8d0 [ 669.045902][T20445] netlink_sendmsg+0x8ad/0xbd0 [ 669.051275][T20445] ____sys_sendmsg+0x5be/0x970 [ 669.051513][T20447] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 669.056600][T20445] ___sys_sendmsg+0x2a2/0x360 [ 669.056621][T20445] __se_sys_sendmsg+0x1bb/0x2a0 [ 669.056641][T20445] do_syscall_64+0x4c/0xa0 [ 669.056660][T20445] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 669.056691][T20445] [ 669.056691][T20445] other info that might help us debug this: [ 669.056691][T20445] [ 669.056699][T20445] Chain exists of: [ 669.056699][T20445] nfnl_subsys_ipset --> nlk_cb_mutex-NETFILTER --> &nft_net->commit_mutex [ 669.056699][T20445] [ 669.056739][T20445] Possible unsafe locking scenario: [ 669.056739][T20445] [ 669.056746][T20445] CPU0 CPU1 [ 669.056752][T20445] ---- ---- [ 669.056759][T20445] lock(&nft_net->commit_mutex); [ 669.056773][T20445] lock(nlk_cb_mutex-NETFILTER); [ 669.056790][T20445] lock(&nft_net->commit_mutex); [ 669.056813][T20445] lock(nfnl_subsys_ipset); [ 669.056826][T20445] [ 669.056826][T20445] *** DEADLOCK *** [ 669.056826][T20445] [ 669.056832][T20445] 1 lock held by syz.1.7252/20445: [ 669.073421][T20447] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 669.073843][T20445] #0: ffff888146e4b0b8 (&nft_net->commit_mutex){+.+.}-{3:3} [ 669.079748][T20447] comedi comedi3: 8255: I/O port conflict (0xc,4) [ 669.085233][T20445] , at: nf_tables_valid_genid+0x37/0x100 [ 669.085271][T20445] [ 669.085271][T20445] stack backtrace: [ 669.085297][T20445] CPU: 1 PID: 20445 Comm: syz.1.7252 Not tainted syzkaller #0 [ 669.085318][T20445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 669.085334][T20445] Call Trace: [ 669.085350][T20445] [ 669.085359][T20445] dump_stack_lvl+0x188/0x24e [ 669.085383][T20445] ? load_image+0x400/0x400 [ 669.104616][T20447] comedi comedi3: 8255: I/O port conflict (0x81,4) [ 669.110079][T20445] ? show_regs_print_info+0x12/0x12 [ 669.110116][T20445] ? print_circular_bug+0x12b/0x1a0 [ 669.127480][T20447] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 669.128344][T20445] check_noncircular+0x296/0x330 [ 669.128391][T20445] ? add_chain_block+0x940/0x940 [ 669.133812][T20447] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 669.140974][T20445] ? lockdep_lock+0xf1/0x1f0 [ 669.141015][T20445] ? _find_first_zero_bit+0xcf/0x100 [ 669.141072][T20445] __lock_acquire+0x2d07/0x7d10 [ 669.141112][T20445] ? mark_lock+0x94/0x320 [ 669.141142][T20445] ? verify_lock_unused+0x140/0x140 [ 669.141170][T20445] ? __lock_acquire+0x12f4/0x7d10 [ 669.141207][T20445] lock_acquire+0x1bb/0x4a0 [ 669.141234][T20445] ? ip_set_nfnl_get_byindex+0x63/0x230 [ 669.141259][T20445] ? __might_sleep+0xd0/0xd0 [ 669.157741][T20447] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 669.161713][T20445] ? read_lock_is_recursive+0x10/0x10 [ 669.170877][T20447] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 669.173341][T20445] __mutex_lock+0x12d/0xaf0 [ 669.338611][T20445] ? ip_set_nfnl_get_byindex+0x63/0x230 [ 669.344212][T20445] ? ip_set_pernet+0x23/0x230 [ 669.348935][T20445] ? ip_set_nfnl_get_byindex+0x63/0x230 [ 669.354537][T20445] ? mutex_lock_nested+0x10/0x10 [ 669.359520][T20445] ? __flush_work+0x10d/0xae0 [ 669.364365][T20445] ? ip_set_pernet+0x23/0x230 [ 669.369093][T20445] ? ip_set_pernet+0x23/0x230 [ 669.373826][T20445] ip_set_nfnl_get_byindex+0x63/0x230 [ 669.379266][T20445] set_match_v1_checkentry+0x6d/0x220 [ 669.384704][T20445] xt_check_match+0x4e6/0xc50 [ 669.389445][T20445] ? xt_check_proc_name+0x270/0x270 [ 669.394702][T20445] ? __stack_depot_save+0x35/0x460 [ 669.399994][T20445] __nft_match_init+0x663/0x890 [ 669.404901][T20445] ? ___sys_sendmsg+0x2a2/0x360 [ 669.409805][T20445] ? nft_match_large_dump+0x40/0x40 [ 669.415073][T20445] ? __kmem_cache_alloc_node+0x140/0x260 [ 669.420835][T20445] ? nf_tables_newrule+0x1503/0x2810 [ 669.426193][T20445] ? rcu_is_watching+0x11/0xa0 [ 669.431116][T20445] ? nf_tables_newrule+0x1503/0x2810 [ 669.436458][T20445] ? __kmalloc+0xe1/0x240 [ 669.440992][T20445] nf_tables_newrule+0x1731/0x2810 [ 669.446157][T20445] ? nf_tables_delchain+0xf00/0xf00 [ 669.451403][T20445] ? __lock_acquire+0x7d10/0x7d10 [ 669.456493][T20445] ? mutex_unlock+0x10/0x10 [ 669.461045][T20445] ? __nla_parse+0x3c/0x50 [ 669.465513][T20445] nfnetlink_rcv+0x1124/0x2480 [ 669.470338][T20445] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 669.475943][T20445] ? ref_tracker_free+0x68c/0x840 [ 669.481037][T20445] ? netlink_deliver_tap+0x2e/0x1b0 [ 669.486288][T20445] ? netlink_deliver_tap+0x2e/0x1b0 [ 669.491542][T20445] netlink_unicast+0x74d/0x8d0 [ 669.496355][T20445] netlink_sendmsg+0x8ad/0xbd0 [ 669.501177][T20445] ? netlink_getsockopt+0x550/0x550 [ 669.506429][T20445] ? aa_sock_msg_perm+0x94/0x150 [ 669.511495][T20445] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 669.516888][T20445] ? security_socket_sendmsg+0x7c/0xa0 [ 669.522452][T20445] ? netlink_getsockopt+0x550/0x550 [ 669.527711][T20445] ____sys_sendmsg+0x5be/0x970 [ 669.532529][T20445] ? __sys_sendmsg_sock+0x30/0x30 [ 669.537606][T20445] ? __import_iovec+0x315/0x500 [ 669.542515][T20445] ? import_iovec+0x6f/0xa0 [ 669.547074][T20445] ___sys_sendmsg+0x2a2/0x360 [ 669.551802][T20445] ? try_to_wake_up+0x67c/0x1080 [ 669.556871][T20445] ? __sys_sendmsg+0x290/0x290 [ 669.561702][T20445] __se_sys_sendmsg+0x1bb/0x2a0 [ 669.566595][T20445] ? __x64_sys_sendmsg+0x80/0x80 [ 669.571593][T20445] ? lockdep_hardirqs_on+0x94/0x140 [ 669.576862][T20445] do_syscall_64+0x4c/0xa0 [ 669.581324][T20445] ? clear_bhb_loop+0x60/0xb0 [ 669.586069][T20445] ? clear_bhb_loop+0x60/0xb0 [ 669.590809][T20445] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 669.596766][T20445] RIP: 0033:0x7fc587d9ce59 [ 669.601247][T20445] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 669.620913][T20445] RSP: 002b:00007fc588c66028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 669.629390][T20445] RAX: ffffffffffffffda RBX: 00007fc588015fa0 RCX: 00007fc587d9ce59 [ 669.637411][T20445] RDX: 0000000024044010 RSI: 0000200000000100 RDI: 0000000000000003 [ 669.645432][T20445] RBP: 00007fc587e32e6f R08: 0000000000000000 R09: 0000000000000000 [ 669.653447][T20445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 669.661464][T20445] R13: 00007fc588016038 R14: 00007fc588015fa0 R15: 00007ffeca1ba678 [ 669.669496][T20445] [ 669.683059][T20457] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 669.683059][T20457] The task syz.5.7251 (20457) triggered the difference, watch for misbehavior. [ 669.688224][T20445] set match dimension is over the limit!