last executing test programs: 32.316280315s ago: executing program 1 (id=7175): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_REVISION={0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) 31.819271682s ago: executing program 1 (id=7179): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) ioctl$FBIOPAN_DISPLAY(r0, 0x4606, &(0x7f0000000180)={0x60, 0x320, 0x1000, 0x258, 0x401, 0x0, 0x1, 0x1, {0x80000000, 0x1, 0x1}, {0x6, 0x10000, 0x1}, {0x101, 0x1, 0x1}, {0x80000000, 0x9, 0x1}, 0x3, 0x100, 0xffff, 0x5, 0x1, 0x0, 0x6, 0x559, 0xfffffffc, 0x9, 0x3, 0x5, 0x1, 0x100}) 31.389130063s ago: executing program 1 (id=7184): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x30008c0, &(0x7f0000000700)=ANY=[@ANYBLOB="71756965742c636f6465706167653d64656661756c742c696f636861727365743d69736f383835392d332c71756965742c706172743d3078303030303030303030303030303030352c0092e73659b6f19fbbe01b9cc908dab9ad4d60fd5d2fe7f6f2a8504daf6ce25e47ccd96db758f99cd394edcacf7d6641565eb30fdd75538e1b4b26856e0d8d3dd5696871fea56befab9d6054e8a3d7ec6b0446b9854be7c547de0e6327b26b688927c436320bf5a8f3da0d373f123f05a7c23bc44cb09b3569c1a2e6a53db85a352c84d2be28861582595be300b40f1569d42e14addbebd853776fc5f01715e85eeaa188002d9d98f77bbecf7e075f264e052bb8cdbe5dfa461764272d3bb874306cf0962de8b667984388934fb1b44cc555064550a2df4ea53d3974a652e6dcf8ba8b5264497efdc53ec6742c9fac1e406f1eb7cd1ca3baafdee5c34f59975c6cbf0680dedc70db5b03870a1a"], 0x11, 0x2c6, &(0x7f0000000a00)="$eJzs3U9rE0EYx/HfbNIm2tJubUXwWC0ogmi9iJeI5EV4ErWJUAwVbUXrqYonEb179y34IrwovgE9efIF1NPKzOzm7yabhCRr9PuBhk12n51nsn9mnkBZAfhv3ap+/3jtp/0zUkEF6c0NKZBUloqSTutM+enewe5Bo14btKOCi7B/Rj7S9Gyzs1dPC7VxLiIW2ndFLbd/humIoujmj7yTQO7c1Z8ikErx1enWl1dXZ57bIC/HjDuacB7zxhzrWM+1knceAIB8xeN/EI/zy/H8PQikrXiK7sf/vBOdkOO8E5i6aODatvHfVVmRscfXze1Mq95zJZxdHyRV4jAtL3S9X5Q/szommCarqnS5BCce7Dbql3ceNWqBXqkSa9tsw73W/KmbyMh2M6U2HWCIvpv0GeWS68OC7cO2z/+ZpI7818dscWzms/lq7phQH1Rrzv+KkbGHyR2psOtI+fyv9N+j62Vot1J826hUKkHHJmuukbNxC7GMXpbTKxIlZ9SaOn8gCLPydFGnuqJ8765mRK2nRm0n7/pEbXRE2d40z+b+7U2beWdum0390idV2+b/gc1vSwOvzNZVY7b8UOC+cd+fxfTmim6fYc/I0Xu5NL/FUr/Ufw++p2EEb3Vf17Wyf/jiYaHRqD+xC/dSFh4vNz9ZeC2lbpPzgo5an5QUOT0bJ4PSqE1ckjRuYhcn2lN7/8jc2F5laauSAepvOF7zv1D9MvqJNG8L+d6eMBv7hyX5g553JsiJnXcZX/+16pWin+zZlzB1nj7kDwHxHiM7x25WcK3YyM/IJZ0cqYJb6l/B9dZcPTWjq7nOXZDOD99iGOf5jzBVfdNdfv8HAAAAAAAAAAAAAAAAAACYN7P4d4K8+wgAAAAAAAAAAAAAAAAAAAAAwLxrPv9XyfN/Ndzzf7sfxTLJ5/++3xPP/wWm708AAAD//2wtd4M=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) 30.736088854s ago: executing program 1 (id=7188): syz_mount_image$minix(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x1000008, &(0x7f0000000040)=ANY=[], 0x5, 0x197, &(0x7f0000000800)="$eJzs20+P0kAYx/Ffi1DF/6AXL5J40ItU8eRNXwqBSohFiXCBmBgTfRWefH+a6H2zs2mhXWhJdukCs8D3c3qePsx0hjBl5lABOFoNNeTIUVnSU0nf6o6kqu1hAdgBI+nUADhOpX+2RwDAjr/vpaGkP/+/dlQq5/YHUf1dUncr+fp36UnSzPF0M7u/+C09T9o7t1a2r8qYWT1/7ojqL54l97+tO7qre7qvB3qo2rzeTft/fIWdEHB8HDWz+dIFVx/6YfAqzctx/jrNK3HeyuRv0tyL82bnc9jd1hQAFOResP5LmfV/I7P+Aeyv0WT6sR2GwZfLBRWt8eHFwJM7u2Gx5rkg6m4T/awduPnSj5qKfi1R8PNkdhSzMp1rEUTnR+Nt7LexGDiS7E9wH4PMg2Js4+kEYJv88WDojybTl/1Buxf0gk+tX/PKWz/e+fvL+38Ah+P8T9/2SAAAAAAAAAAAAAAAQFF1PVp53RhjFtLsa30AAAAA9tAuXieyPUcAAAAAAAAAAAAAAAAAAADgUJwFAAD//2DKH7Q=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) 30.085295194s ago: executing program 1 (id=7193): syz_mount_image$hfsplus(&(0x7f0000000180), &(0x7f0000001480)='./file1\x00', 0xc00a, &(0x7f0000000040)=ANY=[], 0x11, 0x6ae, &(0x7f0000000400)="$eJzs3c1vHHcZB/DvrF83lRy3TdOAKtU0UkFENHGsFMIlASEUpApV4cDZIk5jZZMGx0VpD8QFJK4c+APKIVzgBEJISEiRyhluFTeLUyUkLj2lPTBoZmfttbtrb5Im69DPJ5qdZ+Y385tnnnnZl8iaAJ9bF05k8m7auXDitVvV9Oadpc7mnaVr3bjVSTKTpJVMdkcprifF+8n5dId8oZrZdFcM286vV89e/OCjzQ+7U5PZ7q96aQ9PcHKUvdhohiwkmWjGD2FHfz96sP5mtsNiqzJVwY73CgfjNpWk3OHHR7dbBikn+iaGXu/Ak6Povm/26V7/88mhJLO9N7SNbmPr8We4r/u6F208ujwAAADgwDh873ZyK3PjzgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeJM3z/4tmaPXihRS95/9P9z1jf3rM6Q63d2azveBu63EkAwAAAAAAAACP1ov38ruLZTnXmy6L+v/8X6onjtSvT+Wt3MxK1vJKbmU561nPWhaTzPd1NH1reX19bbG35idlWQ5Z8/T2/773rXl6xITbD7/PAAAAAAAAAPB/5Fwz/lkuZG7MuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwA5FMtEd1cORXjyf1mSS2STT1XIbyT968ZPs7rgTAAAAgMfg8L3cy63M9abLov7Of7T+3j+bt3I961nNejpZyaX6t4Dut/7W5p2lzuadpWvV8Ol+v/Wf7fiPc/umUfeY7m8Pg7d8rF6inctZbZZK3kwnl9Kq16wc6+UzOK93q5yKc11lmZlRCnSpGVd7/qtmfDDM1xWZqitS1ehUk1tVjaf3rkT/0XmALS2mtfXLz5H7qPm5PbdS/Lcsu9Gh3pzkqe/tX/Op+9qZh7K7Eqf7zr6je1ci+fKffv/DK53rV68UGycOzmk0yIuDZ8/8q3eEepXo2shKlvoq8XxTgeo63bsSl28e8EqMqJXntuIL+W5+kBNZyOtZy2p+kuWsZyUL+U4dLTfnc/U6v/c5c37H1Ov7ZTHdHJeJXTl96XB3vFdOL9XrzmU138+buZSVvFr/O53FfD1nciZn+47wcyNc9a0BV/2fhyd//CtN0E7yy2Z8MFR1fbqvrv333Pm6rX9OK2XzzvLMZ3Zv3DL5xSaojsTP+67B8duqxGy23iV62T3bq8DUwEr8pr6t3Oxcv7p2ZfnGrn6LjcHbezk7d//g3Eiq8+WZ6mDVUzvPjqrt2YFti3Xbka221u6237a32va7Uqebz3Cf7ul03fb8wLaluu1YX1v1eWs2yUo+Kcuy+3kLgAPv0FcPTbf/3f57+732L9pX2q/NfnvmGzMvTGfqb1PfnDw18XLrheIPeS8/zf7f0AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgH3dfPudq8udzsrarqAsy9tDmh5JkMlkx5y//qUJmqe81Q8DGr3DaunzraSeM5kmuL/Ebj/Y7rz7oEX4Z3NMHkvBP5Ngduj5szv4uCzLg5HzKEHZOCj5jCMY3z0JeDxOrl+7cfLm2+98bfVa642VN1aunz1z5uyps2deXTp5ebUzO+70gEeofq+vP+eMOxMAAAAAAAAAAABgVKP9cU7xcH/bAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAQLpzI5N0UWTz1yqlqevPOUqcaevH2kh8naSUpFpLi/eR8ukPm+7orhm1nI7n4wUebH3anJpuhXr6113qj2WiGLCSZaMYDzCY5tHtmeXtYf0Xdz43h/Y2o2NrDqmDHe4WDcftfAAAA//8p+RGB") openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x105042, 0x189) 29.367350446s ago: executing program 1 (id=7199): syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x9c, 0x0, @wg}}}}}, 0x0) syz_emit_ethernet(0x9e, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x7c, 0x0, @wg=@data={0x4, 0x0, 0x0, '\x00'/100}}}}}}, 0x0) 28.082099234s ago: executing program 32 (id=7199): syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x9c, 0x0, @wg}}}}}, 0x0) syz_emit_ethernet(0x9e, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x7c, 0x0, @wg=@data={0x4, 0x0, 0x0, '\x00'/100}}}}}}, 0x0) 23.439127101s ago: executing program 4 (id=7220): r0 = socket(0x10, 0x3, 0x0) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfd}, 0x7) 22.851968057s ago: executing program 4 (id=7224): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/shm\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000180)=""/73, 0xfffffdef, 0x55) 22.546875057s ago: executing program 4 (id=7227): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) sysinfo(&(0x7f0000000000)=""/92) 21.994928852s ago: executing program 4 (id=7231): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000500)='./file0\x00', 0x1818418, &(0x7f0000000200)=ANY=[], 0xde, 0x4b1, &(0x7f0000000ac0)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x200000, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@userxattr}]}) 20.840952856s ago: executing program 4 (id=7237): io_setup(0x7, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) io_submit(r0, 0x1, &(0x7f00000004c0)=[&(0x7f0000000080)={0x0, 0x0, 0x2, 0x7, 0x8001, r1, 0x0, 0x0, 0x4}]) 19.371442399s ago: executing program 4 (id=7245): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a60000000060a09040000000000000000020000000900020073797a32000000000900010073797a3000000000340004803000018008000100636d70002400028008000140654a00041000038009000100701e1630b7000000080002"], 0x88}}, 0x0) 17.651390258s ago: executing program 33 (id=7245): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a60000000060a09040000000000000000020000000900020073797a32000000000900010073797a3000000000340004803000018008000100636d70002400028008000140654a00041000038009000100701e1630b7000000080002"], 0x88}}, 0x0) 4.413266828s ago: executing program 0 (id=7304): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f000000c800)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/25, 0x19}, {&(0x7f0000000940)=""/132, 0x84}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/110, 0x6e}, {&(0x7f0000000400)=""/217, 0xd9}, {&(0x7f0000001a80)=""/102, 0x66}], 0x6}, 0xc}, {{0x0, 0x0, 0x0}, 0x24c9ddb}, {{0x0, 0x0, 0x0}, 0xf04}, {{0x0, 0x0, 0x0}, 0x1}], 0x4, 0x40000000, 0x0) 4.069558386s ago: executing program 2 (id=7305): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) process_madvise(r1, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000240)='_(', 0x2}], 0x2, 0xd, 0x0) 3.627192133s ago: executing program 0 (id=7307): ioprio_set$uid(0x3, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f00000000c0)="1b", 0x1) 3.527003609s ago: executing program 2 (id=7308): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x1000052, &(0x7f0000000240)=ANY=[], 0xf5, 0x1219, &(0x7f0000002100)="$eJzs3E9rHGUcB/Bf1o1JU/NHrdX2oA948TQ0OXgSJEgKkgWlNkIrCFOz0SVjNmRCYEWsnrz2dXj2JvgOcvE1eMvFYw/iSGYam223VMHdFfv5HDI/nuf55pln2F2YZZ49eefel7s7ZbaTH0ZrZiZa+xHpfooUrTjz+mZzvHV7c73T2biR0vX1m6tvp5SW3vj5k6/nIuLixz8u/TQXxyufnvy29uvx5eMrJ3/c/KJXpl6ZVvqHKU93+v3D/E7RTdu9cjdL6cOim5fd1NsruwdD/TtFf39/kPK97cWF/YNuWaZ8b5B27+UR/XR4MEj553lvL2VZlhYXgieaffqQrR/uV1UVUVWz8XxUVVVdiIW4GC/EYizFtxHxYrwUL8eleCUux6vxWlypR03i9AEAAAAAAAAAAAAAAAAAAODZcX7/f0QM7f9fjhX7/wEAAAAAAAAAAAAAAAAAAGACPrp1e3O909m4kdJ8RPH90dbRVnNs+td3ohdFdONaLMfvUe/+bzT19fc7G9dSbSW+K+4+yN892nquyZ/+Oc2v1j8n8CDfrvvO8qtNPg3n52Lh/PxrsRyXRs+/NjI/H2+9eS6fxXL88ln0o4jteu6H+W9WU3rvg84j+av1OAAAAPg/yNJfRt6/Z9mT+pv83/5+oB2P3F+342p7umsnohx8tZu3iu5BXRRnxfxjLWMrZiNiUnONq5gbbmmNaa7WUy7UzLgW2P6PXGfF48Xpu/jf+D8XYrhl2p9MTMLDl8G0zwQAAAAAAAAAAIB/YszPJ7ZjxJNl705nqQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCoAAP//I6LAUA==") chdir(&(0x7f0000000240)='./file0\x00') creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 3.356278654s ago: executing program 3 (id=7309): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$l2tp6(0xa, 0x2, 0x73) connect$l2tp6(r0, &(0x7f0000000180)={0xa, 0x0, 0x4, @mcast1, 0x7, 0x2}, 0x20) 2.989403452s ago: executing program 0 (id=7310): r0 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000580)='$\x00\x19y\x01\xff\xb4\x9e\x95oQE\xc9\x1f|\bZ\xf44\x7f)\x03c\x9a\x85\x01V\xb8p+\x84\xfb\xe6?\x88\xe9\x98Y\x0e\xd5P\xa2\xcc\x01*\xcd%v!\x82\xf1\xaaB\x04-\x88\xeb-q8\x03\xadO\xa0F\xc5Z\x0f\xee\x94\xfcy\xa5\xa4L\xa1\xd7g\x9d\xd2m5r\xef\xe1\xd1\x87\x1aM\xa6\xa8\xa2\xef\xb0\x9e\xa9d\xee\xacl\x9c\xcb\x03\x17\xbbG\x15\xba3\xa5r<]T\xc6R\x03\xee#\x0f\x88\xc4\xd3\x02\xd1 @\r\x1cc\xe4|\x13H\xc2\x1fq\x88\xdd\x98\xe1~\xb0\xedK\x17x\v\x9b\xaa\xb4\a\xb6\x8b\x9e*=\x8f\x05\x8b\x88\xc9\x12\xa6\x8fs\x98\xf1\xfe\xcdX\xce,AD\xd2v\xf4\xe5\xd3\xf3\xf1TY\x1c\x8a\x98\xf8\xcf6\xc3>]l\xdaQ\xac\n{)\xc9\x95\xb4\x12j}8\x03\xba&\xe8p\xe8\xf0\xa4\xa6e\xbc\xef\x93%/x\x19\xaa\xb5\x97\x98A\\\x91\x9a \xa8\xf8a\xd8\x97\x1eR\xaf\xc8\x9f', 0x0) read$ptp(r0, &(0x7f0000000280)=""/176, 0xb0) 2.803251624s ago: executing program 3 (id=7311): open(0x0, 0x143042, 0x0) setresgid(0xee01, 0x0, 0x0) setresgid(0x0, 0x0, 0xffffffffffffffff) 2.350881864s ago: executing program 0 (id=7312): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x4bfb, &(0x7f0000000000)) 2.344110355s ago: executing program 3 (id=7313): r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f00000002c0)={0x0, "de442bfc7910e10ac69ac014b0fa7807b11d2c99ed1f40d47a6edb3367b5cc888e1fd5102ae2d3d05f251f8d49025ceab4152b6e6d87cd6088e97a9d06d29143", 0xfffffffc}, 0x48, 0xffffffffffffffff) keyctl$chown(0x4, r0, 0xee01, 0xee00) keyctl$chown(0x4, r0, 0x0, 0x0) 1.780786438s ago: executing program 0 (id=7314): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r0, &(0x7f00000001c0)={0x1f, @none, 0x1}, 0xa) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100)) 1.716776772s ago: executing program 3 (id=7315): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000080)='>', 0x1) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f00000001c0)=0x7, 0x4) 1.710573101s ago: executing program 2 (id=7316): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 1.055381648s ago: executing program 2 (id=7317): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000005c0), r0) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r0, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f0000001c40)={0x14, r1, 0x1, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x91}, 0x88d4) 943.562769ms ago: executing program 3 (id=7318): unshare(0x20000400) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff}, 0x80) ppoll(&(0x7f0000000180)=[{r0, 0x20}], 0x1, &(0x7f0000000280)={0x0, 0x989680}, 0x0, 0x0) 636.505603ms ago: executing program 2 (id=7319): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x3, 0x8, &(0x7f0000000b40)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffff17b}, [@call={0x85, 0x0, 0x0, 0x27}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000880)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 451.311991ms ago: executing program 0 (id=7320): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x18) 398.803348ms ago: executing program 3 (id=7321): syz_mount_image$hfsplus(&(0x7f00000003c0), &(0x7f0000000640)='./file0\x00', 0x800000, &(0x7f0000000280)={[{@creator={'creator', 0x3d, "33fefa37"}}, {@force}, {@uid}, {@creator={'creator', 0x3d, "d1a7bc99"}}, {@nobarrier}, {@gid}, {}, {@uid}, {@nobarrier}, {@nobarrier}, {@nodecompose}, {@nls={'nls', 0x3d, 'macceltic'}}]}, 0x4, 0x5f0, &(0x7f0000001980)="$eJzs3cFvHFcdB/DvbGLHDlK6TZOmIARWOYAakdjeyAQJCSgFWahClbj0aiWb2somjewtcntApuLc/gvlYM4cOKEg5cCZf8GoRwR3X5DRzM7aW3u7cRInu1Y+H2n2vTdv5s1vfpkZz8wq2gAvreX3M/UoRZavvrtZtne2W52d7da9fj3JuSSNZCZJUc7+a5Ivk630pnyz3zFQHlF8vnxr9eFnV3qtmXqqli9GrXc8+7E0e7FW5UmNt/jM4x3s4VySi3UJY7fX96+h3c94XgIAk6xIzgyb30zO1zfr5XNA7664d499qm2NOwAAAAB4AV7ZzW42c2HccQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBpUv/+f1FPjX59LkX/9/+n63mp66fao3EHAAAAAAAAAADHNOpL+u/uZjebudBv7xXVd/5vVo1L1ec38lE20s56rmUzK+mmm/UsJGkObmRzpdtdXzjGmotD11w82X0GAAAAAAAAgJfMp1k++P4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmQZGc6RXVdKlfb6ZxNslMkulyua3kYb9+mj0adwAAAADwAryym91s5kK/vVdUz/yvV8/9M/ko99PNWrrppJ3b1buA3lN/Y2e71dnZbt0rp6Pj/vy/TxRGNWJ67x6Gb3m+WuLy/hrL+VV+m6tT/fbvspJu2pnLO1VtJUWa9duLZj/O4fH+7Cut9x4X6xtVJLO5k7Uqtmu5lQ/Tye00qn2olhm9xT+U2Sl+Wjtmjm7XZblHv67Lcfjf3uE5zSojU/sZma9zX2bj1dGZGHmcTB2Zc3hLC2nsv4O69Bxyfr4uy1y/85xz/ukTLX04E4sDR9/rozORzC/+58Fq5/7d1TsbV8d1GJ2Yw5loDWTiykuViek6G72r6JCrZebyXtazNuRq+Wa17oWs5Tf5MLfTzs3M52aWciOtLOXHWRrI6+W94rHnWuPJzrXv/aCulGf9L4ee/eNS5vXVgbwOXumaVd/gnIMsXTz5K9LZb9WV8mB9e4x/BY46nImFgUy8NjoTf6r+pGx07t9dX115cMztfb8uywz8YqIyUR4vF8t/rKr11aOj7HttaN9C1Xdpv69xpO/yft/jztTp+h7u6EiLVd+VoX2tqu+Ngb5hdzkATLzzb52fnv337D9nv5j94+zq7Lszb5+7ee7b05n6x9m/nflL48+NnxRv5Yv8/uD5HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHobH39yd6XTaa9PdOU7dbSTEo/K01WylUxAGCrHqIz5wgQ8d9e79x5c3/j4kx+u3Vv5oP1B+/6NhaXFGzfml3508/qdtU57vvc57jABgBM08GwGAAAAAAAAAAAAAABMqBfyv74BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeo+X3M/UoRRbmr82X7Z3tVqec+vUkRW/JmX7170m+TLbSm9IcGK74uu0Uny/fWn342ZWDsWb6yxej1jue/VjKj8ahmJ5lvHKcxWce72AP55JcrEsYu/8HAAD//4EQ/90=") syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x181d011, 0x0, 0x0, 0x0, &(0x7f0000000140)) rmdir(&(0x7f0000000780)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 0s ago: executing program 2 (id=7322): symlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x40, 0x7ffc1ffb}]}) llistxattr(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) kernel console output (not intermixed with test programs): [ 793.501313][T17093] netlink: zone id is out of range [ 793.507781][ T5858] usb 3-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 793.518345][ T5858] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 793.527001][ T5858] usb 3-1: Product: syz [ 793.531467][ T5858] usb 3-1: Manufacturer: syz [ 793.536237][ T5858] usb 3-1: SerialNumber: syz [ 793.831738][ T5858] xr_serial 3-1:127.171: xr_serial converter detected [ 793.866237][ T5858] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 793.873548][ T5858] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 793.956620][ T5858] usb 3-1: USB disconnect, device number 14 [ 793.968069][ T5858] xr_serial 3-1:127.171: device disconnected [ 794.107944][T17102] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5269'. [ 795.112323][T17118] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 795.119754][T17118] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 795.128569][T17118] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 797.402964][T17156] netlink: 'syz.4.5292': attribute type 21 has an invalid length. [ 797.411562][T17156] netlink: 132 bytes leftover after parsing attributes in process `syz.4.5292'. [ 798.700990][T14886] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 798.833533][T17170] loop2: detected capacity change from 0 to 4096 [ 798.927005][T14886] usb 2-1: not running at top speed; connect to a high speed hub [ 798.979449][T14886] usb 2-1: config 95 has an invalid interface number: 1 but max is 0 [ 798.988005][T14886] usb 2-1: config 95 has no interface number 0 [ 798.994656][T14886] usb 2-1: config 95 interface 1 has no altsetting 0 [ 799.119436][T14886] usb 2-1: string descriptor 0 read error: -22 [ 799.126573][T14886] usb 2-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79 [ 799.135998][T14886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 799.755284][T14886] usb 2-1: USB disconnect, device number 15 [ 799.966167][ T5858] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 800.174703][ T5858] usb 5-1: Using ep0 maxpacket: 16 [ 800.177388][T17195] netlink: 'syz.2.5310': attribute type 3 has an invalid length. [ 800.222078][ T5858] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 800.287341][ T5858] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 800.297118][ T5858] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 800.305607][ T5858] usb 5-1: Product: syz [ 800.311910][ T5858] usb 5-1: Manufacturer: syz [ 800.316754][ T5858] usb 5-1: SerialNumber: syz [ 800.340916][ T5858] usb 5-1: config 0 descriptor?? [ 800.361267][ T5858] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 800.371131][ T5858] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 800.728682][T17201] loop3: detected capacity change from 0 to 256 [ 800.862696][ T5858] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 800.906412][T17201] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x235a34ad, utbl_chksum : 0xe619d30d) [ 801.021377][ T5858] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 801.029591][ T5858] em28xx 5-1:0.0: board has no eeprom [ 801.151121][ T5858] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 801.159293][ T5858] em28xx 5-1:0.0: dvb set to bulk mode. [ 801.166152][ T5884] em28xx 5-1:0.0: Binding DVB extension [ 801.271563][ T5858] usb 5-1: USB disconnect, device number 19 [ 801.279184][ T5858] em28xx 5-1:0.0: Disconnecting em28xx [ 801.652392][ T5884] em28xx 5-1:0.0: Registering input extension [ 801.675109][ T5858] em28xx 5-1:0.0: Closing input extension [ 801.714595][ T5858] em28xx 5-1:0.0: Freeing device [ 803.461879][T17255] netlink: 45 bytes leftover after parsing attributes in process `syz.3.5341'. [ 803.490859][ T5858] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 803.695975][ T5858] usb 5-1: config 48 has an invalid descriptor of length 0, skipping remainder of the config [ 803.706673][ T5858] usb 5-1: config 48 interface 0 altsetting 98 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 803.718158][ T5858] usb 5-1: config 48 interface 0 altsetting 98 endpoint 0x4 has invalid wMaxPacketSize 0 [ 803.728333][ T5858] usb 5-1: config 48 interface 0 altsetting 98 endpoint 0x8 has an invalid bInterval 0, changing to 7 [ 803.739699][ T5858] usb 5-1: config 48 interface 0 altsetting 98 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 803.753516][ T5858] usb 5-1: config 48 interface 0 has no altsetting 0 [ 803.771608][ T5858] usb 5-1: New USB device found, idVendor=1784, idProduct=0006, bcdDevice=bb.2f [ 803.781522][ T5858] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 803.789699][ T5858] usb 5-1: Product: syz [ 803.794343][ T5858] usb 5-1: Manufacturer: syz [ 803.799151][ T5858] usb 5-1: SerialNumber: syz [ 804.107549][ T5858] usb 5-1: USB disconnect, device number 20 [ 804.532946][T17276] netlink: 'syz.0.5351': attribute type 3 has an invalid length. [ 804.541311][T17276] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.5351'. [ 804.891585][T17280] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5353'. [ 805.060089][T17287] binder: Bad value for 'stats' [ 806.162345][T17312] loop1: detected capacity change from 0 to 256 [ 806.193555][T17312] exfat: Deprecated parameter 'utf8' [ 806.316316][T17312] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 806.554900][T17322] sctp: [Deprecated]: syz.0.5373 (pid 17322) Use of int in maxseg socket option. [ 806.554900][T17322] Use struct sctp_assoc_value instead [ 807.463113][T17338] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5381'. [ 807.473088][T17338] veth0_to_bond: entered allmulticast mode [ 809.357460][T17365] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5394'. [ 809.398761][T17367] netlink: 'syz.1.5395': attribute type 1 has an invalid length. [ 809.406879][T17367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5395'. [ 809.508301][T17368] ALSA: mixer_oss: invalid OSS volume '¡' [ 809.995657][T17380] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5401'. [ 810.066532][T17381] loop2: detected capacity change from 0 to 1024 [ 810.527278][ T4341] hfsplus: b-tree write err: -5, ino 4 [ 810.805194][T17394] CIFS mount error: No usable UNC path provided in device string! [ 810.805194][T17394] [ 810.816252][T17394] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 811.097237][T17401] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5412'. [ 811.143733][T14886] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 811.364009][T14886] usb 4-1: Using ep0 maxpacket: 32 [ 811.415811][T14886] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 811.426461][T14886] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 811.436406][T14886] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 811.558490][T14886] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 811.568510][T14886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 811.577028][T14886] usb 4-1: Product: syz [ 811.581639][T14886] usb 4-1: Manufacturer: syz [ 811.586468][T14886] usb 4-1: SerialNumber: syz [ 811.685669][T14886] cdc_ncm 4-1:1.0: skipping garbage [ 811.692189][T14886] cdc_ncm 4-1:1.0: invalid descriptor buffer length [ 811.698955][T14886] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 811.706207][T14886] cdc_ncm 4-1:1.0: bind() failure [ 811.906051][T14886] usb 4-1: USB disconnect, device number 19 [ 813.255062][T17442] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5432'. [ 813.559456][T17445] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5433'. [ 814.651499][T17470] tmpfs: Bad value for 'mpol' [ 814.966410][T17475] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5447'. [ 815.181116][T14886] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 815.389414][T14886] usb 3-1: config index 0 descriptor too short (expected 64575, got 68) [ 815.398206][T14886] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 815.409104][T14886] usb 3-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping [ 815.420391][T14886] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 815.535012][T14886] usb 3-1: config index 1 descriptor too short (expected 64575, got 68) [ 815.543916][T14886] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 815.554712][T14886] usb 3-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping [ 815.566009][T14886] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 815.721779][T14886] usb 3-1: string descriptor 0 read error: -71 [ 815.728592][T14886] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 815.738620][T14886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 815.815146][T14886] usb 3-1: can't set config #1, error -71 [ 815.860744][T14886] usb 3-1: USB disconnect, device number 15 [ 816.035557][T17495] loop4: detected capacity change from 0 to 1024 [ 816.142651][T17495] Quota error (device loop4): do_check_range: Getting block 64 out of range 1-5 [ 816.153852][T17495] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 816.164094][T17495] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.5456: Failed to acquire dquot type 0 [ 816.312050][T17495] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 816.327219][T17495] EXT4-fs error (device loop4): ext4_do_update_inode:5563: inode #13: comm syz.4.5456: corrupted inode contents [ 816.376499][T17495] EXT4-fs error (device loop4): ext4_dirty_inode:6454: inode #13: comm syz.4.5456: mark_inode_dirty error [ 816.417065][T17495] EXT4-fs error (device loop4): ext4_do_update_inode:5563: inode #13: comm syz.4.5456: corrupted inode contents [ 816.491168][T17495] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #13: comm syz.4.5456: mark_inode_dirty error [ 816.585821][T17495] EXT4-fs error (device loop4): ext4_do_update_inode:5563: inode #13: comm syz.4.5456: corrupted inode contents [ 816.697807][T17495] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 816.772641][T17495] EXT4-fs error (device loop4): ext4_do_update_inode:5563: inode #13: comm syz.4.5456: corrupted inode contents [ 816.857040][T17495] EXT4-fs error (device loop4): ext4_truncate:4592: inode #13: comm syz.4.5456: mark_inode_dirty error [ 816.886645][T17495] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 816.941967][T17495] EXT4-fs (loop4): 1 truncate cleaned up [ 816.972453][T17495] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 817.141828][T17495] Quota error (device loop4): do_check_range: Getting block 64 out of range 1-5 [ 817.151590][T17495] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 817.161326][T17495] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.5456: Failed to acquire dquot type 0 [ 817.353693][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 817.892989][T17528] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 818.179400][T17536] netlink: 48 bytes leftover after parsing attributes in process `syz.1.5476'. [ 818.189275][T17536] unsupported nla_type 52263 [ 818.317664][T17539] loop3: detected capacity change from 0 to 128 [ 818.385235][T17539] FAT-fs (loop3): Directory bread(block 162) failed [ 818.392498][T17539] FAT-fs (loop3): Directory bread(block 163) failed [ 818.399344][T17539] FAT-fs (loop3): Directory bread(block 164) failed [ 818.406492][T17539] FAT-fs (loop3): Directory bread(block 165) failed [ 818.413463][T17539] FAT-fs (loop3): Directory bread(block 166) failed [ 818.420287][T17539] FAT-fs (loop3): Directory bread(block 167) failed [ 818.427362][T17539] FAT-fs (loop3): Directory bread(block 168) failed [ 818.434316][T17539] FAT-fs (loop3): Directory bread(block 169) failed [ 818.670431][T17539] FAT-fs (loop3): Directory bread(block 162) failed [ 818.677440][T17539] FAT-fs (loop3): Directory bread(block 163) failed [ 818.770957][T17539] syz.3.5477: attempt to access beyond end of device [ 818.770957][T17539] loop3: rw=3, sector=226, nr_sectors = 6 limit=128 [ 818.784877][T17539] syz.3.5477: attempt to access beyond end of device [ 818.784877][T17539] loop3: rw=2051, sector=232, nr_sectors = 2 limit=128 [ 819.021853][ T30] audit: type=1326 audit(1753915258.770:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17549 comm="syz.0.5482" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 819.045006][ T30] audit: type=1326 audit(1753915258.780:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17549 comm="syz.0.5482" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 819.067184][ C0] vkms_vblank_simulate: vblank timer overrun [ 819.076235][ T30] audit: type=1326 audit(1753915258.780:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17549 comm="syz.0.5482" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 819.098434][ C0] vkms_vblank_simulate: vblank timer overrun [ 819.162598][ T30] audit: type=1326 audit(1753915258.870:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17549 comm="syz.0.5482" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 819.184783][ C0] vkms_vblank_simulate: vblank timer overrun [ 819.191790][ T30] audit: type=1326 audit(1753915258.900:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17549 comm="syz.0.5482" exe="/root/syz-executor" sig=0 arch=40000003 syscall=374 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 819.214740][ T30] audit: type=1326 audit(1753915258.900:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17549 comm="syz.0.5482" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 820.192717][T17572] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5492'. [ 820.202618][T17572] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5492'. [ 820.691235][T17580] usb usb1: usbfs: process 17580 (syz.0.5494) did not claim interface 0 before use [ 821.062028][ T5858] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 821.317206][ T5858] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 821.326686][ T5858] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 821.335323][ T5858] usb 4-1: Product: syz [ 821.339628][ T5858] usb 4-1: Manufacturer: syz [ 821.346568][ T5858] usb 4-1: SerialNumber: syz [ 821.351529][T14886] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 821.558777][ T5858] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 821.581481][T14886] usb 1-1: Using ep0 maxpacket: 8 [ 821.665905][T14886] usb 1-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 821.675593][T14886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 821.685196][T14886] usb 1-1: Product: syz [ 821.689531][T14886] usb 1-1: Manufacturer: syz [ 821.695114][T14886] usb 1-1: SerialNumber: syz [ 821.697114][ T5884] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 821.923778][T14886] usb 1-1: config 0 descriptor?? [ 822.022901][T14886] radio-usb-si4713 1-1:0.0: Si4713 development board discovered: (10C4:8244) [ 822.353706][T14886] radio-usb-si4713 1-1:0.0: probe with driver radio-usb-si4713 failed with error -71 [ 822.365343][T14886] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 822.409190][ T42] usb 4-1: USB disconnect, device number 20 [ 822.551039][T14886] usb 1-1: USB disconnect, device number 29 [ 822.826170][ T5884] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 822.834542][ T5884] ath9k_htc: Failed to initialize the device [ 822.866118][ T42] usb 4-1: ath9k_htc: USB layer deinitialized [ 823.152131][T17619] netlink: 'syz.1.5509': attribute type 3 has an invalid length. [ 823.160066][T17619] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.5509'. [ 823.349336][T17625] netlink: 'syz.3.5512': attribute type 1 has an invalid length. [ 823.357500][T17625] netlink: 224 bytes leftover after parsing attributes in process `syz.3.5512'. [ 825.129360][T17661] loop0: detected capacity change from 0 to 1024 [ 825.560336][T17673] IPv6: Can't replace route, no match found [ 825.858408][T17675] loop3: detected capacity change from 0 to 2048 [ 825.954224][T17675] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 826.346449][T17687] loop0: detected capacity change from 0 to 16 [ 826.392402][T17687] erofs (device loop0): mounted with root inode @ nid 36. [ 826.492391][T17687] erofs (device loop0): invalid tail-packing pclustersize 32768 [ 826.500273][T17687] erofs (device loop0): invalid tail-packing pclustersize 32768 [ 826.508310][T17687] erofs (device loop0): read error -117 @ 32811 of nid 36 [ 826.524501][T17692] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5546'. [ 826.740917][ T42] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 826.877245][T17699] loop4: detected capacity change from 0 to 132 [ 826.959373][ T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 826.970060][ T42] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 826.980143][ T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 826.990333][ T42] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0 [ 827.090871][ T42] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0017, bcdDevice=2f.a3 [ 827.100321][ T42] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 827.111272][ T42] usb 4-1: Product: syz [ 827.115721][ T42] usb 4-1: Manufacturer: syz [ 827.120491][ T42] usb 4-1: SerialNumber: syz [ 827.155925][ T42] usb 4-1: config 0 descriptor?? [ 827.174926][ T42] kvaser_usb 4-1:0.0: error -EMSGSIZE: Cannot get software info [ 827.182990][ T42] kvaser_usb 4-1:0.0: probe with driver kvaser_usb failed with error -90 [ 827.399928][ T5884] usb 4-1: USB disconnect, device number 21 [ 828.069056][T17720] gre2: entered allmulticast mode [ 828.193192][T17722] Ù€: renamed from veth1_to_hsr (while UP) [ 829.491392][T17741] IPv6: NLM_F_CREATE should be specified when creating new route [ 830.408641][T17764] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5581'. [ 832.948949][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 832.949022][ T30] audit: type=1400 audit(1753915272.700:155): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=17811 comm="syz.4.5604" [ 833.598128][T17817] loop3: detected capacity change from 0 to 512 [ 833.712718][T17817] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 833.726016][T17817] ext4 filesystem being mounted at /1111/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 833.782850][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 833.789468][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 834.063018][T17828] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5611'. [ 834.128888][ T5802] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 834.199077][T17829] loop1: detected capacity change from 0 to 1024 [ 834.352637][T17829] Quota error (device loop1): do_check_range: Getting block 64 out of range 1-5 [ 834.362147][T17829] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 834.371885][T17829] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.5610: Failed to acquire dquot type 0 [ 834.435947][T17829] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 834.451248][T17829] EXT4-fs error (device loop1): ext4_do_update_inode:5563: inode #13: comm syz.1.5610: corrupted inode contents [ 834.528550][T17829] EXT4-fs error (device loop1): ext4_dirty_inode:6454: inode #13: comm syz.1.5610: mark_inode_dirty error [ 834.594066][T17829] EXT4-fs error (device loop1): ext4_do_update_inode:5563: inode #13: comm syz.1.5610: corrupted inode contents [ 834.655264][T17829] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #13: comm syz.1.5610: mark_inode_dirty error [ 834.698555][T17829] EXT4-fs error (device loop1): ext4_do_update_inode:5563: inode #13: comm syz.1.5610: corrupted inode contents [ 834.746022][T17829] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 834.811634][T17829] EXT4-fs error (device loop1): ext4_do_update_inode:5563: inode #13: comm syz.1.5610: corrupted inode contents [ 834.838639][T17829] EXT4-fs error (device loop1): ext4_truncate:4592: inode #13: comm syz.1.5610: mark_inode_dirty error [ 834.857296][T17829] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 834.883122][T17829] EXT4-fs (loop1): 1 truncate cleaned up [ 834.891741][T17829] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 835.031403][T17843] netlink: 9 bytes leftover after parsing attributes in process `syz.2.5616'. [ 835.032241][T17829] Quota error (device loop1): do_check_range: Getting block 64 out of range 1-5 [ 835.050288][T17829] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 835.060093][T17829] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.5610: Failed to acquire dquot type 0 [ 835.385677][ T5798] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 836.333395][T17868] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 836.341407][T17868] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 836.396271][T17866] loop1: detected capacity change from 0 to 2048 [ 836.438810][T17866] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 836.534146][T17875] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 836.534399][T17866] syz.1.5629: attempt to access beyond end of device [ 836.534399][T17866] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 836.816295][T17866] NILFS error (device loop1): nilfs_check_folio: bad entry in directory #2: directory entry across blocks - offset=104, inode=16, rec_len=1816, name_len=0 [ 836.912862][T17866] Remounting filesystem read-only [ 838.183968][T17907] tmpfs: Bad value for 'mpol' [ 839.337998][T17929] loop2: detected capacity change from 0 to 24 [ 840.012521][T17943] netlink: 'syz.2.5666': attribute type 2 has an invalid length. [ 840.020434][T17943] netlink: 17 bytes leftover after parsing attributes in process `syz.2.5666'. [ 840.927012][ T49] Bluetooth: hci4: unexpected cc 0x0c22 length: 63 > 1 [ 840.934290][ T49] Bluetooth: hci4: unexpected event for opcode 0x0c22 [ 841.478482][T17970] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5680'. [ 842.860101][T17999] ------------[ cut here ]------------ [ 842.866100][T17999] verifier bug: REG INVARIANTS VIOLATION (false_reg1): range bounds violation u64=[0x2001, 0x2001] s64=[0x2001, 0x2001] u32=[0x2001, 0x2000] s32=[0x2001, 0x2001] var_off=(0x2001, 0x0)(1) [ 842.885480][T17999] WARNING: CPU: 1 PID: 17999 at kernel/bpf/verifier.c:2728 reg_bounds_sanity_check+0xb26/0x14b0 [ 842.896508][T17999] Modules linked in: [ 842.900768][T17999] CPU: 1 UID: 0 PID: 17999 Comm: syz.1.5694 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(none) [ 842.912856][T17999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 842.923287][T17999] RIP: 0010:reg_bounds_sanity_check+0xb26/0x14b0 [ 842.929971][T17999] Code: ff ff ff b5 20 ff ff ff ff b5 18 ff ff ff ff b5 48 ff ff ff ff b5 10 ff ff ff ff b5 08 ff ff ff e8 3f 72 02 ff 48 83 c4 38 90 <0f> 0b 90 90 4c 8b bd 70 ff ff ff e9 83 f8 ff ff 8b 3a e8 e3 f3 78 [ 842.950066][T17999] RSP: 0018:ffff888053ea2f28 EFLAGS: 00010286 [ 842.956798][T17999] RAX: ffffffff81207e2e RBX: ffff8881161d3438 RCX: 0000000000080000 [ 842.965200][T17999] RDX: ffffc90008c03000 RSI: 000000000000b4a1 RDI: 000000000000b4a2 [ 842.973473][T17999] RBP: ffff888053ea30a8 R08: ffffea000000000f R09: 0000000000000000 [ 842.981829][T17999] R10: ffff888237b4e028 R11: ffff88823f273880 R12: 0000000000000000 [ 842.989979][T17999] R13: ffff88804b90ac20 R14: 0000000000000000 R15: 0000000000000000 [ 842.998298][T17999] FS: 0000000000000000(0000) GS:ffff8881aa9bd000(0063) knlGS:00000000f5076b40 [ 843.007576][T17999] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 843.014480][T17999] CR2: 00000000f72238a0 CR3: 0000000053fec000 CR4: 00000000003526f0 [ 843.022819][T17999] Call Trace: [ 843.026240][T17999] [ 843.029302][T17999] ? kmsan_get_metadata+0xfb/0x160 [ 843.035010][T17999] reg_set_min_max+0x3a8/0x440 [ 843.040024][T17999] check_cond_jmp_op+0x3187/0x4820 [ 843.046029][T17999] do_check+0x2374/0x15760 [ 843.050801][T17999] ? kmsan_get_metadata+0xfb/0x160 [ 843.056173][T17999] ? __pfx_verbose+0x10/0x10 [ 843.061100][T17999] ? __pfx_disasm_kfunc_name+0x10/0x10 [ 843.066897][T17999] do_check_common+0x2470/0x36e0 [ 843.072339][T17999] bpf_check+0x61f8/0x2a000 [ 843.077038][T17999] ? pcpu_block_refresh_hint+0x450/0x580 [ 843.083067][T17999] ? kmsan_get_metadata+0xfb/0x160 [ 843.088419][T17999] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 843.094638][T17999] ? kmsan_get_metadata+0x150/0x160 [ 843.100096][T17999] ? kmsan_get_metadata+0xfb/0x160 [ 843.105654][T17999] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 843.112117][T17999] ? kmsan_get_metadata+0xfb/0x160 [ 843.117456][T17999] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 843.123687][T17999] ? kmsan_get_metadata+0xfb/0x160 [ 843.129023][T17999] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 843.135629][T17999] ? strncpy_from_user+0x41/0x470 [ 843.141023][T17999] ? stack_depot_save_flags+0x35/0x7b0 [ 843.146709][T17999] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 843.153373][T17999] ? kmsan_get_metadata+0xfb/0x160 [ 843.158714][T17999] ? kmsan_get_metadata+0xfb/0x160 [ 843.164346][T17999] ? kmsan_get_metadata+0xfb/0x160 [ 843.169689][T17999] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 843.176364][T17999] ? kmsan_get_metadata+0xfb/0x160 [ 843.181872][T17999] ? kmsan_get_metadata+0xfb/0x160 [ 843.187217][T17999] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 843.193402][T17999] bpf_prog_load+0x28e6/0x2e50 [ 843.198440][T17999] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 843.205183][T17999] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 843.211634][T17999] ? security_bpf+0x88/0x620 [ 843.216457][T17999] ? _copy_from_user+0xcb/0x100 [ 843.221866][T17999] __sys_bpf+0x7f4/0xed0 [ 843.226345][T17999] __ia32_sys_bpf+0xa4/0xf0 [ 843.231219][T17999] ia32_sys_call+0xadf/0x4310 [ 843.236085][T17999] __do_fast_syscall_32+0xb0/0x150 [ 843.241585][T17999] do_fast_syscall_32+0x38/0x80 [ 843.246669][T17999] do_SYSENTER_32+0x1f/0x30 [ 843.251547][T17999] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 843.258108][T17999] RIP: 0023:0xf7f58539 [ 843.262526][T17999] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 843.283176][T17999] RSP: 002b:00000000f507655c EFLAGS: 00000206 ORIG_RAX: 0000000000000165 [ 843.291964][T17999] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800002c0 [ 843.300106][T17999] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 843.308420][T17999] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 843.316807][T17999] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 843.325088][T17999] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 843.333378][T17999] [ 843.336528][T17999] ---[ end trace 0000000000000000 ]--- [ 843.955573][T18010] loop0: detected capacity change from 0 to 1024 [ 844.011342][T18013] CIFS: VFS: Malformed UNC in devname [ 844.039059][T18010] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 844.398202][T18017] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 844.477755][ T5800] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 845.396878][T18042] loop4: detected capacity change from 0 to 512 [ 845.576501][T18042] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 845.590514][T18042] ext4 filesystem being mounted at /1132/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 845.772937][T18042] EXT4-fs error (device loop4): ext4_xattr_block_find:1869: inode #15: comm syz.4.5714: corrupted xattr block 32: invalid header [ 846.136575][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 846.303773][T18063] netlink: 'syz.2.5723': attribute type 11 has an invalid length. [ 846.851741][T18069] loop0: detected capacity change from 0 to 2048 [ 846.904925][T18069] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 847.041027][T18069] syz.0.5726: attempt to access beyond end of device [ 847.041027][T18069] loop0: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 847.057406][T18076] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 847.154688][T18069] syz.0.5726: attempt to access beyond end of device [ 847.154688][T18069] loop0: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 847.171217][T18069] NILFS (loop0): I/O error reading meta-data file (ino=6, block-offset=3) [ 847.179909][T18069] NILFS (loop0): error -5 reading inode: ino=12 [ 847.212410][ T5858] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 847.423838][ T5858] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 847.433519][ T5858] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 847.474816][ T30] audit: type=1326 audit(1753915287.230:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18079 comm="syz.2.5731" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 847.561047][ T5858] usb 5-1: config 0 descriptor?? [ 847.617570][ T30] audit: type=1326 audit(1753915287.300:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18079 comm="syz.2.5731" exe="/root/syz-executor" sig=0 arch=40000003 syscall=81 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 847.640463][ T30] audit: type=1326 audit(1753915287.300:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18079 comm="syz.2.5731" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 847.663178][ T30] audit: type=1326 audit(1753915287.300:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18079 comm="syz.2.5731" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 847.727497][ T5858] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 848.036367][ T5858] gp8psk: usb in 138 operation failed. [ 848.042131][ T5858] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 848.053248][ T5858] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 848.163671][ T5858] usb 5-1: USB disconnect, device number 21 [ 848.681547][T18099] netlink: 'syz.3.5741': attribute type 28 has an invalid length. [ 848.980502][T18104] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5743'. [ 849.055562][T18107] loop4: detected capacity change from 0 to 256 [ 849.097849][T18108] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay' [ 849.114374][T18110] netlink: 'syz.3.5746': attribute type 24 has an invalid length. [ 849.321085][T18107] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 849.461143][ T30] audit: type=1800 audit(1753915289.210:160): pid=18107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5744" name="file1" dev="loop4" ino=1048641 res=0 errno=0 [ 850.229818][T18125] netlink: 'syz.2.5754': attribute type 1 has an invalid length. [ 850.240428][T18125] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 850.637873][T18133] loop1: detected capacity change from 0 to 256 [ 850.658126][ T30] audit: type=1326 audit(1753915290.410:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18131 comm="syz.4.5757" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 850.681744][ T30] audit: type=1326 audit(1753915290.410:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18131 comm="syz.4.5757" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 850.852746][ T30] audit: type=1326 audit(1753915290.460:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18131 comm="syz.4.5757" exe="/root/syz-executor" sig=0 arch=40000003 syscall=377 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 850.874932][ C1] vkms_vblank_simulate: vblank timer overrun [ 850.881753][ T30] audit: type=1326 audit(1753915290.460:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18131 comm="syz.4.5757" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 851.559551][T18154] netlink: 'syz.2.5768': attribute type 3 has an invalid length. [ 851.773493][T18159] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5769'. [ 851.861889][T18161] loop1: detected capacity change from 0 to 64 [ 851.918064][T18163] (unnamed net_device) (uninitialized): down delay (7) is not a multiple of miimon (3), value rounded to 6 ms [ 851.925944][T18161] hfs: unable to locate alternate MDB [ 851.935641][T18161] hfs: continuing without an alternate MDB [ 852.020307][T18163] 8021q: adding VLAN 0 to HW filter on device bond5 [ 853.677464][T18193] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5785'. [ 854.322497][T18205] netlink: 'syz.4.5792': attribute type 32 has an invalid length. [ 854.699474][T18213] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5796'. [ 854.708813][T18213] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5796'. [ 854.995918][T18221] bridge0: entered promiscuous mode [ 855.361579][T18227] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 855.594054][T18224] loop2: detected capacity change from 0 to 4096 [ 855.813806][T18224] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 855.869048][T18238] tc_dump_action: action bad kind [ 855.928509][T18239] loop4: detected capacity change from 0 to 256 [ 855.978746][T18239] exfat: Deprecated parameter 'utf8' [ 855.987579][T18239] exfat: Deprecated parameter 'utf8' [ 855.993926][T18239] exfat: Deprecated parameter 'utf8' [ 856.111018][T18239] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 856.310260][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 856.811740][T18253] openvswitch: netlink: Missing key (keys=40, expected=100) [ 857.982884][T18275] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5826'. [ 858.576379][T18288] ntfs3(nbd3): try to read out of volume at offset 0x0 [ 859.004719][ T5858] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 859.159311][T18295] veth5: entered promiscuous mode [ 859.164910][T18295] veth5: entered allmulticast mode [ 859.192202][ T5858] usb 3-1: Using ep0 maxpacket: 8 [ 859.240630][ T5858] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 859.251209][ T5858] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 859.260460][ T5858] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 859.356049][ T5858] usb 3-1: config 0 descriptor?? [ 859.377704][ T5858] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 859.536971][ T42] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 859.730818][ T42] usb 2-1: Using ep0 maxpacket: 8 [ 859.778804][ T42] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 859.822614][ T5858] gspca_vc032x: reg_w err -71 [ 859.827688][ T5858] vc032x 3-1:0.0: probe with driver vc032x failed with error -71 [ 859.843573][ T42] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 859.853068][ T42] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 859.861628][ T42] usb 2-1: Product: syz [ 859.865984][ T42] usb 2-1: Manufacturer: syz [ 859.870992][ T42] usb 2-1: SerialNumber: syz [ 859.873678][ T5858] usb 3-1: USB disconnect, device number 16 [ 860.196224][ T42] usb 2-1: Invalid connection information received from device [ 860.375049][T18315] netlink: 4580 bytes leftover after parsing attributes in process `syz.3.5846'. [ 860.384665][T18315] netlink: 4580 bytes leftover after parsing attributes in process `syz.3.5846'. [ 860.394414][T18315] netlink: 89 bytes leftover after parsing attributes in process `syz.3.5846'. [ 860.404077][ T42] usb 2-1: USB disconnect, device number 16 [ 860.745527][ T30] audit: type=1326 audit(1753915300.490:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18319 comm="syz.2.5849" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 860.768344][ T30] audit: type=1326 audit(1753915300.500:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18319 comm="syz.2.5849" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 860.791019][ T30] audit: type=1326 audit(1753915300.500:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18319 comm="syz.2.5849" exe="/root/syz-executor" sig=0 arch=40000003 syscall=459 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 860.813657][ T30] audit: type=1326 audit(1753915300.500:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18319 comm="syz.2.5849" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 863.113930][T18352] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 864.016070][T18384] loop4: detected capacity change from 0 to 512 [ 864.143960][T18384] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.5880: dx entry: limit 0 != root limit 125 [ 864.156467][T18384] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.5880: Corrupt directory, running e2fsck is recommended [ 864.212807][T18384] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 864.292318][T18384] EXT4-fs error (device loop4): ext4_iget_extra_inode:5030: inode #15: comm syz.4.5880: corrupted in-inode xattr: invalid ea_ino [ 864.371265][T18384] EXT4-fs (loop4): Remounting filesystem read-only [ 864.408591][ T49] Bluetooth: hci0: command 0x0406 tx timeout [ 864.417322][T18384] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 864.605818][T18384] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. [ 864.928307][T18402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5888'. [ 864.931302][ T5808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 865.231334][T14886] usb 4-1: new full-speed USB device number 22 using dummy_hcd [ 865.335566][T18413] netlink: 144 bytes leftover after parsing attributes in process `syz.0.5893'. [ 865.451903][T14886] usb 4-1: unable to get BOS descriptor or descriptor too short [ 865.511600][T14886] usb 4-1: not running at top speed; connect to a high speed hub [ 865.556068][T14886] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 865.566669][T14886] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4 [ 865.578047][T14886] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 865.716743][T14886] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 865.726371][T14886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 865.734890][T14886] usb 4-1: Product: syz [ 865.739209][T14886] usb 4-1: Manufacturer: syz [ 865.744181][T14886] usb 4-1: SerialNumber: syz [ 866.210416][T14886] usb 4-1: USB disconnect, device number 22 [ 866.729629][ T6242] udevd[6242]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 866.862796][T18439] 9pnet: Found fid 0 not clunked [ 867.449215][T18415] Bluetooth: hci4: command 0x0401 tx timeout [ 868.802614][T18481] netlink: 'syz.1.5927': attribute type 2 has an invalid length. [ 868.810811][T18481] netlink: 'syz.1.5927': attribute type 1 has an invalid length. [ 868.818967][T18481] netlink: 'syz.1.5927': attribute type 1 has an invalid length. [ 869.521503][ T30] audit: type=1107 audit(1753915309.260:169): pid=18494 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 870.161901][ T5858] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 870.248076][T18509] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5940'. [ 870.362485][ T5858] usb 3-1: Using ep0 maxpacket: 16 [ 870.416286][ T5858] usb 3-1: config 0 has an invalid interface number: 104 but max is 1 [ 870.425448][ T5858] usb 3-1: config 0 has an invalid interface number: 104 but max is 1 [ 870.434156][ T5858] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 870.443311][ T5858] usb 3-1: config 0 has no interface number 0 [ 870.449846][ T5858] usb 3-1: config 0 interface 104 altsetting 0 endpoint 0x8 has invalid maxpacket 1340, setting to 64 [ 870.461161][ T5858] usb 3-1: config 0 interface 104 has no altsetting 1 [ 870.547185][ T5858] usb 3-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00 [ 870.556728][ T5858] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 870.566080][ T5858] usb 3-1: Product: syz [ 870.570412][ T5858] usb 3-1: Manufacturer: syz [ 870.575763][ T5858] usb 3-1: SerialNumber: syz [ 870.631914][ T5858] usb 3-1: config 0 descriptor?? [ 870.881957][ T5858] asix 3-1:0.104 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 870.893340][ T5858] asix 3-1:0.104: probe with driver asix failed with error -71 [ 870.933121][ T5858] usb 3-1: USB disconnect, device number 17 [ 871.344640][T18523] loop0: detected capacity change from 0 to 512 [ 871.432262][T18528] tmpfs: Bad value for 'size' [ 871.492761][T18523] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 871.506532][T18523] ext4 filesystem being mounted at /1160/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 871.895229][ T5800] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 872.798942][T18557] openvswitch: netlink: Geneve opt len 5 is not a multiple of 4. [ 873.151446][T18563] binder: 18562:18563 ioctl c0306201 80001040 returned -14 [ 874.151737][T18586] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5978'. [ 874.621495][T18595] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5982'. [ 875.566555][T18617] loop1: detected capacity change from 0 to 1024 [ 875.705198][T18623] loop3: detected capacity change from 0 to 512 [ 875.727897][T18623] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 875.738000][T18623] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 875.759355][T18623] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 875.780462][T18623] System zones: 0-2, 18-18, 34-35 [ 875.789340][T18623] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 875.835511][T18623] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 875.913424][T18623] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 875.963596][T18623] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 876.095550][ T4341] hfsplus: b-tree write err: -5, ino 4 [ 876.233464][ T5802] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 876.431451][ T5858] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 876.603289][ T30] audit: type=1326 audit(1753915316.360:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18634 comm="syz.3.6001" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 876.660926][ T5858] usb 1-1: Using ep0 maxpacket: 32 [ 876.720885][ T5858] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 876.729548][ T5858] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 876.739365][ T5858] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 876.749177][ T5858] usb 1-1: config 1 has no interface number 0 [ 876.756112][ T5858] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 876.766163][ T5858] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 876.779409][ T5858] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 876.784199][ T30] audit: type=1326 audit(1753915316.400:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18634 comm="syz.3.6001" exe="/root/syz-executor" sig=0 arch=40000003 syscall=70 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 876.788758][ T5858] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 876.811177][ T30] audit: type=1326 audit(1753915316.400:172): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=18634 comm="syz.3.6001" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 876.841855][ T30] audit: type=1326 audit(1753915316.400:173): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=18634 comm="syz.3.6001" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 877.124832][T18643] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6006'. [ 877.161121][ T5858] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 877.412323][ T5858] snd_usb_pod 1-1:1.1: invalid control EP [ 877.418420][ T5858] snd_usb_pod 1-1:1.1: cannot start listening: -22 [ 877.425420][ T5858] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 877.434827][ T5858] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 877.705623][T14886] usb 1-1: USB disconnect, device number 30 [ 878.271871][T18663] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6015'. [ 878.281457][T18663] netlink: 60 bytes leftover after parsing attributes in process `syz.3.6015'. [ 880.054026][T18696] loop2: detected capacity change from 0 to 2048 [ 880.261057][T18696] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 881.851489][ T30] audit: type=1326 audit(1753915321.590:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18734 comm="syz.0.6050" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 881.870189][T18731] loop3: detected capacity change from 0 to 256 [ 881.874112][ T30] audit: type=1326 audit(1753915321.600:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18734 comm="syz.0.6050" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 881.902578][ T30] audit: type=1326 audit(1753915321.630:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18734 comm="syz.0.6050" exe="/root/syz-executor" sig=0 arch=40000003 syscall=258 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 881.924960][ T30] audit: type=1326 audit(1753915321.630:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18734 comm="syz.0.6050" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 881.947453][ T30] audit: type=1326 audit(1753915321.630:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18734 comm="syz.0.6050" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 882.367400][T18742] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6054'. [ 882.399106][T18743] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6055'. [ 882.661399][T18746] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6056'. [ 882.838999][T18750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6057'. [ 883.002074][T18752] netlink: 'syz.2.6059': attribute type 12 has an invalid length. [ 883.010254][T18752] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6059'. [ 883.339033][T18757] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6061'. [ 883.828171][T18766] netlink: 'syz.0.6066': attribute type 2 has an invalid length. [ 884.714179][T18785] openvswitch: netlink: VXLAN extension 26 out of range max 1 [ 884.894473][T18792] loop3: detected capacity change from 0 to 8 [ 884.990993][ T5858] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 885.198244][ T5858] usb 1-1: Using ep0 maxpacket: 8 [ 885.235274][ T5858] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 885.246011][ T5858] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 885.317858][ T5858] usb 1-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 885.327629][ T5858] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 885.336189][ T5858] usb 1-1: Product: syz [ 885.343107][ T5858] usb 1-1: Manufacturer: syz [ 885.348554][ T5858] usb 1-1: SerialNumber: syz [ 885.378972][ T5858] usb 1-1: config 0 descriptor?? [ 885.381783][T18799] netdevsim netdevsim4 netdevsim0: left allmulticast mode [ 885.392434][T18799] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 885.417650][T14886] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 885.629211][T14886] usb 2-1: config 0 has an invalid interface number: 255 but max is 0 [ 885.638090][T14886] usb 2-1: config 0 has no interface number 0 [ 885.644578][T14886] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 885.656077][T14886] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 885.669790][T14886] usb 2-1: config 0 interface 255 has no altsetting 0 [ 885.677154][T14886] usb 2-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 885.686587][T14886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 885.838305][T14886] usb 2-1: config 0 descriptor?? [ 885.856799][T14886] ums-realtek 2-1:0.255: USB Mass Storage device detected [ 885.880870][ T5858] usb 1-1: USB disconnect, device number 31 [ 886.121364][T14886] usb 2-1: USB disconnect, device number 17 [ 886.387963][T18814] sit0: entered promiscuous mode [ 886.437341][T18814] netlink: 'syz.3.6087': attribute type 1 has an invalid length. [ 886.445468][T18814] netlink: 1 bytes leftover after parsing attributes in process `syz.3.6087'. [ 887.040339][T18828] loop1: detected capacity change from 0 to 256 [ 887.268395][T18828] FAT-fs (loop1): Directory bread(block 64) failed [ 887.275681][T18828] FAT-fs (loop1): Directory bread(block 65) failed [ 887.282753][T18828] FAT-fs (loop1): Directory bread(block 66) failed [ 887.289490][T18828] FAT-fs (loop1): Directory bread(block 67) failed [ 887.296436][T18828] FAT-fs (loop1): Directory bread(block 68) failed [ 887.303375][T18828] FAT-fs (loop1): Directory bread(block 69) failed [ 887.310210][T18828] FAT-fs (loop1): Directory bread(block 70) failed [ 887.317080][T18828] FAT-fs (loop1): Directory bread(block 71) failed [ 887.324043][T18828] FAT-fs (loop1): Directory bread(block 72) failed [ 887.330874][T18828] FAT-fs (loop1): Directory bread(block 73) failed [ 887.369438][T18835] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6097'. [ 887.745466][T18840] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6099'. [ 888.866630][T18860] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6110'. [ 891.079161][T18908] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6132'. [ 891.911615][T18927] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6142'. [ 892.690397][T18945] loop1: detected capacity change from 0 to 512 [ 892.766960][T18945] EXT4-fs: Ignoring removed nomblk_io_submit option [ 892.856295][T18945] EXT4-fs (loop1): filesystem is read-only [ 892.912728][T18945] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 893.027292][T18945] EXT4-fs (loop1): filesystem is read-only [ 893.033523][T18945] EXT4-fs (loop1): orphan cleanup on readonly fs [ 893.084180][T18945] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #16: comm syz.1.6149: iget: bad i_size value: 648518346341360424 [ 893.208406][T18945] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.6149: couldn't read orphan inode 16 (err -117) [ 893.309833][T18945] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 893.753671][ T5798] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 893.861790][T18967] netlink: 'syz.4.6157': attribute type 21 has an invalid length. [ 893.870033][T18967] netlink: 132 bytes leftover after parsing attributes in process `syz.4.6157'. [ 894.039014][T18969] netlink: 'syz.1.6158': attribute type 6 has an invalid length. [ 894.047285][T18969] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.6158'. [ 894.688962][T18983] delete_channel: no stack [ 895.221675][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 895.228335][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 895.763456][T19007] comedi comedi3: pcl816: I/O port conflict (0x3,16) [ 896.251388][T19017] netlink: 'syz.3.6182': attribute type 11 has an invalid length. [ 896.719430][T19027] loop3: detected capacity change from 0 to 64 [ 897.065272][T19033] ieee802154 phy0 wpan0: encryption failed: -22 [ 897.344093][ T30] audit: type=1326 audit(1753915349.062:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19037 comm="syz.4.6194" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 897.366723][ T30] audit: type=1326 audit(1753915349.082:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19037 comm="syz.4.6194" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 897.389763][ T30] audit: type=1326 audit(1753915349.092:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19037 comm="syz.4.6194" exe="/root/syz-executor" sig=0 arch=40000003 syscall=301 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 897.412279][ T30] audit: type=1326 audit(1753915349.092:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19037 comm="syz.4.6194" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 897.434683][ T30] audit: type=1326 audit(1753915349.092:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19037 comm="syz.4.6194" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 897.470334][T19040] loop1: detected capacity change from 0 to 64 [ 897.827938][T19047] netlink: 'syz.4.6197': attribute type 1 has an invalid length. [ 897.836210][T19047] netlink: 80 bytes leftover after parsing attributes in process `syz.4.6197'. [ 898.072954][T19049] QAT: Invalid ioctl 21531 [ 898.202407][T19053] netlink: 'syz.3.6200': attribute type 5 has an invalid length. [ 898.210305][T19053] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6200'. [ 898.954677][T19068] loop4: detected capacity change from 0 to 8 [ 899.502774][T19077] loop0: detected capacity change from 0 to 64 [ 899.861485][T14886] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 899.892564][T19085] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6216'. [ 899.901917][T19085] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6216'. [ 900.057846][T14886] usb 5-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad [ 900.067496][T14886] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 900.153404][T14886] usb 5-1: config 0 descriptor?? [ 900.423622][T14886] snd-usb-hiface 5-1:0.0: probe with driver snd-usb-hiface failed with error -22 [ 900.521629][T19093] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6220'. [ 900.630029][T14886] usb 5-1: USB disconnect, device number 22 [ 900.797921][T19099] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6223'. [ 900.808341][T19099] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6223'. [ 901.096748][T19103] loop3: detected capacity change from 0 to 512 [ 901.123301][T19103] EXT4-fs: Ignoring removed nobh option [ 901.180061][T19103] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 901.252887][T19103] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.6225: invalid indirect mapped block 2683928664 (level 1) [ 901.271804][ T5858] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 901.359983][T19103] EXT4-fs (loop3): 1 truncate cleaned up [ 901.368173][T19103] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 901.495083][ T5858] usb 2-1: Using ep0 maxpacket: 8 [ 901.525099][ T5858] usb 2-1: config 6 has an invalid interface number: 2 but max is 0 [ 901.533135][T19103] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.6225: Invalid block bitmap block 3 in block_group 0 [ 901.548685][ T5858] usb 2-1: config 6 has no interface number 0 [ 901.559820][ T5858] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 901.563624][T19103] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.6225: Invalid block bitmap block 3 in block_group 0 [ 901.569889][ T5858] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 901.590742][T19103] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.6225: Invalid block bitmap block 3 in block_group 0 [ 901.803322][ T5858] usb 2-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 901.813104][ T5858] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 901.821634][ T5858] usb 2-1: Product: syz [ 901.826093][ T5858] usb 2-1: Manufacturer: syz [ 901.830974][ T5858] usb 2-1: SerialNumber: syz [ 901.902599][ T5858] hso 2-1:6.2: Failed to find INT IN ep [ 902.032467][ T5802] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 902.121090][ T5858] usb 2-1: USB disconnect, device number 18 [ 902.441782][T19129] netlink: 'syz.0.6237': attribute type 3 has an invalid length. [ 903.152131][T19141] netlink: del zone limit has 4 unknown bytes [ 904.138322][T19161] kAFS: No cell specified [ 905.993608][T19201] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6273'. [ 906.120781][T19206] netlink: 140 bytes leftover after parsing attributes in process `syz.1.6274'. [ 906.129993][T19206] netlink: 140 bytes leftover after parsing attributes in process `syz.1.6274'. [ 907.225964][T19231] loop1: detected capacity change from 0 to 1024 [ 907.410976][T19231] hfsplus: invalid extended attribute record [ 907.653830][ T12] hfsplus: b-tree write err: -5, ino 4 [ 908.767105][T19267] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6306'. [ 909.533455][T19286] netlink: 'syz.4.6315': attribute type 2 has an invalid length. [ 910.032818][T14886] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 910.226961][T14886] usb 3-1: Using ep0 maxpacket: 8 [ 910.257912][T14886] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 910.266351][T14886] usb 3-1: config 0 has no interface number 0 [ 910.332293][T14886] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 910.341947][T14886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 910.350124][T14886] usb 3-1: Product: syz [ 910.354738][T14886] usb 3-1: Manufacturer: syz [ 910.359523][T14886] usb 3-1: SerialNumber: syz [ 910.435608][T19306] cifs: Unknown parameter 'no'‘a£Nð[G¶zob,erèèµ;%j¸¼ [ 910.435608][T19306] ‡üzæ,€@q¬Ú÷ôÐåéJ#³"ŽÚh/.W1ȱ¨nNCº"†CÙ×ðÚ<“™+`# ÷Ž¢k²–' [ 910.445471][T14886] usb 3-1: config 0 descriptor?? [ 910.704066][T14886] usb 3-1: Found UVC 0.04 device syz (046d:08c3) [ 910.711099][T14886] usb 3-1: No valid video chain found. [ 910.763729][T14886] usb 3-1: USB disconnect, device number 18 [ 910.993632][T19314] NILFS (nullb0): couldn't find nilfs on the device [ 912.769146][T19335] loop3: detected capacity change from 0 to 4096 [ 912.970909][T19346] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 914.138352][T19363] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (8) [ 914.822563][T19379] raw_sendmsg: syz.3.6361 forgot to set AF_INET. Fix it! [ 917.719820][T19430] loop2: detected capacity change from 0 to 4096 [ 917.731017][ T30] audit: type=1326 audit(1753915369.462:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19438 comm="syz.3.6390" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 917.753710][ T30] audit: type=1326 audit(1753915369.462:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19438 comm="syz.3.6390" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 917.758063][T19430] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512). [ 917.776313][ T30] audit: type=1326 audit(1753915369.482:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19438 comm="syz.3.6390" exe="/root/syz-executor" sig=0 arch=40000003 syscall=385 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 917.776507][ T30] audit: type=1326 audit(1753915369.482:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19438 comm="syz.3.6390" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 917.830153][ T30] audit: type=1326 audit(1753915369.482:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19438 comm="syz.3.6390" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 918.187642][T19430] ntfs3(loop2): Failed to initialize $Extend/$ObjId. [ 918.429570][T19430] ntfs3(loop2): ino=1e, mi_enum_attr [ 918.766620][T19451] misc userio: Invalid payload size [ 919.643291][T19463] Invalid option length (1048125) for dns_resolver key [ 920.021649][ T5858] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 920.359037][ T5858] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 920.368594][ T5858] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 920.377203][ T5858] usb 3-1: Product: syz [ 920.381608][ T5858] usb 3-1: Manufacturer: syz [ 920.386366][ T5858] usb 3-1: SerialNumber: syz [ 920.413060][ T5858] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 920.532777][ T5884] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 920.762677][T19480] loop4: detected capacity change from 0 to 256 [ 920.932641][T19480] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 921.601202][ T5884] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 921.610695][ T5884] ath9k_htc: Failed to initialize the device [ 921.793946][ T5884] usb 3-1: ath9k_htc: USB layer deinitialized [ 922.057604][T12365] usb 3-1: USB disconnect, device number 19 [ 922.506024][T19500] netlink: 830 bytes leftover after parsing attributes in process `syz.0.6420'. [ 922.518882][T19500] ..@ÿ: entered promiscuous mode [ 922.524475][T19500] bond_slave_1: entered promiscuous mode [ 922.734932][T19506] overlay: Unknown parameter 'Zz-#FÇ<æõ]%gCžÊ [ 922.734932][T19506] SÃȘØÈžZ§6ŸÂ' [ 923.305210][T19512] loop2: detected capacity change from 0 to 2048 [ 923.562344][T19512] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 924.027586][T19524] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6432'. [ 924.037474][T19524] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6432'. [ 924.991831][T19541] new mount options do not match the existing superblock, will be ignored [ 925.452458][T19551] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 926.198239][T19564] loop0: detected capacity change from 0 to 2048 [ 926.495807][T19564] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 926.755723][ T30] audit: type=1326 audit(1753915378.502:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 926.861270][T19587] netlink: 148 bytes leftover after parsing attributes in process `syz.2.6461'. [ 926.897831][ T30] audit: type=1326 audit(1753915378.532:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 926.920743][ T30] audit: type=1326 audit(1753915378.532:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 926.944605][ T30] audit: type=1326 audit(1753915378.542:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 926.967130][ T30] audit: type=1326 audit(1753915378.572:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=328 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 926.989525][ T30] audit: type=1326 audit(1753915378.572:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 927.012043][ T30] audit: type=1326 audit(1753915378.572:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 927.034522][ T30] audit: type=1326 audit(1753915378.582:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 927.057031][ T30] audit: type=1326 audit(1753915378.582:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 927.079788][ T30] audit: type=1326 audit(1753915378.582:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19584 comm="syz.4.6459" exe="/root/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 927.304484][T19593] netlink: 48 bytes leftover after parsing attributes in process `syz.4.6465'. [ 927.589574][T19596] loop1: detected capacity change from 0 to 512 [ 927.676532][T19600] netlink: 'syz.3.6468': attribute type 11 has an invalid length. [ 927.752746][T19596] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 927.766357][T19596] ext4 filesystem being mounted at /1306/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 927.965548][T19605] loop4: detected capacity change from 0 to 128 [ 927.987605][T19596] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.6466: Failed to acquire dquot type 0 [ 928.314643][ T5798] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 928.821802][T19621] netlink: 'syz.2.6477': attribute type 21 has an invalid length. [ 928.829914][T19621] netlink: 128 bytes leftover after parsing attributes in process `syz.2.6477'. [ 928.839530][T19621] netlink: 'syz.2.6477': attribute type 4 has an invalid length. [ 928.847688][T19621] netlink: 'syz.2.6477': attribute type 5 has an invalid length. [ 928.855914][T19621] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6477'. [ 929.681514][T19579] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 2: invalid block bitmap [ 930.031503][T19641] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6487'. [ 931.098071][T19663] Option 'ñ•d¸' to dns_resolver key: bad/missing value [ 932.723280][T19698] tmpfs: Bad value for 'mpol' [ 933.515469][T19713] netlink: 'syz.3.6521': attribute type 5 has an invalid length. [ 934.395976][T19731] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6532'. [ 934.405557][T19731] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6532'. [ 934.651593][T19737] netlink: 'syz.2.6534': attribute type 10 has an invalid length. [ 934.671940][T19737] syz_tun: entered promiscuous mode [ 934.732788][T19737] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 935.536541][T19754] netlink: 'syz.3.6542': attribute type 1 has an invalid length. [ 939.013054][T19834] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6581'. [ 939.282476][T19839] netlink: 52 bytes leftover after parsing attributes in process `syz.3.6584'. [ 939.292824][T19839] netlink: 52 bytes leftover after parsing attributes in process `syz.3.6584'. [ 939.302910][T19839] netlink: 52 bytes leftover after parsing attributes in process `syz.3.6584'. [ 941.422148][T19884] netlink: 'syz.2.6606': attribute type 13 has an invalid length. [ 941.565277][T19884] gretap0: refused to change device tx_queue_len [ 941.571947][T19884] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 941.703056][T19891] /dev/nullb0: Can't open blockdev [ 942.130260][T19895] loop4: detected capacity change from 0 to 16 [ 942.210085][T19895] erofs (device loop4): mounted with root inode @ nid 36. [ 942.269216][T19895] syz.4.6611: attempt to access beyond end of device [ 942.269216][T19895] loop4: rw=524288, sector=7864328, nr_sectors = 8 limit=16 [ 942.284419][T19895] syz.4.6611: attempt to access beyond end of device [ 942.284419][T19895] loop4: rw=0, sector=7864328, nr_sectors = 8 limit=16 [ 942.298509][T19895] erofs (device loop4): read error -5 @ 0 of nid 89 [ 942.312018][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 942.312086][ T30] audit: type=1800 audit(1753915394.062:200): pid=19895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.6611" name="file3" dev="loop4" ino=89 res=0 errno=0 [ 942.724507][T19906] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 942.818477][T19910] [U] ¹éMÙ­õáq&’Ù Kœ4 [ 942.823506][T19910] [U] [“)ÎU°}¸Ç”íÚJï¬}N°sef*œ £‡ßÿånZíÀf[F_h®¦'ª„W"óxå~¶Îïú;vA˜)^ˆ`û1C':zÂÞ÷ãÃúÞFObþ *?ÛŸc‹z˜s¯ý<8zNñ·š ñ˜¾ôEy TT<$cÐR¿æ–»/VgßÐã {y«~Y5\—;æƒz–ÓDx ŸƒyöA€ì"xI®f¦{‚Å`A$ã­¡55?­é×s«aãm¢åo‰¤«ýí»*K€¶ [ 942.845384][T19910] [U] ôo‡4 [ 942.848679][T19910] [U] œšU·©bÕ+ '~GIÞƒrQ^Á¿™,(-|¢øúŸ†ë-<ƒ6&µÅh.z9ÉÎ/ÚrJî©°™³ëˆÅ+)Ö­KΦ.›nHÕA#lw#Rf7–PÙªûÍmax€Ï]Œ¤›ln"kŒm +,G¶Sb´hj‚¹Ëxïì§éCÎýQ„ [ 944.432099][T19944] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6635'. [ 945.131319][T19957] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6642'. [ 945.264119][T19961] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6644'. [ 945.996391][ T30] audit: type=1326 audit(1753915397.732:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19974 comm="syz.4.6651" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 946.019046][ T30] audit: type=1326 audit(1753915397.742:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19974 comm="syz.4.6651" exe="/root/syz-executor" sig=0 arch=40000003 syscall=165 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 946.041660][ T30] audit: type=1326 audit(1753915397.742:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19974 comm="syz.4.6651" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 946.063820][ C1] vkms_vblank_simulate: vblank timer overrun [ 946.070303][ T30] audit: type=1326 audit(1753915397.742:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19974 comm="syz.4.6651" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e539 code=0x7ffc0000 [ 947.091117][T19999] sctp: [Deprecated]: syz.4.6662 (pid 19999) Use of struct sctp_assoc_value in delayed_ack socket option. [ 947.091117][T19999] Use struct sctp_sack_info instead [ 947.140963][T20001] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6664'. [ 948.190213][T20019] loop4: detected capacity change from 0 to 2048 [ 948.263119][T20024] netlink: 128 bytes leftover after parsing attributes in process `syz.0.6675'. [ 948.265315][T20019] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 948.273461][T20024] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6675'. [ 949.355029][T20045] program syz.2.6685 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 949.516495][T20049] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6687'. [ 951.237192][T20087] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6703'. [ 951.411174][ T42] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 951.606778][ T42] usb 5-1: Using ep0 maxpacket: 16 [ 951.630465][ T42] usb 5-1: config 0 has an invalid interface number: 45 but max is 0 [ 951.639116][ T42] usb 5-1: config 0 has no interface number 0 [ 951.698029][ T42] usb 5-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=85.00 [ 951.707820][ T42] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 951.716292][ T42] usb 5-1: Product: syz [ 951.720676][ T42] usb 5-1: Manufacturer: syz [ 951.725434][ T42] usb 5-1: SerialNumber: syz [ 951.740128][ T42] usb 5-1: config 0 descriptor?? [ 952.004304][ T42] cdc_subset 5-1:0.45: probe with driver cdc_subset failed with error -22 [ 952.106427][T20101] openvswitch: netlink: Message has 8 unknown bytes. [ 952.114247][T20101] openvswitch: netlink: Actions may not be safe on all matching packets [ 952.185657][T20103] kAFS: unparsable volume name [ 952.229385][T12365] usb 5-1: USB disconnect, device number 23 [ 952.301314][T20105] loop3: detected capacity change from 0 to 512 [ 952.339618][T20105] EXT4-fs: Ignoring removed bh option [ 952.392136][T20105] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 952.402419][T20105] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 952.428669][T20105] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 952.463022][T20105] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 952.493390][T20105] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 952.786527][ T5802] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 953.632320][T20133] syz.4.6726: attempt to access beyond end of device [ 953.632320][T20133] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 953.645815][T20133] syz.4.6726: attempt to access beyond end of device [ 953.645815][T20133] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 953.659084][T20133] Mount JFS Failure: -5 [ 953.663647][T20133] jfs_mount failed w/return code = -5 [ 954.560900][T12365] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 954.770924][T12365] usb 5-1: Using ep0 maxpacket: 8 [ 954.816621][T12365] usb 5-1: config 0 has an invalid interface number: 31 but max is 0 [ 954.825245][T12365] usb 5-1: config 0 has no interface number 0 [ 954.922610][T12365] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 954.932033][T12365] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 954.940212][T12365] usb 5-1: Product: syz [ 954.944989][T12365] usb 5-1: Manufacturer: syz [ 954.949754][T12365] usb 5-1: SerialNumber: syz [ 955.023653][T12365] usb 5-1: config 0 descriptor?? [ 955.461351][T12365] usb 5-1: USB disconnect, device number 24 [ 955.471781][ T6232] udevd[6232]: setting mode of /dev/bus/usb/005/024 to 020664 failed: No such file or directory [ 955.513824][ T6232] udevd[6232]: setting owner of /dev/bus/usb/005/024 to uid=0, gid=0 failed: No such file or directory [ 955.961182][T20174] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (65) [ 956.672798][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 956.679390][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 957.366911][T20201] openvswitch: netlink: IP tunnel TTL not specified. [ 957.742814][T20208] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6761'. [ 957.776720][T20208] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 957.795115][T20209] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6762'. [ 957.805245][T20209] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6762'. [ 960.693678][T20262] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6788'. [ 961.236586][T20275] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6794'. [ 962.674952][T20292] loop3: detected capacity change from 0 to 4096 [ 963.312414][T20292] ntfs3(loop3): try to read out of volume at offset 0x3fffffc7000 [ 964.341396][T12365] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 964.550822][T12365] usb 2-1: Using ep0 maxpacket: 16 [ 964.594900][T12365] usb 2-1: config 0 has an invalid interface number: 237 but max is 0 [ 964.603888][T12365] usb 2-1: config 0 has no interface number 0 [ 964.610139][T12365] usb 2-1: config 0 interface 237 has no altsetting 0 [ 964.702373][T12365] usb 2-1: New USB device found, idVendor=0e41, idProduct=5057, bcdDevice= 6.ad [ 964.712127][T12365] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 964.721822][T12365] usb 2-1: Product: syz [ 964.726151][T12365] usb 2-1: Manufacturer: syz [ 964.731687][T12365] usb 2-1: SerialNumber: syz [ 964.812116][T12365] usb 2-1: config 0 descriptor?? [ 964.835936][T12365] snd_usb_podhd 2-1:0.237: Line 6 POD HD300 found [ 965.090415][T12365] snd_usb_podhd 2-1:0.237: cannot get proper max packet size [ 965.098974][T12365] snd_usb_podhd 2-1:0.237: Line 6 POD HD300 now disconnected [ 965.119607][T12365] snd_usb_podhd 2-1:0.237: probe with driver snd_usb_podhd failed with error -22 [ 965.330902][ T42] usb 2-1: USB disconnect, device number 19 [ 965.578846][T20346] loop3: detected capacity change from 0 to 1024 [ 965.664673][T20350] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6832'. [ 965.758527][T20346] Quota error (device loop3): do_check_range: Getting block 64 out of range 1-5 [ 965.768152][T20346] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 965.778008][T20346] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.6830: Failed to acquire dquot type 0 [ 965.833249][T20346] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 965.848515][T20346] EXT4-fs error (device loop3): ext4_do_update_inode:5563: inode #13: comm syz.3.6830: corrupted inode contents [ 965.904967][T20346] EXT4-fs error (device loop3): ext4_dirty_inode:6454: inode #13: comm syz.3.6830: mark_inode_dirty error [ 965.963343][T20346] EXT4-fs error (device loop3): ext4_do_update_inode:5563: inode #13: comm syz.3.6830: corrupted inode contents [ 965.993148][T20346] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #13: comm syz.3.6830: mark_inode_dirty error [ 966.062144][T20346] EXT4-fs error (device loop3): ext4_do_update_inode:5563: inode #13: comm syz.3.6830: corrupted inode contents [ 966.103600][T20346] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 966.181252][T20346] EXT4-fs error (device loop3): ext4_do_update_inode:5563: inode #13: comm syz.3.6830: corrupted inode contents [ 966.242458][T20346] EXT4-fs error (device loop3): ext4_truncate:4592: inode #13: comm syz.3.6830: mark_inode_dirty error [ 966.304168][T20346] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 966.365583][T20346] EXT4-fs (loop3): 1 truncate cleaned up [ 966.373641][T20346] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 966.545195][T20346] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. [ 966.681945][T20366] netlink: 22 bytes leftover after parsing attributes in process `syz.0.6838'. [ 966.915601][ T5802] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 967.337387][ T42] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 967.564375][ T42] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 967.573898][ T42] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 967.639448][ T42] usb 2-1: config 0 descriptor?? [ 967.678093][ T42] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 968.137669][ T42] gspca_stv06xx: I2C: Read error writing address: -71 [ 968.178920][ T42] usb 2-1: USB disconnect, device number 20 [ 969.153844][T20407] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6859'. [ 969.212908][ T42] kernel write not supported for file /input/event2 (pid: 42 comm: kworker/1:1) [ 969.611569][T20412] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 970.461984][T20430] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6871'. [ 970.471538][T20430] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6871'. [ 970.581176][T20431] [U] „ [ 971.349805][T20448] netlink: 7100 bytes leftover after parsing attributes in process `syz.2.6880'. [ 971.753823][T20452] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6881'. [ 972.761571][T20469] overlay: Unknown parameter 'smackfstransmute' [ 973.366867][T20481] netlink: 'syz.3.6897': attribute type 3 has an invalid length. [ 973.375613][T20481] netlink: 'syz.3.6897': attribute type 3 has an invalid length. [ 974.142199][ T30] audit: type=1326 audit(1753915425.872:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20489 comm="syz.0.6901" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 974.164904][ T30] audit: type=1326 audit(1753915425.872:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20489 comm="syz.0.6901" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 974.187145][ C1] vkms_vblank_simulate: vblank timer overrun [ 974.193825][ T30] audit: type=1326 audit(1753915425.922:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20489 comm="syz.0.6901" exe="/root/syz-executor" sig=0 arch=40000003 syscall=334 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 974.216863][ T30] audit: type=1326 audit(1753915425.922:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20489 comm="syz.0.6901" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 974.239027][ C1] vkms_vblank_simulate: vblank timer overrun [ 974.246627][ T30] audit: type=1326 audit(1753915425.922:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20489 comm="syz.0.6901" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7ffc0000 [ 976.901806][T20545] netlink: 'syz.0.6928': attribute type 281 has an invalid length. [ 977.446986][T20555] netlink: 188 bytes leftover after parsing attributes in process `syz.0.6933'. [ 977.460166][T20554] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6932'. [ 977.900774][ T42] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 978.091032][ T42] usb 4-1: Using ep0 maxpacket: 16 [ 978.130965][ T42] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 978.141458][ T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid maxpacket 262, setting to 64 [ 978.152627][ T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 978.163998][ T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 978.174103][ T42] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 978.364283][ T42] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 978.374536][ T42] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 978.383497][ T42] usb 4-1: Manufacturer: syz [ 978.493931][ T42] usb 4-1: config 0 descriptor?? [ 978.751507][ T42] usb 4-1: USB disconnect, device number 23 [ 979.449056][T20587] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 979.802878][T20594] loop2: detected capacity change from 0 to 1024 [ 980.567788][T20610] binder: 20606:20610 ioctl c0306201 80000080 returned -22 [ 980.962177][T20617] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6962'. [ 981.229943][ T30] audit: type=1326 audit(1753915432.962:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20621 comm="syz.1.6966" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 981.252788][ T30] audit: type=1326 audit(1753915432.962:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20621 comm="syz.1.6966" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 981.467515][ T30] audit: type=1326 audit(1753915433.072:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20621 comm="syz.1.6966" exe="/root/syz-executor" sig=0 arch=40000003 syscall=307 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 981.490179][ T30] audit: type=1326 audit(1753915433.072:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20621 comm="syz.1.6966" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 982.796007][T20652] autofs4:pid:20652:validate_dev_ioctl: invalid path supplied for cmd(0xc018937d) [ 983.103368][T20657] syz.4.6982 (20657): drop_caches: 0 [ 983.705402][T20667] netlink: 144 bytes leftover after parsing attributes in process `syz.3.6988'. [ 985.751126][T20709] delete_channel: no stack [ 986.134807][T20713] netlink: 'syz.1.7011': attribute type 2 has an invalid length. [ 987.137521][T20736] loop4: detected capacity change from 0 to 256 [ 987.471049][ T30] audit: type=1326 audit(1753915439.192:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20740 comm="syz.3.7025" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 987.493237][ C1] vkms_vblank_simulate: vblank timer overrun [ 987.500310][ T30] audit: type=1326 audit(1753915439.192:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20740 comm="syz.3.7025" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 987.522562][ C1] vkms_vblank_simulate: vblank timer overrun [ 987.529583][ T30] audit: type=1326 audit(1753915439.212:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20740 comm="syz.3.7025" exe="/root/syz-executor" sig=0 arch=40000003 syscall=36 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 987.939042][T20736] FAT-fs (loop4): Directory bread(block 64) failed [ 987.945976][T20736] FAT-fs (loop4): Directory bread(block 65) failed [ 987.953276][T20736] FAT-fs (loop4): Directory bread(block 66) failed [ 987.959984][T20736] FAT-fs (loop4): Directory bread(block 67) failed [ 987.967037][T20736] FAT-fs (loop4): Directory bread(block 68) failed [ 987.973836][T20736] FAT-fs (loop4): Directory bread(block 69) failed [ 987.980953][T20736] FAT-fs (loop4): Directory bread(block 70) failed [ 987.987633][T20736] FAT-fs (loop4): Directory bread(block 71) failed [ 987.994633][T20736] FAT-fs (loop4): Directory bread(block 72) failed [ 988.001543][T20736] FAT-fs (loop4): Directory bread(block 73) failed [ 988.166308][T20750] netlink: 68 bytes leftover after parsing attributes in process `syz.1.7029'. [ 988.200851][ T30] audit: type=1326 audit(1753915439.932:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20740 comm="syz.3.7025" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 988.223641][ T30] audit: type=1326 audit(1753915439.932:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20740 comm="syz.3.7025" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 988.467166][T20754] loop2: detected capacity change from 0 to 64 [ 989.117047][T20768] loop2: detected capacity change from 0 to 256 [ 989.163052][T20768] exfat: Deprecated parameter 'utf8' [ 989.168903][T20768] exfat: Deprecated parameter 'utf8' [ 989.175294][T20768] exfat: Deprecated parameter 'utf8' [ 989.357296][T20768] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 989.469406][T20773] hfs: unable to load iocharset "I†#hÆIarsÌ8ÒÎŽ wÑ·}+Ô[S‚“š_. ô,ƒs$n¡FÿBlÿbÆSR,Ð.R]^kŽR¥“Lý/­ J}&Æìo9b6˜Ž\wÜm¨$xšÙçųñCdeOé«jocÚ…`1Ò†Ÿ‚m‰#C”X^ݾOø;;ï©ï¦󣫭Xp­!°ì³+ÿ¥Æ‡ÇK=ÊA ‡­Øa2H‹îKAµ² Š»r·‹pæ" [ 989.616594][T20777] netlink: 44 bytes leftover after parsing attributes in process `syz.1.7042'. [ 989.629688][T20777] netlink: 43 bytes leftover after parsing attributes in process `syz.1.7042'. [ 989.639002][T20777] netlink: 'syz.1.7042': attribute type 6 has an invalid length. [ 989.647091][T20777] netlink: 'syz.1.7042': attribute type 5 has an invalid length. [ 989.655306][T20777] netlink: 43 bytes leftover after parsing attributes in process `syz.1.7042'. [ 990.113270][T20780] loop2: detected capacity change from 0 to 256 [ 990.425982][T20780] FAT-fs (loop2): Directory bread(block 64) failed [ 990.432985][T20780] FAT-fs (loop2): Directory bread(block 65) failed [ 990.439813][T20780] FAT-fs (loop2): Directory bread(block 66) failed [ 990.446739][T20780] FAT-fs (loop2): Directory bread(block 67) failed [ 990.453798][T20780] FAT-fs (loop2): Directory bread(block 68) failed [ 990.461889][T20780] FAT-fs (loop2): Directory bread(block 69) failed [ 990.468733][T20780] FAT-fs (loop2): Directory bread(block 70) failed [ 990.475626][T20780] FAT-fs (loop2): Directory bread(block 71) failed [ 990.482654][T20780] FAT-fs (loop2): Directory bread(block 72) failed [ 990.489347][T20780] FAT-fs (loop2): Directory bread(block 73) failed [ 991.951753][T20814] bond0: (slave caif0): Error: Device type is different from other slaves [ 992.169967][T20820] netlink: 'syz.3.7063': attribute type 2 has an invalid length. [ 992.345464][T20822] netlink: 'syz.2.7064': attribute type 32 has an invalid length. [ 992.354177][T20822] netlink: 'syz.2.7064': attribute type 32 has an invalid length. [ 992.676103][T20828] netlink: 8192 bytes leftover after parsing attributes in process `syz.1.7066'. [ 992.707211][T20830] tmpfs: Bad value for 'mpol' [ 994.121030][ T30] audit: type=1326 audit(1753915445.862:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20854 comm="syz.1.7081" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 994.143558][ T30] audit: type=1326 audit(1753915445.862:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20854 comm="syz.1.7081" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 994.341435][ T30] audit: type=1326 audit(1753915445.912:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20854 comm="syz.1.7081" exe="/root/syz-executor" sig=0 arch=40000003 syscall=291 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 994.364132][ T30] audit: type=1326 audit(1753915445.912:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20854 comm="syz.1.7081" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 994.393298][ T30] audit: type=1326 audit(1753915445.912:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20854 comm="syz.1.7081" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 995.133970][T20878] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7092'. [ 996.180834][T12365] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 996.396494][ T30] audit: type=1326 audit(1753915448.132:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20897 comm="syz.1.7104" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x0 [ 996.479520][T12365] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 996.492189][T12365] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 996.509642][T20902] netlink: 4352 bytes leftover after parsing attributes in process `syz.3.7102'. [ 996.540244][T12365] usb 5-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 996.549844][T12365] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 996.558928][T12365] usb 5-1: Product: syz [ 996.563710][T12365] usb 5-1: Manufacturer: syz [ 996.568461][T12365] usb 5-1: SerialNumber: syz [ 996.609849][T12365] usb 5-1: config 0 descriptor?? [ 996.896186][T12365] powermate: unknown product id 0240 [ 996.912998][T12365] input: Griffin SoundKnob as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input26 [ 996.922567][ T30] audit: type=1326 audit(1753915448.632:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20906 comm="syz.1.7107" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 996.945156][ C1] vkms_vblank_simulate: vblank timer overrun [ 997.062540][ C0] powermate: config urb returned -71 [ 997.070972][ C0] powermate: config urb returned -71 [ 997.080927][ C0] powermate: config urb returned -71 [ 997.086971][ C0] powermate: config urb returned -71 [ 997.132505][ C0] powermate 5-1:0.0: powermate_irq - usb_submit_urb failed with result: -19 [ 997.139870][ T30] audit: type=1326 audit(1753915448.722:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20906 comm="syz.1.7107" exe="/root/syz-executor" sig=0 arch=40000003 syscall=384 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 997.141759][T12365] usb 5-1: USB disconnect, device number 25 [ 997.170372][ T30] audit: type=1326 audit(1753915448.722:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20906 comm="syz.1.7107" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 997.192654][ C1] vkms_vblank_simulate: vblank timer overrun [ 997.199186][ T30] audit: type=1326 audit(1753915448.722:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20906 comm="syz.1.7107" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 999.677285][T20955] netlink: 52 bytes leftover after parsing attributes in process `syz.3.7130'. [ 999.707181][ T42] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 999.911225][ T42] usb 1-1: Using ep0 maxpacket: 8 [ 999.960219][ T42] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 999.970641][ T42] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 999.981225][ T42] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 999.991750][ T42] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1000.005174][ T42] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1000.014610][ T42] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1000.349742][ T30] audit: type=1326 audit(1753915452.092:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20965 comm="syz.1.7135" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 1000.372996][ T30] audit: type=1326 audit(1753915452.092:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20965 comm="syz.1.7135" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 1000.395323][ C1] vkms_vblank_simulate: vblank timer overrun [ 1000.402313][ T42] usb 1-1: GET_CAPABILITIES returned 0 [ 1000.408038][ T42] usbtmc 1-1:16.0: can't read capabilities [ 1000.432270][T20968] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7136'. [ 1000.581324][ T5858] usb 1-1: USB disconnect, device number 32 [ 1000.635683][ T30] audit: type=1326 audit(1753915452.202:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20965 comm="syz.1.7135" exe="/root/syz-executor" sig=0 arch=40000003 syscall=123 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 1000.659132][ T30] audit: type=1326 audit(1753915452.202:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20965 comm="syz.1.7135" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 1000.681710][ T30] audit: type=1326 audit(1753915452.202:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20965 comm="syz.1.7135" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f58539 code=0x7ffc0000 [ 1000.874075][T20972] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7138'. [ 1001.299875][T20980] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7142'. [ 1001.766095][T20989] netlink: 64 bytes leftover after parsing attributes in process `syz.1.7146'. [ 1001.775664][T20989] netlink: 64 bytes leftover after parsing attributes in process `syz.1.7146'. [ 1002.273577][ T30] audit: type=1326 audit(1753915454.012:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20994 comm="syz.3.7151" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 1002.295772][ C1] vkms_vblank_simulate: vblank timer overrun [ 1002.302925][ T30] audit: type=1326 audit(1753915454.012:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20994 comm="syz.3.7151" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 1002.325081][ C1] vkms_vblank_simulate: vblank timer overrun [ 1002.492680][ T30] audit: type=1326 audit(1753915454.122:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20994 comm="syz.3.7151" exe="/root/syz-executor" sig=0 arch=40000003 syscall=29 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 1003.617409][T21019] loop3: detected capacity change from 0 to 512 [ 1003.654595][T21019] EXT4-fs: Ignoring removed bh option [ 1003.722704][T21019] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 1003.866292][T21019] EXT4-fs (loop3): 1 truncate cleaned up [ 1003.874264][T21019] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1003.976629][T21019] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1004.202354][T21031] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7165'. [ 1004.212839][T21031] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 1006.089286][T21068] loop1: detected capacity change from 0 to 64 [ 1006.366685][T21075] : Can't lookup blockdev [ 1006.840706][T21080] loop1: detected capacity change from 0 to 64 [ 1007.190883][ T5858] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 1007.391281][ T5858] usb 3-1: Using ep0 maxpacket: 16 [ 1007.417568][ T5858] usb 3-1: config index 0 descriptor too short (expected 65038, got 27) [ 1007.426999][ T5858] usb 3-1: config 0 has too many interfaces: 150, using maximum allowed: 32 [ 1007.436134][ T5858] usb 3-1: config 0 descriptor has 1 excess byte, ignoring [ 1007.443686][ T5858] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 150 [ 1007.453229][ T5858] usb 3-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55 [ 1007.462604][ T5858] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1007.612833][ T5858] usb 3-1: config 0 descriptor?? [ 1007.862011][T12376] usb 3-1: USB disconnect, device number 20 [ 1007.881070][T16509] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1008.015093][T16509] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1008.236505][T16509] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1008.352510][T16509] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1008.677414][T16509] bridge0: port 3(team0) entered disabled state [ 1008.704428][T16509] bridge_slave_1: left allmulticast mode [ 1008.711705][T16509] bridge_slave_1: left promiscuous mode [ 1008.718122][T16509] bridge0: port 2(bridge_slave_1) entered disabled state [ 1008.745738][T16509] bridge_slave_0: left allmulticast mode [ 1008.751856][T16509] bridge_slave_0: left promiscuous mode [ 1008.758267][T16509] bridge0: port 1(bridge_slave_0) entered disabled state [ 1009.514135][T16509] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1009.548059][T21108] netlink: 'syz.3.7203': attribute type 1 has an invalid length. [ 1009.602832][T16509] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1009.659322][T16509] bond0 (unregistering): Released all slaves [ 1009.679551][T16509] bond1 (unregistering): Released all slaves [ 1009.699827][T16509] bond2 (unregistering): Released all slaves [ 1009.730946][T12376] usb 1-1: new full-speed USB device number 33 using dummy_hcd [ 1009.807292][T16509] bond3 (unregistering): Released all slaves [ 1009.984412][T12376] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1009.995769][T12376] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1088, setting to 64 [ 1010.007055][T12376] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1010.018447][T12376] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1010.028520][T12376] usb 1-1: New USB device found, idVendor=1e71, idProduct=2019, bcdDevice= 0.00 [ 1010.037857][T12376] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1010.203558][T12376] usb 1-1: config 0 descriptor?? [ 1010.211342][T21102] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1010.408303][T18415] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1010.417944][T18415] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1010.429905][T18415] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1010.463924][T18415] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1010.475775][T21110] loop4: detected capacity change from 0 to 4096 [ 1010.497090][T18415] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1010.882412][T12376] nzxt-smart2 0003:1E71:2019.0001: hidraw0: USB HID v0.07 Device [HID 1e71:2019] on usb-dummy_hcd.0-1/input0 [ 1010.969264][T21116] xfrm0 speed is unknown, defaulting to 1000 [ 1011.069045][T12376] usb 1-1: USB disconnect, device number 33 [ 1011.446302][T21130] IPVS: length: 135 != 24 [ 1011.652691][ T30] audit: type=1800 audit(1753915463.392:237): pid=21110 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.7205" name="file1" dev="loop4" ino=33 res=0 errno=0 [ 1011.880807][T16509] hsr_slave_0: left promiscuous mode [ 1011.922084][T16509] hsr_slave_1: left promiscuous mode [ 1011.929719][T16509] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1011.940986][T16509] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1011.993222][T16509] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1012.001015][T16509] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1012.092652][T16509] veth1_macvtap: left promiscuous mode [ 1012.098438][T16509] veth0_macvtap: left promiscuous mode [ 1012.104432][T16509] veth1_vlan: left promiscuous mode [ 1012.187922][T21126] fido_id[21126]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 1012.641434][T18415] Bluetooth: hci1: command tx timeout [ 1013.108068][T16509] vlan1 (unregistering): left promiscuous mode [ 1013.117490][T16509] team0 (unregistering): Port device vlan1 removed [ 1013.296636][T16509] team_slave_1 (unregistering): left promiscuous mode [ 1013.305838][T16509] team_slave_1 (unregistering): left allmulticast mode [ 1013.335771][T16509] team0 (unregistering): Port device team_slave_1 removed [ 1013.375039][T16509] team_slave_0 (unregistering): left promiscuous mode [ 1013.382114][T16509] team_slave_0 (unregistering): left allmulticast mode [ 1013.393530][T16509] team0 (unregistering): Port device team_slave_0 removed [ 1013.800165][T21135] netlink: 666 bytes leftover after parsing attributes in process `syz.2.7212'. [ 1014.725035][T18415] Bluetooth: hci1: command tx timeout [ 1014.871612][T21116] chnl_net:caif_netlink_parms(): no params data found [ 1015.527528][T21187] loop4: detected capacity change from 0 to 128 [ 1015.637110][T21187] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 1015.845415][T21187] overlayfs: upper fs needs to support d_type. [ 1015.961358][T21187] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1015.968634][T21187] overlayfs: failed to set xattr on upper [ 1015.974748][T21187] overlayfs: ...falling back to index=off. [ 1015.980817][T21187] overlayfs: ...falling back to uuid=null. [ 1016.498978][T21116] bridge0: port 1(bridge_slave_0) entered blocking state [ 1016.506751][T21116] bridge0: port 1(bridge_slave_0) entered disabled state [ 1016.514645][T21116] bridge_slave_0: entered allmulticast mode [ 1016.528288][T21116] bridge_slave_0: entered promiscuous mode [ 1016.591784][T21205] GUP no longer grows the stack in syz.3.7235 (21205): 80005000-80008000 (80004000) [ 1016.601539][T21205] CPU: 0 UID: 0 PID: 21205 Comm: syz.3.7235 Tainted: G W 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(none) [ 1016.601707][T21205] Tainted: [W]=WARN [ 1016.601751][T21205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1016.601823][T21205] Call Trace: [ 1016.601869][T21205] [ 1016.601913][T21205] __dump_stack+0x26/0x30 [ 1016.602074][T21205] dump_stack_lvl+0x1df/0x270 [ 1016.602230][T21205] dump_stack+0x1e/0x25 [ 1016.602372][T21205] fixup_user_fault+0xcf0/0xe20 [ 1016.602554][T21205] fault_in_user_writeable+0x9a/0x1b0 [ 1016.602723][T21205] futex_lock_pi+0x5a9/0x1530 [ 1016.602841][T21205] ? futex_unqueue+0x22d/0x2c0 [ 1016.603000][T21205] ? kmsan_get_metadata+0xfb/0x160 [ 1016.603168][T21205] ? __se_sys_futex_time32+0x558/0x6c0 [ 1016.603294][T21205] ? __msan_warning+0x1b/0x30 [ 1016.603451][T21205] ? __pfx_futex_wake_mark+0x10/0x10 [ 1016.603626][T21205] do_futex+0x2de/0x480 [ 1016.603792][T21205] __se_sys_futex_time32+0x558/0x6c0 [ 1016.603922][T21205] ? kmsan_get_metadata+0xfb/0x160 [ 1016.604082][T21205] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 1016.604241][T21205] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1016.604445][T21205] __ia32_sys_futex_time32+0x112/0x1a0 [ 1016.604591][T21205] ia32_sys_call+0x3da0/0x4310 [ 1016.604715][T21205] __do_fast_syscall_32+0xb0/0x150 [ 1016.604881][T21205] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 1016.605028][T21205] do_fast_syscall_32+0x38/0x80 [ 1016.605177][T21205] do_SYSENTER_32+0x1f/0x30 [ 1016.605318][T21205] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1016.605473][T21205] RIP: 0023:0xf7f64539 [ 1016.605558][T21205] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1016.605662][T21205] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 00000000000000f0 [ 1016.605773][T21205] RAX: ffffffffffffffda RBX: 0000000080004000 RCX: 000000000000008d [ 1016.605852][T21205] RDX: 00000000fffffffd RSI: 0000000000000000 RDI: 0000000000000000 [ 1016.605924][T21205] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1016.605995][T21205] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1016.606067][T21205] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1016.606168][T21205] [ 1016.851357][T18415] Bluetooth: hci1: command tx timeout [ 1016.962659][T21116] bridge0: port 2(bridge_slave_1) entered blocking state [ 1016.970227][T21116] bridge0: port 2(bridge_slave_1) entered disabled state [ 1016.978699][T21116] bridge_slave_1: entered allmulticast mode [ 1016.987955][T21116] bridge_slave_1: entered promiscuous mode [ 1017.081481][ T5808] UDF-fs: error (device loop4): udf_read_inode: (ino 114) failed !bh [ 1017.170834][ T5808] UDF-fs: error (device loop4): udf_read_inode: (ino 114) failed !bh [ 1017.378113][T21116] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1017.576261][T21116] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1017.965527][T16483] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1017.976355][T16483] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1018.065357][T21116] team0: Port device team_slave_0 added [ 1018.102707][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 1018.109399][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 1018.140002][T21116] team0: Port device team_slave_1 added [ 1018.183929][T16483] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1018.195298][T16483] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1018.439202][T16483] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1018.450275][T16483] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1018.655821][T16483] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1018.666596][T16483] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1018.728765][T21116] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1018.736004][T21116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1018.762422][T21116] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1018.855424][T21116] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1018.862661][T21116] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1018.889756][T21116] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1018.910818][T18415] Bluetooth: hci1: command tx timeout [ 1019.250754][T16483] bridge_slave_1: left allmulticast mode [ 1019.256673][T16483] bridge_slave_1: left promiscuous mode [ 1019.263538][T16483] bridge0: port 2(bridge_slave_1) entered disabled state [ 1019.925642][T16483] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1019.955487][T21240] netlink: 'syz.3.7250': attribute type 30 has an invalid length. [ 1019.987001][T16483] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1020.037916][T16483] bond0 (unregistering): Released all slaves [ 1020.081731][T16483] bond1 (unregistering): Released all slaves [ 1020.112287][T16483] bond2 (unregistering): Released all slaves [ 1020.136761][T16483] bond3 (unregistering): Released all slaves [ 1020.159561][T16483] bond4 (unregistering): Released all slaves [ 1020.190768][T16483] bond5 (unregistering): Released all slaves [ 1020.353431][T21116] hsr_slave_0: entered promiscuous mode [ 1020.363223][T21116] hsr_slave_1: entered promiscuous mode [ 1020.371761][T21116] debugfs: 'hsr0' already exists in 'hsr' [ 1020.377632][T21116] Cannot create hsr debugfs directory [ 1020.769939][ T49] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1020.779112][ T49] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1020.790758][ T49] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1020.824018][ T49] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1020.867293][ T49] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1021.112977][T21249] xfrm0 speed is unknown, defaulting to 1000 [ 1021.613219][T16483] hsr_slave_0: left promiscuous mode [ 1021.635560][T16483] hsr_slave_1: left promiscuous mode [ 1021.644111][T16483] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1021.651904][T16483] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1021.707687][T16483] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1021.716696][T16483] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1021.804463][T16483] veth1_macvtap: left promiscuous mode [ 1021.810308][T16483] veth0_macvtap: left promiscuous mode [ 1021.816456][T16483] veth1_vlan: left promiscuous mode [ 1021.822102][T16483] veth0_vlan: left promiscuous mode [ 1022.124945][T21272] loop3: detected capacity change from 0 to 256 [ 1022.963027][ T49] Bluetooth: hci4: command tx timeout [ 1023.348303][T16483] team0 (unregistering): Port device team_slave_1 removed [ 1023.375270][T16483] team0 (unregistering): Port device team_slave_0 removed [ 1024.288984][T21300] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7268'. [ 1024.299679][T21300] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7268'. [ 1024.512526][T21116] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1024.593445][T21116] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1024.662202][T21116] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1024.734072][T21116] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1024.798379][T21249] chnl_net:caif_netlink_parms(): no params data found [ 1024.891791][ T5858] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 1025.042305][ T49] Bluetooth: hci4: command tx timeout [ 1025.099702][ T5858] usb 4-1: config 0 has an invalid interface number: 52 but max is 0 [ 1025.108798][ T5858] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1025.119294][ T5858] usb 4-1: config 0 has no interface number 0 [ 1025.125931][ T5858] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 6018, setting to 64 [ 1025.137253][ T5858] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1025.150550][ T5858] usb 4-1: config 0 interface 52 has no altsetting 0 [ 1025.240623][ T5858] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 1025.249893][ T5858] usb 4-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 1025.259354][ T5858] usb 4-1: Product: syz [ 1025.264265][ T5858] usb 4-1: Manufacturer: syz [ 1025.269023][ T5858] usb 4-1: SerialNumber: syz [ 1025.279075][ T5858] usb 4-1: config 0 descriptor?? [ 1025.557325][ T5858] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input27 [ 1025.764463][ C0] synaptics_usb 4-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 1025.773691][ T5858] usb 4-1: USB disconnect, device number 24 [ 1025.926372][T21116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1025.996078][T21322] loop2: detected capacity change from 0 to 64 [ 1026.264337][T21249] bridge0: port 1(bridge_slave_0) entered blocking state [ 1026.272076][T21249] bridge0: port 1(bridge_slave_0) entered disabled state [ 1026.279792][T21249] bridge_slave_0: entered allmulticast mode [ 1026.290687][T21249] bridge_slave_0: entered promiscuous mode [ 1026.348568][T21116] 8021q: adding VLAN 0 to HW filter on device team0 [ 1026.409426][T16511] bridge0: port 1(bridge_slave_0) entered blocking state [ 1026.416991][T16511] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1026.444125][T21249] bridge0: port 2(bridge_slave_1) entered blocking state [ 1026.453362][T21249] bridge0: port 2(bridge_slave_1) entered disabled state [ 1026.461230][T21249] bridge_slave_1: entered allmulticast mode [ 1026.470387][T21249] bridge_slave_1: entered promiscuous mode [ 1026.525749][T16511] bridge0: port 2(bridge_slave_1) entered blocking state [ 1026.533391][T16511] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1027.039271][T21249] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1027.122100][ T49] Bluetooth: hci4: command tx timeout [ 1027.187809][T21249] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1027.381807][ T30] audit: type=1326 audit(1753915479.132:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21338 comm="syz.3.7281" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 1027.506863][ T30] audit: type=1326 audit(1753915479.202:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21338 comm="syz.3.7281" exe="/root/syz-executor" sig=0 arch=40000003 syscall=235 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 1027.529624][ T30] audit: type=1326 audit(1753915479.212:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21338 comm="syz.3.7281" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 1027.552244][ T30] audit: type=1326 audit(1753915479.212:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21338 comm="syz.3.7281" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64539 code=0x7ffc0000 [ 1027.617954][T21249] team0: Port device team_slave_0 added [ 1027.698358][T21249] team0: Port device team_slave_1 added [ 1027.915717][ T42] kernel write not supported for file /input/mouse0 (pid: 42 comm: kworker/1:1) [ 1027.957477][T21349] loop3: detected capacity change from 0 to 256 [ 1027.975820][T21249] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1027.983096][T21249] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1028.009443][T21249] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1028.216236][T21249] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1028.223509][T21249] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1028.250642][T21249] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1028.449731][T21349] FAT-fs (loop3): Directory bread(block 64) failed [ 1028.456632][T21349] FAT-fs (loop3): Directory bread(block 65) failed [ 1028.463772][T21349] FAT-fs (loop3): Directory bread(block 66) failed [ 1028.470685][T21349] FAT-fs (loop3): Directory bread(block 67) failed [ 1028.477528][T21349] FAT-fs (loop3): Directory bread(block 68) failed [ 1028.484469][T21349] FAT-fs (loop3): Directory bread(block 69) failed [ 1028.492803][T21349] FAT-fs (loop3): Directory bread(block 70) failed [ 1028.499491][T21349] FAT-fs (loop3): Directory bread(block 71) failed [ 1028.507418][T21349] FAT-fs (loop3): Directory bread(block 72) failed [ 1028.514255][T21349] FAT-fs (loop3): Directory bread(block 73) failed [ 1028.862776][T21249] hsr_slave_0: entered promiscuous mode [ 1028.872824][T21249] hsr_slave_1: entered promiscuous mode [ 1028.881719][T21249] debugfs: 'hsr0' already exists in 'hsr' [ 1028.887586][T21249] Cannot create hsr debugfs directory [ 1029.020259][T21116] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1029.202792][ T49] Bluetooth: hci4: command tx timeout [ 1029.517633][T12376] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0 [ 1029.525902][T12376] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0 [ 1029.533936][T12376] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0 [ 1029.541953][T12376] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0 [ 1029.549654][T12376] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0 [ 1029.557466][T12376] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0 [ 1029.565232][T12376] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0 [ 1029.573034][T12376] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0 [ 1029.580828][T12376] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0 [ 1029.588445][T12376] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0 [ 1029.596314][T12376] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0 [ 1029.604035][T12376] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0 [ 1029.611787][T12376] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0 [ 1029.619403][T12376] hid-generic 0002:0004:0009.0002: unknown main item tag 0x0 [ 1029.831956][T12376] hid-generic 0002:0004:0009.0002: hidraw0: HID v0.04 Device [syz0] on syz0 [ 1030.544925][T21377] fido_id[21377]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1030.678379][T21249] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1030.749781][T21249] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1030.842648][T21249] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1030.936244][T21249] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1030.998847][ T42] kernel write not supported for file /input/mouse0 (pid: 42 comm: kworker/1:1) [ 1031.109959][T21392] loop3: detected capacity change from 0 to 1024 [ 1031.415610][T21116] veth0_vlan: entered promiscuous mode [ 1031.537210][T21392] hfsplus: keylen 65060 too large [ 1031.569643][T21116] veth1_vlan: entered promiscuous mode [ 1031.667058][T21399] netlink: 'syz.0.7298': attribute type 1 has an invalid length. [ 1031.831080][T21116] veth0_macvtap: entered promiscuous mode [ 1031.919111][T21116] veth1_macvtap: entered promiscuous mode [ 1032.163086][T21116] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1032.262830][T21249] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1032.294733][T21116] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1032.420049][T16490] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1032.485225][T16490] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1032.523766][T21249] 8021q: adding VLAN 0 to HW filter on device team0 [ 1032.534766][T16490] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1032.580857][T16511] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1032.658783][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 1032.666455][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1032.797367][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 1032.804924][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1034.867752][T21249] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1035.092065][T21433] loop2: detected capacity change from 0 to 8192 [ 1035.207634][T21433] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1037.143539][T21249] veth0_vlan: entered promiscuous mode [ 1037.224088][T21485] loop3: detected capacity change from 0 to 1024 [ 1037.230294][T21249] veth1_vlan: entered promiscuous mode [ 1037.545288][T21485] ===================================================== [ 1037.548028][T21249] veth0_macvtap: entered promiscuous mode [ 1037.553610][T21485] BUG: KMSAN: uninit-value in hfsplus_delete_cat+0x1195/0x13d0 [ 1037.566846][T21485] hfsplus_delete_cat+0x1195/0x13d0 [ 1037.573081][T21485] hfsplus_rmdir+0x13c/0x310 [ 1037.577844][T21485] vfs_rmdir+0x5b6/0x800 [ 1037.582599][T21485] do_rmdir+0x7d6/0xdc0 [ 1037.586916][T21485] __ia32_sys_rmdir+0x70/0xa0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1037.592075][T21485] ia32_sys_call+0x32c4/0x4310 [ 1037.596968][T21485] __do_fast_syscall_32+0xb0/0x150 [ 1037.603237][T21485] do_fast_syscall_32+0x38/0x80 [ 1037.608256][T21485] do_SYSENTER_32+0x1f/0x30 [ 1037.613097][T21485] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1037.619951][T21485] [ 1037.622511][T21485] Uninit was stored to memory at: [ 1037.628522][T21485] hfsplus_create_cat+0x18fb/0x1910 [ 1037.634223][T21485] hfsplus_mknod+0x208/0x560 [ 1037.639032][T21485] hfsplus_mkdir+0x5a/0x80 [ 1037.643949][T21485] vfs_mkdir+0x4e7/0x850 [ 1037.648354][T21485] do_mkdirat+0x41a/0xf30 [ 1037.653014][T21485] __ia32_sys_mkdirat+0xc1/0x140 [ 1037.658125][T21485] ia32_sys_call+0x1951/0x4310 [ 1037.663160][T21485] __do_fast_syscall_32+0xb0/0x150 [ 1037.668523][T21485] do_fast_syscall_32+0x38/0x80 [ 1037.673715][T21485] do_SYSENTER_32+0x1f/0x30 [ 1037.678382][T21485] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1037.686612][T21485] [ 1037.689012][T21485] Uninit was stored to memory at: [ 1037.695135][T21485] hfsplus_create_cat+0x18fb/0x1910 [ 1037.700787][T21485] hfsplus_fill_super+0x211d/0x2730 [ 1037.706130][T21485] get_tree_bdev_flags+0x6e6/0x920 [ 1037.711581][T21485] get_tree_bdev+0x38/0x50 [ 1037.716168][T21485] hfsplus_get_tree+0x35/0x40 [ 1037.721170][T21485] vfs_get_tree+0xb3/0x5c0 [ 1037.725752][T21485] do_new_mount+0x733/0x1420 [ 1037.730688][T21485] path_mount+0x6db/0x1e90 [ 1037.735268][T21485] __se_sys_mount+0x6eb/0x7d0 [ 1037.740119][T21485] __ia32_sys_mount+0xe2/0x150 [ 1037.745314][T21485] ia32_sys_call+0x2c16/0x4310 [ 1037.750215][T21485] __do_fast_syscall_32+0xb0/0x150 [ 1037.755790][T21485] do_fast_syscall_32+0x38/0x80 [ 1037.760402][T21249] veth1_macvtap: entered promiscuous mode [ 1037.762661][T21485] do_SYSENTER_32+0x1f/0x30 [ 1037.771230][T21485] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1037.772321][ T30] audit: type=1326 audit(1753915489.472:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21490 comm="syz.2.7322" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 1037.777718][T21485] [ 1037.777742][T21485] Uninit was created at: [ 1037.777919][T21485] __alloc_frozen_pages_noprof+0x689/0xf00 [ 1037.812856][T21485] alloc_pages_mpol+0x328/0x860 [ 1037.817982][T21485] alloc_frozen_pages_noprof+0xf7/0x200 [ 1037.823994][T21485] allocate_slab+0x24d/0x1220 [ 1037.828860][T21485] ___slab_alloc+0x1024/0x34e0 [ 1037.833950][T21485] kmem_cache_alloc_lru_noprof+0x922/0xed0 [ 1037.839901][T21485] hfsplus_alloc_inode+0x5a/0xd0 [ 1037.846226][T21485] alloc_inode+0x8a/0x4a0 [ 1037.851573][T21485] iget_locked+0x239/0x12d0 [ 1037.856216][T21485] hfsplus_iget+0x5c/0xb80 [ 1037.860913][T21485] hfsplus_btree_open+0x128/0x1cf0 [ 1037.866204][T21485] hfsplus_fill_super+0x1161/0x2730 [ 1037.871733][T21485] get_tree_bdev_flags+0x6e6/0x920 [ 1037.877027][T21485] get_tree_bdev+0x38/0x50 [ 1037.881846][T21485] hfsplus_get_tree+0x35/0x40 [ 1037.886670][T21485] vfs_get_tree+0xb3/0x5c0 [ 1037.891364][T21485] do_new_mount+0x733/0x1420 [ 1037.896127][T21485] path_mount+0x6db/0x1e90 [ 1037.900899][T21485] __se_sys_mount+0x6eb/0x7d0 [ 1037.905747][T21485] __ia32_sys_mount+0xe2/0x150 [ 1037.910851][T21485] ia32_sys_call+0x2c16/0x4310 [ 1037.915771][T21485] __do_fast_syscall_32+0xb0/0x150 [ 1037.921761][T21485] do_fast_syscall_32+0x38/0x80 [ 1037.926781][T21485] do_SYSENTER_32+0x1f/0x30 [ 1037.932023][T21485] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1037.938526][T21485] [ 1037.941544][T21485] CPU: 1 UID: 0 PID: 21485 Comm: syz.3.7321 Tainted: G W 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(none) [ 1037.955175][T21485] Tainted: [W]=WARN [ 1037.959051][T21485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1037.969385][T21485] ===================================================== [ 1037.976624][T21485] Disabling lock debugging due to kernel taint [ 1037.983000][T21485] Kernel panic - not syncing: kmsan.panic set ... [ 1037.989527][T21485] CPU: 1 UID: 0 PID: 21485 Comm: syz.3.7321 Tainted: G B W 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(none) [ 1038.003009][T21485] Tainted: [B]=BAD_PAGE, [W]=WARN [ 1038.008116][T21485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1038.018278][T21485] Call Trace: [ 1038.021635][T21485] [ 1038.024642][T21485] __dump_stack+0x26/0x30 [ 1038.029129][T21485] dump_stack_lvl+0x53/0x270 [ 1038.033869][T21485] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1038.039851][T21485] dump_stack+0x1e/0x25 [ 1038.044145][T21485] panic+0x4bd/0xd50 [ 1038.048232][T21485] kmsan_report+0x31c/0x320 [ 1038.052885][T21485] ? __msan_warning+0x1b/0x30 [ 1038.057699][T21485] ? hfsplus_delete_cat+0x1195/0x13d0 [ 1038.063216][T21485] ? hfsplus_rmdir+0x13c/0x310 [ 1038.068117][T21485] ? vfs_rmdir+0x5b6/0x800 [ 1038.072668][T21485] ? do_rmdir+0x7d6/0xdc0 [ 1038.077128][T21485] ? __ia32_sys_rmdir+0x70/0xa0 [ 1038.082145][T21485] ? ia32_sys_call+0x32c4/0x4310 [ 1038.087189][T21485] ? __do_fast_syscall_32+0xb0/0x150 [ 1038.092614][T21485] ? do_fast_syscall_32+0x38/0x80 [ 1038.097783][T21485] ? do_SYSENTER_32+0x1f/0x30 [ 1038.102617][T21485] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1038.109260][T21485] ? kmsan_get_metadata+0xfb/0x160 [ 1038.114519][T21485] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1038.120926][T21485] ? hfsplus_bnode_dump+0x50a/0x560 [ 1038.126235][T21485] ? kmsan_get_metadata+0xfb/0x160 [ 1038.131499][T21485] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1038.137481][T21485] ? hfsplus_brec_remove+0x92f/0xa60 [ 1038.142900][T21485] ? kmsan_get_metadata+0xfb/0x160 [ 1038.148170][T21485] __msan_warning+0x1b/0x30 [ 1038.152802][T21485] hfsplus_delete_cat+0x1195/0x13d0 [ 1038.158157][T21485] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1038.164118][T21485] ? kmsan_get_metadata+0xfb/0x160 [ 1038.169411][T21485] hfsplus_rmdir+0x13c/0x310 [ 1038.174242][T21485] ? __pfx_hfsplus_rmdir+0x10/0x10 [ 1038.179502][T21485] vfs_rmdir+0x5b6/0x800 [ 1038.183918][T21485] do_rmdir+0x7d6/0xdc0 [ 1038.188231][T21485] __ia32_sys_rmdir+0x70/0xa0 [ 1038.193053][T21485] ia32_sys_call+0x32c4/0x4310 [ 1038.197935][T21485] __do_fast_syscall_32+0xb0/0x150 [ 1038.203198][T21485] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 1038.209058][T21485] do_fast_syscall_32+0x38/0x80 [ 1038.214047][T21485] do_SYSENTER_32+0x1f/0x30 [ 1038.218685][T21485] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1038.225151][T21485] RIP: 0023:0xf7f64539 [ 1038.229297][T21485] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1038.249027][T21485] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 0000000000000028 [ 1038.257569][T21485] RAX: ffffffffffffffda RBX: 0000000080000780 RCX: 0000000000000000 [ 1038.265673][T21485] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1038.273727][T21485] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1038.281947][T21485] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1038.289995][T21485] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1038.298081][T21485] [ 1038.301483][T21485] Kernel Offset: disabled [ 1038.305863][T21485] Rebooting in 86400 seconds..