last executing test programs: 8m48.107037997s ago: executing program 0 (id=3814): r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000840)='%.,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\fE\xd15ec>:D+', 0x0) 8m47.830593863s ago: executing program 0 (id=3818): r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, 0xfffffffffffffffe) 8m47.63176431s ago: executing program 0 (id=3822): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'ip_vti0\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x8000, 0x8000, 0x0, 0x5, {{0x5, 0x4, 0x2, 0x5, 0x14, 0x68, 0x3, 0x5, 0x4, 0x0, @broadcast, @local}}}}) 8m47.315796712s ago: executing program 0 (id=3825): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB='time_offset=0x00000000000000c7,keep_last_dots,fmask=00000000000000000077777,utf8,errors=remount-ro,time_offset=0x0000000000000000,fmask=00000000000000000002001,errors=remount-ro,sys_tz,gid=', @ANYRESHEX=0x0, @ANYBLOB="0080"], 0x1, 0x154d, &(0x7f0000001b00)="$eJzs3AmcjlX7OPDrOufcY0h6mmQZzjnXzZMshyTJkiRLkiRJki0haZJXEhJDtqQhCckyJMsQkmVi0tj3fUlokjRJEpItOf/PFD9vv+r/br2v3+ed6/v5PB/nes59nfvcz/Us930ez3zTdVitJrWrNyIi+JfgL/8kAkAsAAwCgGsAIACA8nHl47L6c0pM/Nd2wv5cD6Vc6RmwK4nrn71x/bM3rn/2xvXP3rj+2RvXP3vj+mdvXH/GsrMtMwpey7fse+P1/+yMP///i2SWHvfFutLXdwOI+XtTuP7ZG9f/v1bw92zE9c/euP7ZVeyVngD7M83559L49Z8d5PjDHq5/9sb1Zyw7+3kdOCdc8XXoK3WDSPb+DuRKP/8YY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjGUPZ/xlCgAuta/0vBhjjDHGGGOMMfbn8Tmu9AwYY4wxxhhjjDH273Tpu34BEhQEEAM5IBZyQi4QAHA15IFrIALXQhxcB3nhesgH+aEAFIR4KASFQYMBCwQhFIGiEIUboBjcCMWhBJSEUuCgNJSBm6As3Azl4BYoD7dCBbgNKkIlqAxV4HaoCndANbgTqsNdUANqQi2oDXdDHbgH6sK9UA/ug/pwPzSAB6AhPAiN4CFoDA9DE3gEmsKj0AyaQwtoCa3+qfwXoCe8CL2gNyRCH+gLL0E/6A8DYCAMgpdhMLwCQ+BVSIKhMAxeg+HwOoyAN2AkjILR8CaMgbdgLIyD8TABkmEiTIK3YTK8A1NgKkyD6ZACM2AmvAuzYDbMgfdgLrwP82A+LICFkAofwCJYDGnwISyBjyAdlsIyWA4rYCWsgtWwBtbCOlj/Yz/YCJtgM2yBrbANtsMO2Am74GPYDZ/AHtj7+nwAyIDP/igfNvxu/ulL+bAPPoUM6IaAgAIFKlQYgzEYi7GYC3NhbsyNeTAPRjCCcRiHeTEv5sN8WAALYDzGY2EsjAYNEhIWwSIYxSgWw2JYHItjSSyJDh2WwTJYFm/GclgOy2N5rIAVsCJWwkpYBatgVayK1bAaVsfqWANrYC2shXfj3dgH62JdrIf1sD7Wv7Q8hY2wETbGxtgEm2BTbIrNsBm2wBbYCltha2yNbbANtsN22B7bYwfsgAmYgB2xI3bCTtgZO2MX7IJdsSt2w+7YPfOFHIAv4ovYG2uIPtgX+2I/TMoxAAfiQHwZB+Mr+Aq+ikk4FIfha/gavo4j8BSOxFE4GkdjVfEWjsVxSGICJmMyTsJJOBkn4xScilNxOqbgDJyJM3EWzsbZ+B7OxffxfZyP83EhpmIqLsLFmIZpuARPYzouxWW4HFfgSlyBq3ENrsZ1uB7X4UbciJtxM27Frbgdt+NO3IkfowLAT3Av7sUkzMAM3I/78QAewIN4EDMxEw/hITyMh/EIHsGjeBSP4XE8gcfxJJ7EU3gaz+AZPIfn8Dw+F/9V449LrE0CkUUJJWJEjIgVsSKXyCVyi9wij8gjIiIi4kScyCvyinwinyggCoh4ES8Ki8LCCCNIhDEAIKIiKoqJYqK4KC5KipLCCSfKiDKirCgryolyory4VVQQt4mKopJo66qIKqKqaOeqiTtFdVFd1BA1RS1RW9QWdUQdUVfUFfVEPVFf1BcNxAOioeiDA/AhkVWZJmIoNhXDsJloLuTF97HWYgS2EW1FO/GEGIUjsYNo7RLE06KjGIudxF/EOHxWdBETsKt4XnQT3UUP8YLoKdq4XqK3mIJ9RF8xHfuJ/mKAGChmYU3xHs7NWUu8KpLEUDFMvCYW4utihHhDjBSjxGjxphgj3hJjxTgxXkwQyWKimCTeFpPFO2KKmCqmiekiRcwQM8W7YpaYLeaI98Rc8b6YJ+aLBWKhSBUfiEVisUgTH4ol4iORLpaKZWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im1iu9ghdopd4mOxW3wi9oi9Yp/4VGSIz8R+8bk4IL4QB8WXIlN8JQ6Jr8Vh8Y04Ir4VR8V34pg4Lk6I78VJ8YM4JU6LM+KsOCd+FOfFT+KCyHrrRymklEoGMkbmkLEyp8wlr5K5ZXDx0b1WxsnrZF55vcwn88sCsqCMl4VkYamlkVaSDGURWVRG5Q2ymLxRFpclZElZSjpZWpaRN8my8mZZTt4iy8tbZQV5m6woK8nKsoq8XVaVd0iI/LKPGrKmrCVry7tlItwj68p7ZT15n6wv75cN5AOyoXxQNpIPycbyYdlEPiKbykdlM9lctpAtZSv5mGwtH5dtZFvZTj4h28snZQf5lEyQT8uO0l98ijwru8jnZFf5vOwmu8se8id5QXrZS/aW0AdkX/mS7Cf7ywFyoBwkX5aD5StyiHxVJsmhcph8TQ6Xr8sR8g05Uo6So+Wbcox8S46V4+R4OUEmy4lyknxbTpbvyClyqpwmp8sUOUMOuDjSHCn/Zv7bv5M/5Oe9b5Zb5Fa5TW6XO+ROuUt+LHfL3XKP3CP3yX0yQ2bI/XK/PCAPyIPyoMyUmfKQPCQPy8PyiDwij8qj8pg8Ls/K7+VJ+YM8JU/L0/KsPCfPyfMXHwNQqISSSqlAxagcKlblVLnUVSq3ulrlUdeoiLpWxanrVF51vcqn8qsCqqCKV4VUYaWVUVaRClURVVRF1Q148QmjSqpSyqnSqoy66R/JV8XUjaq4KvGr/EvzS/yD+bVSrVRr1Vq1UW1UO9VOtVftVQfVQSWoBNVRdVSdVCfVWXVWXVQX1VV1Vd1UN9VD9VA9VU/VS/VSiSpR9VUvqX6qvxqgBqpB6mU1WA1WQ9QQlaSS1DA1TA1Xw9UINUKNVCPVaDVajVFj1Fg1Vo1X41WySlaT1CQ1WU1WU9QUNU1NUykqRc1UM9UsNUvNUXPUXDVXzVPz1AK1QKWqVLVILVJpKk0tUUtUulqqlqrlarlaqVaq1Wq1WqvWqvVqvdqoNqp0tUVtUdvUNrVD7VC71C61W+1We9QetU/tUxkqQ+1X+9UBdUAdVAdVpspUh9QhdVgdVkfUEXVUHVXH1DF1Qp1QJ9VJdUqdUmfUGXVOnVPn1Xl1QV3IOu0LRCACFaggJogJYoPYIFeQK8gd5A7yBHmCSBAJ4oK4IG9wfZAvyB8UCAoG8UGhoHCgAxPYQFwsejS4ISgW3BgUD0oEJYNSgQtKB2ViLnYGtwTlg1uDCsFtQcWgUlA5qBLcHlQN7giqBXcG1YO7ghpBzaBWUDu4O6gT3BPUDe4N6gX3BfWD+4MGwQNBw+DBoFHwUNA4eDhoEjwSNA0eDZoFzYMWQcugVXBzUO5PG9/7U/kfd710b52o++i++iXdT/fXA/RAPUi/rAfrV/QQ/apO0kP1MP2aHq5f1yP0G3qkHqVH6zf1GP2WHqvH6fF6gk7WE/Uk/baerN/RU/RUPU1P1yl6hp6p39Wz9Gw9R7+n5+r39Tw9Xy/QC3Wq/kAv0ot1mv5QL9Ef6XS9VC/Ty/UKvVKv0qv1Gr1Wr9Pr9Qa9UW/Sm/UWvVVv09v1Dr1T79If6936E71H79X79Kc6Q3+m9+vP9QH9hT6ov9SZ+it9SH+tD+tv9BH9rT6qv9PH9HF9Qn+vT+of9Cl9Wp/RZ/U5/aM+r3/SF7TPOrnP+ng3yigTY2JMrIk1uUwuk9vkNnlMHhMxERNn4kxek9fkM/lMAVPAxJt4U9gUNlnIkCliipioiZpippgpboqbkqakccaZMqaMKWvKmnKmnClvypsKpoKpaCqayqayud3cbu4wd5g7zZ3mLnOXqWlqmtqmtqlj6pi6pq6pZ+qZ+qa+aWAamIamoWlkGpnGprFpYpqYpqapaWaamRamhWllWpnWprVpY9qYdqadaW/amw6mg0kwCaaj6Wg6mU6ms+lsupgupqvparqZbqaH6WF6mp6ml+llEk2i6Wv6mn6mnxlgBphBZpAZbAabIWaISTJJZpgZZoab4WaEGWFGmlFmdNaJqnnLjDXjzHgzwSSbZDPJTDKTzWQzxUwx08w0k2JSzEwz08wys8wcM8fMNXPNPDPPLDALTKpJNYvMIpNm0swSs8Skm3SzzCwzK8wKs8qsMmvMGrPOrDMbYIPZZDaZLWaL2Wa2mR1mh9lldpndZrfZY/aYfWafyTAZZr/Zbw6YA+agOWgyTaY5ZA6Zw+awOWKOmKPmqDlmjpkT5oQ5aU6aU+aUOWPOmHMm/8XPS29ibU6by15lc9urbR57jf3fcQFb0MbbQraw1Tafzf+r2Fhri9sStqQtZZ0tbcvYm34TV7SVbGVbxd5uq9o7bLXfxHXsPbauvdfWs/fZ2vbuX8X17f22gX3ENkQEsM1tY9vSNrGP2Kb2UdvMNrctbEvb3j5pO9inbIJ92na0z/wmXmQX2zV2rV1n19s9dq89Y8/aw/Ybe87+aHvZ3naQfdkOtq/YIfZVm2SH/iYebd+0Y+xbdqwdZ8fbCb+Jp9npNsXOsDPtu3aWnf2bONV+YOfaNDvPzrcL7MKf46w5pdkP7RL7kU23ASyzy+0Ku9Kusqv/Z67L7Ua7yW62u+0ndpvdbnfYnXbXpRNhu9fus5/aDPuZPWS/tgfsF/agPWIz7Vc/x1nHd8R+a4/a7+wxe9yesN/bk/YHdSk769i/tz/ZC9ZbICQgSYoCiqEcFEs5KRddRbnpaspD11CErqU4uo7y0vWUj/JTASpI8VSICpMmQ5aIQipCRSlKN9Cl6ZWkUuSoNJWhm6gs3Uzl6BYqT7dSBbqNKlIlqkxV6HaqSndQNbqTqtNdVINqUi2qTXdTHbqH6tK9VI/uo/p0PzWgB6ghPUiN6CFqTA9TE3qEmtKj1IyaUwtqSa3oMWpNj1Mbakvt6AlqT09SB3qKEuhp6kjPUCf6C3WmZ6kLPUdd6XnqRt2pB71APelF6kW9KZH6UF96ifpRfxpAA2kQvUyD6RUaQq9SEg2lYfQaDafXaQS9QSNpFOUEgDH0Fo2lcTSeJlAyTaRJ9DZNpndoCk2laTSdUmgGzaR3aRbNpjn0Hs2l92kezacFtJBS6QNaRIspjT6kJfQRpdNSWkbLaQWtpFW0mtbQWlpH62kDbaRNtJm20FbaRttpB+2kXfQx7aZPaA/tpX30KWXQZ7SfPqcD9AUdpC8pk76iQ/Q1HaZv6Ah963vTd3SMjtMJ+p5O0g90ik7TGTpL5+hHOk8/0QXyBCGGIpShCoMwJswRxoY5w1zhVWHu8OowT3hNGAmvDePC68K84fVhvjB/WCAsGMaHhcLCoQ5NaEMKw7BIWDSMhjeExcIbw+JhibBkWCp0YemwTHhTWDa8OSwX3hKWD28NK4S3hRXDSuEj91UJbw+rhneE1cI7w+rhXWGNsGZYK6wd3h3WCe8J64b3hvXC+8Jy4f1hg/CBsGH4YNgofChsHD4cNgkfCZuGj4bNwuZhi7Bl2Cp8LGwdPh62CduG7cInwvbhk2GH8KkwIXw67Bg+83P//Yv/uD8x7BP2DV8KXwq9v1cuiC6MpkY/iC6KLo6mRT+MLol+FE2PLo0uiy6ProiujK6Kro6uia6Nrouuj26Iboxuim6Oel87Bzh0wkmnXOBiXA4X63K6XO4ql9td7fK4a1zEXevi3HUur7ve5XP5XQFX0MW7Qq6w084468iFrogr6qLuBlfM3eiKuxKupCvlnCvtyriWrpVr5Vq7x10b19a1c0+4J9yT7kn3lHvKPe06umdcJ/cX19k967q459xz7nnXzXV3PdwLrqebmOeX12Si6+v6un6unxvgBrhBbpAb7Aa7IW6IS3JJbpgb5oa74W6EG+FGupFutBvtxrgxbqwb68a78S7ZJbtJbpKb7Ca7KW6Km+amuRSX4ma6mW6Wm+Wqzv5lL/PcPLfALXCpLtUtclnnjGluiVvi0l26W+aWuRVuhVvlVrk1bo1b59a5DW6D2+Q2uS1ui9vmtrkdbofb5Xa53W632+Ov+WVQl+H2u/3ugDvgDrovXab7yh1yX7vD7ht3xH3rjrrv8hxzx90J97076X5wp9xpd8addefcj+68+8ldcN4lRyZGJkXejkyOvBOZEpkamRaZHkmJzIjMjLwbmRWZHZkTeS8yN/J+ZF5kfmRBZGEkNfJBZFFkcSQt8mFkSeSjSHpkaWRZZHlkRWRlxPtC20JfxBf1UX+DL+Zv9MV9CV/Sl/LOl/Zl/E2+rL/Zl/O3+PL+Vl/B3+Yr+kq+sn/UN/PNfQvf0rfyj/nW/nHfxrf17fwTvr1/0nfwT/kE/7Tv6J/xnfxffGf/rO/in/Nd/fO+m+/ue/gXfE//ou/le/tE38f39S/5fr6/H+AH+kH+ZT/Yv+KH+Fd9kh/qh/nX/HD/uh/h3/Aj/Sg/OuZNP+bSJTJM8Ml+op/k3/aT/Tt+ip/qp/npPsXP8DP9u36Wn+3n+Pf8XP++n+fn+wV+oU/1H/hFfrFP8x/6Jf4jn+6X/s/S8iq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3e/wO/0u/7Hf7T/xe/xev89/6jP8Z36//9wf8F/4g/5Ln+m/8of81/6w/8Yf8d/6o/47f8wf9yf89/6k/8Gf8qf9GX/Wn/M/+vP+J3+Bf7PGGGOMMfZ3mXi5KX7d88tyfp/fyRF/tXFfALh6e8HMv+7POqPckO+Xdn8R3z4CAE/37vrQpVuNGomJiRe3TZcQFJ0PcOmboCw/LxtfjJdCO3gSEqAtlP3d+fcX3c/R3xg/eitArr/KiYXL8eXxPwfAxN8Z/7EnRi+qEJ6J+/+MPx+geNHLOTnhcrwU2v28vtIWyv3B/PO3/hvzz/lFMkCbv8rJDZfjy/MvA4/DM5Dwqy0ZY4wxxhhjjLFf9BeVO1+6/rz0Pz5/7/o8Xl3OyQGX4791fc4YY4wxxhhjjLEr79nuPZ567NIv9x5LSGjb+ed7/p5GtX9k43+80RT+XSP/H2ng/7ED9B7g0j0KAP7FAQGyGvI/eRRb/yP7Srr4avnfXSvO+gB6FLv4o8c/b6ex/3ot/pnGlXpHYowxxhhjjP27XD7p//X96kpNiDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYy4b+E39O7EofI2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMXal/b8AAAD//zCM/8A=") mount(0x0, &(0x7f0000000040)='./file0/../file0/../file0\x00', &(0x7f00000000c0)='securityfs\x00', 0x0, 0x0) 8m46.798293755s ago: executing program 0 (id=3829): r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000a40)=""/39, 0x27) 8m45.863914529s ago: executing program 0 (id=3839): r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x10, 0x0, &(0x7f0000000040)=0x34) 8m45.309719333s ago: executing program 32 (id=3839): r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x10, 0x0, &(0x7f0000000040)=0x34) 2.019557309s ago: executing program 3 (id=11206): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6) ioctl$sock_bt_hci(r0, 0x800448d2, &(0x7f0000000080)) 1.849382735s ago: executing program 2 (id=11209): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GTP_LOCAL6={0x14, 0x8, @ipv4={'\x00', '\xff\xff', @broadcast}}, @IFLA_GTP_CREATE_SOCKETS={0x5, 0x5, 0x1}]}}}]}, 0x4c}}, 0x0) 1.781663199s ago: executing program 4 (id=11210): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)="13000000320081084e81f782db44b904021d08", 0x13}], 0x1}, 0x0) 1.749952667s ago: executing program 3 (id=11211): r0 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x240) ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r0, 0x40044104, &(0x7f00000000c0)=0x5) 1.699950151s ago: executing program 5 (id=11212): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_mreq(r0, 0x29, 0x7, 0x0, &(0x7f0000000080)) 1.663321632s ago: executing program 1 (id=11213): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@bridge_getvlan={0x17, 0x72, 0x301, 0x0, 0x0, {}, [@BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x12}]}, 0x20}, 0x1, 0xf00}, 0x0) 1.608278943s ago: executing program 6 (id=11214): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fallocate(r0, 0x40, 0x0, 0xaf) 1.55253613s ago: executing program 2 (id=11215): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0x4040}]}, 0x3c}}, 0x0) 1.49589339s ago: executing program 4 (id=11216): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1b0000001c00010400442139d5aa2e8b2d"], 0x28}}, 0x0) 1.461414435s ago: executing program 3 (id=11217): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0200}]}) msync(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) 1.460893508s ago: executing program 5 (id=11218): r0 = socket$nl_rdma(0x10, 0x3, 0x14) ioctl$sock_proto_private(r0, 0x89ec, &(0x7f0000000040)="a7883a") 1.359987237s ago: executing program 6 (id=11219): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]}) signalfd(0xffffffffffffffff, &(0x7f0000000180), 0x8) 1.268934834s ago: executing program 1 (id=11220): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000380)={0x1, @pix_mp={0x0, 0x0, 0x36314247}}) 1.2682502s ago: executing program 3 (id=11221): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="3000000076000d0b000000080000000003000000000000000800010001f0ff0008000a0000000000080005"], 0x30}}, 0x0) 1.139776719s ago: executing program 2 (id=11222): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=@newsa={0x1a0, 0x10, 0x1, 0x0, 0x0, {{@in6=@remote, @in=@dev={0xac, 0x14, 0x14, 0x1b}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, {@in, 0x0, 0x32}, @in6=@loopback, {}, {}, {0x0, 0xfffffffc}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xaf}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @replay_esn_val={0x1c}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}, 0x0, 0x8}}]}, 0x1a0}}, 0x0) 1.139615406s ago: executing program 4 (id=11223): r0 = userfaultfd(0x801) ioctl$FICLONERANGE(r0, 0x4020940d, 0x0) 1.13955095s ago: executing program 5 (id=11224): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8947, &(0x7f0000000140)={'bond0\x00'}) 1.067810792s ago: executing program 6 (id=11225): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/cgroups\x00', 0x0, 0x0) read$char_usb(r0, &(0x7f00000000c0)=""/45, 0x2d) 1.004838739s ago: executing program 1 (id=11226): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000cc0)={0x1, @pix={0x0, 0x0, 0x34324258}}) 984.905788ms ago: executing program 3 (id=11227): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x50, 0x1, 0x2, 0x101, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @private1}}}]}]}, 0x50}}, 0x0) 883.824279ms ago: executing program 4 (id=11228): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7f, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000000)={0xf0f01f}) 739.968932ms ago: executing program 6 (id=11229): r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x5, @sdr={0x35315241, 0xd93f}}) 713.993829ms ago: executing program 1 (id=11230): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x70, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @multicast2=0xac141400}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0xc, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @multicast2}]}]}, 0x70}}, 0x0) 618.488333ms ago: executing program 3 (id=11231): socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$ocfs2(&(0x7f0000000180), &(0x7f00000001c0)='./bus\x00', 0x8c0, &(0x7f0000004680)=ANY=[@ANYBLOB="61636c2c6e6f696e74722c6174696d655f7175616e74756d3d30303030303030303030303030303030303030372c6c6f63616c666c6f636b732c6c6f63616c616c6c6f633d30303030303030303030303030303030303030332c6c6f63616c666c6f636b732c696e74722c6865617274626561743d6e6f6e652c0024855616ead4c7dc9e9da093713b0e6a6e67e1af8e4f5d7cbff1185218b41bcefa2f4f41b8212051258a0a6168526c8eef9d759bbb36a4b49ff8042320899ca9b6e9fa68a0abe364e0e2d46408f18da37d557aa1ebb8aa29451a584f1980dc477bd97f6a0446b8957872e51c2adf98e1acff806babdc9d58bc06d6d0b19476862cebe64cafa5a069852602786f40bf6a1bf7594e171d16ced9409b168ef591c2f5b676a2eb18e8a3b91275fd4467aea2037bd9790e240137bc7c80cc99e9dd662a5f"], 0x7, 0x444b, &(0x7f0000008c00)="$eJzs3b9vHFkdAPDvrJ07O1wO+7jikJBYiZNAgCz7KsAn4ThOfPbFBAXuhGg2a3svMay9kb1GFFeYLogKiQJRRCClcxUZiTb8CTSUQZSRoKBBQoow2t1Ze2d2V95YXpvkPp9mPO+3/Z1586YYv0JDRNTvbewUN3aK5a1ibe2TnfeKP6tVdzcrUTgnPfu/1NX/L/9+XgOip2FcJxd97X2W3bp24wcfvxfx5/W/Pjs8PDyMhtHoaabj53//69O1zmNbIVen0W7v1s7KjyPi7Yh4LfLjGYmIH/0pIomIq2nafHocj4gr0cr7+NNf3Sme0WgeP628X3q+8uBg9t3l/YcH/X/3JOJ31S9+8+7mP74yMvu3r59R9wAAAAAAAAAAAAAAAAAAvOQWb9/66PvTM/EkidH9pPt73cX02O/72MMz8+UXH3yyd4rfGAAAAAAAAAAAAAAAAAAAAP7/HH//X0ze6vH9/0J6nOtT//C7wx8jw7P0vVsL16dn0v3fk678b6VJ/7w6EpM99n3P7/9+NVe/9/7v3f2cVnt87X4nIilMZc4LhampiD+kG7+/k1wuVGs79W98UtvdWj+zYby0svFv7d6fiU66of+g8Z/PtT/8/f+/0HU1Nc7vnN0l9krLxn+kb7lHl5KB4n8tV+884s/pZeM/2kwb7yww15oAHv0iiV+Pnhz/hVz7w4r/mxFRTBpjLWZmgMYappHeb71CVjb+l5ppmakz/UM24t/r/v9PLv7Xc+1f1Py/l38Q0VM2/q8108YyJY7v/8nCyff/jVz7FxH/xvj3PP8Hko3/672KNP+Sg87/i7nKw4r/R43LsvG4ejPJXAH7SSu93/+rIysb/7Gu/OP3v8JA678PcvXP6/2vrf3+157+v5a03v/oLRv/8b7lBr3/l3L1+t3/PWeaU5hrrv84rWz8LzfTOtbOf2xfEYPGfznX/rDm/+aqZKwd/+NJ4L+vt9J/b/03kGz8P9dKLHSWaP2P1eb6Lzl5/f9hrv2LWP81xr9XGG6vr4ps/N/oW64R/78M8Py/mavXEf/uxcUZmbbWP7Vs/K/0Lde8/8dOjv9Krt6w7/+vDrNxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJfAfHqciGQie14oTE1FXEvP34nLyWp5vbRara39dCdiIU0vxlvJ3WpttVwtbWzV1iulcrVaW4u4nua/HWPJTrVWL22W7984ams8uVcpb9dXK+V6RCym6V+KK+22Vjfqm+X7EfHBUd7nC7Xt+/fKW6X1je3vTE9PT8fS0Rgmk8rP65Wteqv3Vm7E8lHdiaRjcM3sD4/G8kbyk9ru9la52ky/2VGnWlsrVzvqrKR5v4nJpL69u7VWrldK1drddn8XaS49Lizd/uHtmzNd+XeS1nH+fIcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAt6Mvvt30bEaOusEBFz7R+SXuUfP628X3q+8uBg9t3l/YcHz/qVAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4H/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYZeOUSIGojAAvxkRtfMYViHpbCOKaGFE8AR6DA+jR/EKFt7BwsLWYlnYncCSTdgUu933NQ/mZ+Y9mAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwz+1T9/xYNxEpThcnEZ+v3z+b+X2p71fj9492Nfg63s+gHMTdQ3d9Uzfl39NWflmOftu8Sv//3l5ipPY+Bnsy3Ke1vs/Z5FxT+zY1X9/3PFKuIqIt+UXKuarmvQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBkBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86ir4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBfAQAA//9PjSGi") 598.087546ms ago: executing program 2 (id=11232): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x0) ioctl$VIDIOC_SUBDEV_S_CROP(r0, 0xc0305602, &(0x7f00000000c0)={0x0, 0xb}) 484.476661ms ago: executing program 5 (id=11233): r0 = syz_open_dev$video(&(0x7f0000000000), 0x7fff, 0x0) ioctl$VIDIOC_ENUMINPUT(r0, 0xc050561a, &(0x7f0000000180)={0x0, "625fa4f0bfbd34d6c45994507144bf82e69024165d61e1961ac8cbd54b3cd9ae"}) 484.30683ms ago: executing program 4 (id=11234): ioperm(0x284, 0x7f, 0xe3) fstat(0xffffffffffffffff, 0x0) 427.951712ms ago: executing program 1 (id=11235): personality(0x4100001) ppoll(0x0, 0x0, &(0x7f0000002400), &(0x7f0000002440), 0x8) 427.664476ms ago: executing program 6 (id=11236): r0 = socket(0x29, 0x2, 0x0) sendmmsg$alg(r0, &(0x7f0000001340)=[{0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@iv={0x18}], 0x18}], 0x3, 0x0) 361.227088ms ago: executing program 2 (id=11237): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x5, 0x4, 0x3f0, 0x110, 0x0, 0x220, 0x220, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @private, @empty}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @private}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) 302.369203ms ago: executing program 5 (id=11238): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) 191.923743ms ago: executing program 4 (id=11239): syz_mount_image$hfs(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x2, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0xb, 0x2b2, &(0x7f0000000700)="$eJzs3c9OE10Yx/HfmRYoL4R3BIyJcWFQEuPCCG6MG43pRbgyIq0JscEEMAob0bXxAtx7C16EK+MNuNKVF9CVY86ZUzqFmWmBtkfw+0lapu05M8+ZP53naUKOAPyzHta/f7rz0z6MVFFF0j0pUqKaVJV0UZdqLzd3NnZazUbZiiqyPezDKO1pjrQxauZ1tf1cDy+2r6qarQ1hfChXS6am/eLkcfsmqTfDjwrj5q7+nIs2kqb81VnRRJjYRmE/dACBmbbaeq250HEAAMLy9/8ozeQ161OBKJKWfYru8oPzkpO3QwcQWOb+7yqvxNjj+7/7qFvvuWzQfh51qsSTbMsVFpE/gQ4C6FdVulii6Wcbreat9RetRqR3uu9lmi2650Z66nb4aN3J+vboqpdyatMSJx/7jBvDhB3DakH8C8Vb/O/4GxyA+WK+mscm1kc1DvK/amLsYXJHKj50pNL4bxev0Y0yTlsVjPKC28jl3iKzz36tpWH89mVm9qNJv85qNtS4X5yu13zPTw2d0a306bWQ22u1t+Xa4V6Lh3sdnM0/7MtW8UZHyHwwj8ySfumz6pn8P7J7clmDXJm2jWsZTUzbPW6vzsKWVdcyzr61fyW3ZTTAOzg1/9X3Xk91V3Pbu3uTa61Wc2t7d+85C+UL/psoGfm2qiMeTudc+Cv26mkXFDe32kmShI7nwVUNd4X2HhJuOAG/ojA23YMeOhIEYrMsk9Z/M7Vuvu/yBPsUl+TpSe/Lo2VVpgJa6dYGytYG8+653k3kb75K/5bUBjPFFdygNde1G9L1zJt9qpHYx3lOmLq+6Qm//wMAAAAAAAAAAAAAAAAAAJw14/h3gtBjBAAAAAAAAAAAAAAAAAAAAADgrCua/1cl8//mTssyyPy/65vHmv+3d/IcAMP2JwAA//8BU4sn") openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x42, 0x0) 191.691614ms ago: executing program 6 (id=11240): mbind(&(0x7f0000bdc000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000140)=0x3ff, 0x3, 0x0) mbind(&(0x7f0000bdb000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000080)=0x103e, 0x5, 0x0) 142.249674ms ago: executing program 1 (id=11241): r0 = socket$inet6(0xa, 0x3, 0x3) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@remote, @in=@empty, 0x4e20, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@empty, 0x0, 0x33}, 0x6, @in=@private, 0x0, 0x1}}, 0xe8) 68.334447ms ago: executing program 2 (id=11242): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) 0s ago: executing program 5 (id=11243): r0 = syz_clone(0x201000, 0x0, 0x0, &(0x7f0000000140), 0x0, 0x0) process_vm_writev(r0, &(0x7f0000000e80)=[{&(0x7f0000000cc0)=""/166, 0xa6}], 0x1, &(0x7f0000002280)=[{0x0}, {&(0x7f0000000f00)=""/210, 0xd2}], 0x2, 0x0) kernel console output (not intermixed with test programs): .772797][T31063] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 785.973110][T31063] usb 6-1: New USB device found, idVendor=0c45, idProduct=608f, bcdDevice=b5.55 [ 786.016682][T31063] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 786.052843][T31063] usb 6-1: Product: syz [ 786.062727][T31063] usb 6-1: Manufacturer: syz [ 786.067346][T31063] usb 6-1: SerialNumber: syz [ 786.134963][T32594] loop2: detected capacity change from 0 to 64 [ 786.147748][T31063] usb 6-1: config 0 descriptor?? [ 786.180297][T31063] gspca_main: sonixb-2.14.0 probing 0c45:608f [ 786.238509][T32601] loop6: detected capacity change from 0 to 1024 [ 786.340980][T32601] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 786.528593][T14640] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 786.652028][ T24] usb 6-1: USB disconnect, device number 48 [ 787.098148][T32655] netlink: 2 bytes leftover after parsing attributes in process `syz.2.9371'. [ 787.442853][T32671] tipc: Can't bind to reserved service type 0 [ 787.479772][T32674] loop1: detected capacity change from 0 to 64 [ 787.903040][ T24] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 788.096671][ T24] usb 7-1: Using ep0 maxpacket: 32 [ 788.112403][ T24] usb 7-1: config 0 has an invalid interface number: 59 but max is 0 [ 788.119716][T32705] loop4: detected capacity change from 0 to 2048 [ 788.145408][ T24] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 788.184062][T32705] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 788.192792][ T24] usb 7-1: config 0 has no interface number 0 [ 788.219137][T13345] udevd[13345]: incorrect nilfs2 checksum on /dev/loop4 [ 788.230481][ T24] usb 7-1: config 0 interface 59 altsetting 7 has an endpoint descriptor with address 0xFA, changing to 0x8A [ 788.277294][T32717] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 788.288736][ T24] usb 7-1: config 0 interface 59 altsetting 7 bulk endpoint 0x8A has invalid maxpacket 22 [ 788.333066][ T24] usb 7-1: config 0 interface 59 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 788.388411][ T24] usb 7-1: config 0 interface 59 has no altsetting 0 [ 788.443897][ T24] usb 7-1: New USB device found, idVendor=0499, idProduct=5006, bcdDevice=47.18 [ 788.476077][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.494945][ T24] usb 7-1: Product: syz [ 788.521105][ T24] usb 7-1: Manufacturer: syz [ 788.536541][ T24] usb 7-1: SerialNumber: syz [ 788.574502][ T24] usb 7-1: config 0 descriptor?? [ 788.600090][T32682] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 788.616511][ T24] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 788.752932][T32744] netlink: 256 bytes leftover after parsing attributes in process `syz.1.9397'. [ 788.842558][ T968] usb 7-1: USB disconnect, device number 22 [ 788.989882][ T6281] udevd[6281]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.59/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 789.047028][ T24] usb 5-1: new full-speed USB device number 40 using dummy_hcd [ 789.246333][ T24] usb 5-1: config 0 has an invalid interface number: 83 but max is 0 [ 789.291458][ T24] usb 5-1: config 0 has no interface number 0 [ 789.326244][ T24] usb 5-1: config 0 interface 83 altsetting 6 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 789.374625][ T24] usb 5-1: config 0 interface 83 altsetting 6 has a duplicate endpoint with address 0x83, skipping [ 789.422869][ T24] usb 5-1: config 0 interface 83 has no altsetting 0 [ 789.471239][ T24] usb 5-1: New USB device found, idVendor=0557, idProduct=2001, bcdDevice=6d.a7 [ 789.504503][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 789.512584][ T24] usb 5-1: Product: syz [ 789.562967][ T336] netlink: 52 bytes leftover after parsing attributes in process `syz.1.9409'. [ 789.572955][ T24] usb 5-1: Manufacturer: syz [ 789.577598][ T24] usb 5-1: SerialNumber: syz [ 789.613972][ T24] usb 5-1: config 0 descriptor?? [ 789.621257][ T336] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9409'. [ 789.669657][ T346] usb usb8: usbfs: process 346 (syz.6.9410) did not claim interface 0 before use [ 789.690016][ T336] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9409'. [ 789.732780][ T336] netlink: 60 bytes leftover after parsing attributes in process `syz.1.9409'. [ 789.927071][ T24] usb 5-1: USB disconnect, device number 40 [ 789.990643][ T347] bond3: entered promiscuous mode [ 790.002873][ T347] bond3: entered allmulticast mode [ 790.019989][ T347] 8021q: adding VLAN 0 to HW filter on device bond3 [ 790.239499][ T5960] usb 4-1: new full-speed USB device number 45 using dummy_hcd [ 790.436160][ T5960] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 790.466500][ T5960] usb 4-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d [ 790.504390][ T5960] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 790.512455][ T5960] usb 4-1: Product: syz [ 790.548817][ T5960] usb 4-1: Manufacturer: syz [ 790.556472][ T5960] usb 4-1: SerialNumber: syz [ 790.564867][ T426] netlink: 76 bytes leftover after parsing attributes in process `syz.5.9424'. [ 790.858005][ T5960] usb 4-1: selecting invalid altsetting 1 [ 790.897979][ T5960] LME2510(C): Firmware Status: 00 00 00 00 00 00 [ 790.898107][ T5960] dvb_usb_lmedm04 4-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22 [ 790.985741][ T5960] usb 4-1: USB disconnect, device number 45 [ 791.072922][ T24] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 791.197798][ T465] netlink: 28 bytes leftover after parsing attributes in process `syz.5.9433'. [ 791.198101][ T466] netlink: 16 bytes leftover after parsing attributes in process `syz.6.9434'. [ 791.217236][ T466] netlink: 224 bytes leftover after parsing attributes in process `syz.6.9434'. [ 791.231853][ T347] bond3 (unregistering): Released all slaves [ 791.242861][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 791.254630][ T24] usb 5-1: config 0 has an invalid interface number: 225 but max is 0 [ 791.280645][ T24] usb 5-1: config 0 has no interface number 0 [ 791.307819][ T24] usb 5-1: config 0 interface 225 altsetting 130 endpoint 0xD has invalid maxpacket 512, setting to 64 [ 791.345802][ T24] usb 5-1: config 0 interface 225 altsetting 130 endpoint 0x4 has invalid maxpacket 5950, setting to 1024 [ 791.370816][ T24] usb 5-1: config 0 interface 225 altsetting 130 bulk endpoint 0x4 has invalid maxpacket 1024 [ 791.400081][ T24] usb 5-1: config 0 interface 225 altsetting 130 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 791.440903][ T24] usb 5-1: config 0 interface 225 has no altsetting 0 [ 791.499567][ T24] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0105, bcdDevice=dc.79 [ 791.534522][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 791.542578][ T24] usb 5-1: Product: syz [ 791.591269][ T24] usb 5-1: Manufacturer: syz [ 791.621120][ T24] usb 5-1: SerialNumber: syz [ 791.693309][ T24] usb 5-1: config 0 descriptor?? [ 791.700405][ T437] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 791.748366][ T24] kvaser_usb 5-1:0.225: error -ENODEV: Cannot get usb endpoint(s) [ 792.071715][ T537] loop2: detected capacity change from 0 to 1024 [ 792.100339][ T539] batadv_slave_0: entered allmulticast mode [ 792.163585][ T537] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 792.240705][ T549] loop5: detected capacity change from 0 to 2048 [ 792.244546][ T547] __nla_validate_parse: 1 callbacks suppressed [ 792.244578][ T547] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9452'. [ 792.317022][ T537] EXT4-fs error (device loop2): __ext4_new_inode:1073: comm syz.2.9447: reserved inode found cleared - inode=1 [ 792.364479][ T549] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 792.497334][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 792.571178][ T24] usb 5-1: USB disconnect, device number 41 [ 792.734267][ T5821] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 792.794087][ T584] hsr0: entered promiscuous mode [ 792.856436][ T584] A link change request failed with some changes committed already. Interface hsr0 may have been left with an inconsistent configuration, please check. [ 793.043031][ T597] netlink: zone id is out of range [ 793.048192][ T597] netlink: zone id is out of range [ 793.085967][ T597] netlink: zone id is out of range [ 793.091140][ T597] netlink: zone id is out of range [ 793.152218][ T597] netlink: zone id is out of range [ 793.167872][ T597] netlink: zone id is out of range [ 793.191623][ T597] netlink: zone id is out of range [ 793.212784][ T597] netlink: zone id is out of range [ 793.230090][ T597] netlink: zone id is out of range [ 793.352835][ T5887] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 793.560189][ T631] tmpfs: Bad value for 'mpol' [ 793.565176][ T5887] usb 5-1: Using ep0 maxpacket: 16 [ 793.581354][ T5887] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 793.594116][ T5887] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 793.642739][T31063] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 793.651616][ T5887] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 793.684325][ T5887] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 793.707333][ T5887] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 793.745460][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 793.770769][ T5887] usb 5-1: Product: syz [ 793.784114][ T5887] usb 5-1: Manufacturer: syz [ 793.788775][ T5887] usb 5-1: SerialNumber: syz [ 793.842440][T31063] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 793.883379][T31063] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 793.911058][T31063] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 793.966913][T31063] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 794.008219][T31063] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 794.034479][T31063] usb 3-1: config 0 descriptor?? [ 794.059227][T31063] hub 3-1:0.0: USB hub found [ 794.181780][ T5887] usb 5-1: USB disconnect, device number 42 [ 794.249353][T31063] hub 3-1:0.0: 9 ports detected [ 794.277698][T31063] hub 3-1:0.0: insufficient power available to use all downstream ports [ 794.298142][ T5884] udevd[5884]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 794.367205][ T686] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9484'. [ 794.451051][T31063] hub 3-1:0.0: hub_hub_status failed (err = -71) [ 794.477596][T31063] hub 3-1:0.0: config failed, can't get hub status (err -71) [ 794.565320][T31063] usb 3-1: USB disconnect, device number 31 [ 794.811793][ T711] netlink: 'syz.3.9491': attribute type 21 has an invalid length. [ 794.852543][ T711] netlink: 128 bytes leftover after parsing attributes in process `syz.3.9491'. [ 794.892816][ T711] netlink: 'syz.3.9491': attribute type 5 has an invalid length. [ 794.923109][ T711] netlink: 'syz.3.9491': attribute type 6 has an invalid length. [ 794.942850][ T711] netlink: 3 bytes leftover after parsing attributes in process `syz.3.9491'. [ 795.007926][ T713] loop4: detected capacity change from 0 to 4096 [ 795.072765][ T713] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 795.091024][ T653] loop5: detected capacity change from 0 to 32768 [ 795.307124][ T713] ntfs3(loop4): ino=19, mi_enum_attr [ 795.312489][ T713] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 795.332267][ T653] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0 [ 795.477707][ T713] ntfs3(loop4): failed to convert "c46c" to iso8859-3 [ 795.487002][ T653] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,recovery_pass_last=initialize_subvolumes,nojournal_transaction_names,read_only,reconstruct_alloc [ 795.487002][ T653] allowing incompatible features above 0.0: (unknown version) [ 795.522924][ T713] ntfs3(loop4): ino=20, mi_enum_attr [ 795.551947][ T751] netlink: 'syz.2.9500': attribute type 10 has an invalid length. [ 795.574448][ T653] bcachefs (loop5): recovering from clean shutdown, journal seq 10 [ 795.604489][ T751] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 795.633243][ T653] bcachefs (loop5): Version upgrade required: [ 795.633243][ T653] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 795.633243][ T653] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags [ 795.633243][ T653] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 795.662873][ T751] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 795.703110][ C1] vkms_vblank_simulate: vblank timer overrun [ 795.792716][ T751] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 795.797643][ T653] bcachefs (loop5): dropping and reconstructing all alloc info [ 795.851958][ T653] bcachefs (loop5): accounting_read... done [ 795.937713][ T653] bcachefs (loop5): alloc_read... done [ 795.982897][ T653] bcachefs (loop5): done starting filesystem [ 796.313760][ T5821] bcachefs (loop5): shutting down [ 796.356036][ T781] loop4: detected capacity change from 0 to 2048 [ 796.383057][ T781] EXT4-fs: Ignoring removed mblk_io_submit option [ 796.462727][ T5821] bcachefs (loop5): shutdown complete [ 796.470322][ T781] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 796.754924][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 796.780066][ T800] loop6: detected capacity change from 0 to 1024 [ 796.939919][ T759] loop1: detected capacity change from 0 to 32768 [ 797.005305][ T759] [ 797.005305][ T759] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 797.005305][ T759] [ 797.075811][ T759] ERROR: (device loop1): diWrite: ixpxd invalid [ 797.075811][ T759] [ 797.086143][ T759] ERROR: (device loop1): txCommit: [ 797.086143][ T759] [ 797.096780][ T759] imap: ffff88807d158000: ffffffff 00000000 00000000 00000000 [ 797.105760][ T3409] hfsplus: b-tree write err: -5, ino 4 [ 797.152890][ T759] imap: ffff88807d158010: 00000004 00000002 00000000 00000000 [ 797.160943][ T759] ERROR: (device loop1): diFree: inum = 64, iagno = 0, nextiag = 0 [ 797.160943][ T759] [ 797.180299][ T775] loop2: detected capacity change from 0 to 32768 [ 797.353962][ T775] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 797.384500][ T829] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9520'. [ 797.429464][ T5823] [ 797.429464][ T5823] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 797.429464][ T5823] [ 797.472119][ T5823] [ 797.472119][ T5823] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 797.472119][ T5823] [ 797.484049][ T829] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 36214 - 0 [ 797.503021][ T829] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 36214 - 0 [ 797.545148][ T829] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 36214 - 0 [ 797.589982][ T829] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 36214 - 0 [ 797.604276][ T775] XFS (loop2): Ending clean mount [ 797.625388][ T829] geneve4: entered promiscuous mode [ 797.649798][ T829] geneve4: entered allmulticast mode [ 797.757966][ T5827] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 798.225885][ T865] binder: 864:865 ioctl c0306201 200000000100 returned -14 [ 798.955488][ T902] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9542'. [ 798.972888][T31063] usb 4-1: new full-speed USB device number 46 using dummy_hcd [ 799.183109][T31063] usb 4-1: config 0 has an invalid interface number: 138 but max is 0 [ 799.202246][T31063] usb 4-1: config 0 has no interface number 0 [ 799.217330][T31063] usb 4-1: config 0 interface 138 altsetting 0 has an endpoint descriptor with address 0x61, changing to 0x1 [ 799.251480][T31063] usb 4-1: config 0 interface 138 altsetting 0 has an endpoint descriptor with address 0x97, changing to 0x87 [ 799.292536][T31063] usb 4-1: config 0 interface 138 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 4 [ 799.323181][T31063] usb 4-1: config 0 interface 138 altsetting 0 endpoint 0x87 has invalid maxpacket 1152, setting to 1023 [ 799.338497][T31063] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice= f.66 [ 799.384083][T31063] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 799.422209][ T869] loop4: detected capacity change from 0 to 32768 [ 799.441480][T31063] usb 4-1: config 0 descriptor?? [ 799.498866][ T932] netlink: 'syz.6.9548': attribute type 29 has an invalid length. [ 799.705253][T31063] usb 4-1: string descriptor 0 read error: -71 [ 799.714215][T31063] usbtest 4-1:0.138: Linux gadget zero [ 799.719707][T31063] usbtest 4-1:0.138: full-speed {control in/out bulk-out iso-in} tests (+alt) [ 799.793434][T31063] usb 4-1: USB disconnect, device number 46 [ 799.826908][ T955] net_ratelimit: 397 callbacks suppressed [ 799.826930][ T955] netlink: zone id is out of range [ 800.295733][ T977] program syz.2.9557 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 800.787266][ T995] loop4: detected capacity change from 0 to 4096 [ 800.833604][ T995] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512). [ 801.519906][ T1046] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9574'. [ 801.559114][ T1046] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9574'. [ 801.674709][ T984] loop6: detected capacity change from 0 to 32768 [ 801.709260][ T984] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.9559 (984) [ 801.773711][ T984] BTRFS info (device loop6): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 801.827068][ T984] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm [ 801.872507][ T998] loop5: detected capacity change from 0 to 32768 [ 801.892987][ T984] BTRFS info (device loop6): disk space caching is enabled [ 801.974287][ T984] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 802.134039][ T1091] netlink: 'syz.1.9582': attribute type 12 has an invalid length. [ 802.155256][ T1091] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9582'. [ 802.208350][ T984] BTRFS info (device loop6): rebuilding free space tree [ 802.338581][ T984] BTRFS info (device loop6): disabling free space tree [ 802.435977][ T984] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 802.488997][ T984] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 802.580900][ T1109] loop4: detected capacity change from 0 to 1024 [ 802.758217][ T1120] netlink: 40 bytes leftover after parsing attributes in process `syz.5.9591'. [ 802.973322][T14640] BTRFS info (device loop6): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 803.324372][ T1145] loop2: detected capacity change from 0 to 256 [ 803.385533][ T1145] exfat: Deprecated parameter 'utf8' [ 803.607102][ T1145] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xdd33351c, utbl_chksum : 0xe619d30d) [ 803.676050][ T1163] netlink: 'syz.3.9604': attribute type 10 has an invalid length. [ 803.859361][ T1163] team0: Device veth1_macvtap failed to register rx_handler [ 804.099684][ T1173] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9608'. [ 804.413676][ T1197] (unnamed net_device) (uninitialized): (slave gre0): Device is not bonding slave [ 804.482561][ T1197] (unnamed net_device) (uninitialized): option active_slave: invalid value (gre0) [ 805.143859][T28863] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 805.324651][T28863] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 805.348519][T28863] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 805.379306][T28863] usb 4-1: config 220 has no interface number 2 [ 805.422921][T28863] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 805.443003][ T1256] openvswitch: netlink: Flow key attr not present in new flow. [ 805.483313][T28863] usb 4-1: config 220 interface 0 has no altsetting 0 [ 805.520656][T28863] usb 4-1: config 220 interface 76 has no altsetting 0 [ 805.530211][ T1253] loop5: detected capacity change from 0 to 1024 [ 805.542874][T28863] usb 4-1: config 220 interface 1 has no altsetting 0 [ 805.576373][T28863] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 805.580892][ T1248] loop2: detected capacity change from 0 to 4096 [ 805.592560][T28863] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 805.602354][T28863] usb 4-1: Product: syz [ 805.607042][T28863] usb 4-1: Manufacturer: syz [ 805.611663][T28863] usb 4-1: SerialNumber: syz [ 805.653072][ T1248] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 805.819531][ T1248] ntfs3(loop2): ino=19, mi_enum_attr [ 805.858659][ T1248] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 805.858780][T28863] usb 4-1: selecting invalid altsetting 0 [ 805.914725][ T1203] loop6: detected capacity change from 0 to 32768 [ 805.930416][T28863] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 805.932228][ T1248] ntfs3(loop2): failed to convert "c46c" to iso8859-3 [ 805.953487][T28863] usb 4-1: No valid video chain found. [ 805.964779][ T1274] loop4: detected capacity change from 0 to 512 [ 805.993708][T28863] usb 4-1: selecting invalid altsetting 0 [ 806.010080][ T30] audit: type=1800 audit(2000000382.469:339): pid=1203 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.9615" name="file1" dev="loop6" ino=4 res=0 errno=0 [ 806.016789][T28863] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 806.038876][ T1248] ntfs3(loop2): ino=20, mi_enum_attr [ 806.088151][ T1295] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 806.143218][T28863] usb 4-1: USB disconnect, device number 47 [ 806.177249][ T1274] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 806.193559][ T1274] ext4 filesystem being mounted at /1609/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 806.235708][ T5960] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 806.449628][ T5960] usb 2-1: too many configurations: 89, using maximum allowed: 8 [ 806.495489][ T5960] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 806.523516][ T5960] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 806.561435][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 806.580182][ T5960] usb 2-1: Product: syz [ 806.592374][ T5960] usb 2-1: Manufacturer: syz [ 806.597834][ T5960] usb 2-1: SerialNumber: syz [ 806.633952][ T5960] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 806.730795][T28863] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 807.983683][ T24] usb 2-1: USB disconnect, device number 48 [ 807.995906][T28863] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 808.024641][T28863] ath9k_htc: Failed to initialize the device [ 808.031254][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.033361][ T24] usb 2-1: ath9k_htc: USB layer deinitialized [ 808.037703][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.148461][ T1384] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9658'. [ 808.393034][ T1391] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9660'. [ 808.496690][ T1393] loop6: detected capacity change from 0 to 2048 [ 808.581412][ T5884] loop6: p3 < > p4 < > [ 808.604628][ T5884] loop6: partition table partially beyond EOD, truncated [ 808.652909][ T5884] loop6: p3 start 4284289 is beyond EOD, truncated [ 808.667590][ T5835] Bluetooth: hci2: Malformed LE Event: 0x1b [ 808.704847][ T1393] loop6: p3 < > p4 < > [ 808.714445][ T1393] loop6: partition table partially beyond EOD, truncated [ 808.744628][ T1352] loop2: detected capacity change from 0 to 32768 [ 808.751583][ T1393] loop6: p3 start 4284289 is beyond EOD, truncated [ 808.865102][ T1352] JBD2: Ignoring recovery information on journal [ 808.985939][ T1352] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 808.988901][ T5884] udevd[5884]: inotify_add_watch(7, /dev/loop6p4, 10) failed: No such file or directory [ 809.049469][ T1359] loop5: detected capacity change from 0 to 32768 [ 809.099818][ T1359] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.9652 (1359) [ 809.129713][ T5884] udevd[5884]: inotify_add_watch(7, /dev/loop6p4, 10) failed: No such file or directory [ 809.145507][ T1359] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 809.186337][ T1359] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm [ 809.213136][ T5827] ocfs2: Unmounting device (7,2) on (node local) [ 809.249776][ T1359] BTRFS info (device loop5): using free-space-tree [ 809.539653][ T1359] BTRFS info (device loop5): rebuilding free space tree [ 809.782988][ T5821] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 810.302475][ T1493] netlink: 'syz.5.9679': attribute type 10 has an invalid length. [ 810.359118][ T1493] netlink: 392 bytes leftover after parsing attributes in process `syz.5.9679'. [ 810.560863][ T1508] loop2: detected capacity change from 0 to 65 [ 810.674079][ T1508] BFS-fs: bfs_fill_super(): NOTE: filesystem loop2 was created with 512 inodes, the real maximum is 511, mounting anyway [ 810.802887][ T1518] netlink: 'syz.6.9692': attribute type 13 has an invalid length. [ 810.842847][ T1518] macvtap0: entered promiscuous mode [ 810.889619][ T1518] macvtap0: refused to change device tx_queue_len [ 811.024740][ T1535] netlink: 'syz.2.9696': attribute type 1 has an invalid length. [ 811.072796][ T24] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 811.210282][ T1538] batadv_slave_0: entered allmulticast mode [ 811.262760][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 811.297241][ T24] usb 2-1: config 0 has an invalid interface number: 79 but max is 0 [ 811.322552][ T24] usb 2-1: config 0 has no interface number 0 [ 811.366218][ T24] usb 2-1: New USB device found, idVendor=0402, idProduct=5632, bcdDevice=c3.6f [ 811.393387][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 811.442900][ T24] usb 2-1: Product: syz [ 811.485197][ T24] usb 2-1: Manufacturer: syz [ 811.489861][ T24] usb 2-1: SerialNumber: syz [ 811.524690][ T24] usb 2-1: config 0 descriptor?? [ 811.586338][ T1566] @ÿ: renamed from bond_slave_0 (while UP) [ 811.595266][ T1563] loop4: detected capacity change from 0 to 764 [ 811.650936][ T1563] Symlink component flag not implemented [ 811.658622][ T1563] Symlink component flag not implemented [ 811.667249][ T1563] Symlink component flag not implemented (129) [ 811.674119][ T1563] Symlink component flag not implemented (6) [ 811.763048][ T5887] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 811.867725][ T24] cdc_subset 2-1:0.79 usb0: register 'cdc_subset' at usb-dummy_hcd.1-1, ALi M5632, 4a:97:7b:2f:86:ad [ 811.912127][ T1586] xt_HMARK: proto mask must be zero with L3 mode [ 811.957866][ T5887] usb 4-1: Using ep0 maxpacket: 8 [ 811.985345][ T5887] usb 4-1: unable to get BOS descriptor or descriptor too short [ 811.998198][ T24] usb 2-1: USB disconnect, device number 49 [ 812.035963][ T5887] usb 4-1: config 0 has an invalid interface number: 125 but max is 0 [ 812.057659][ T5887] usb 4-1: config 0 has no interface number 0 [ 812.082971][ T5887] usb 4-1: config 0 interface 125 has no altsetting 0 [ 812.113822][ T24] cdc_subset 2-1:0.79 usb0: unregister 'cdc_subset' usb-dummy_hcd.1-1, ALi M5632 [ 812.118936][ T5887] usb 4-1: string descriptor 0 read error: -22 [ 812.152819][ T5887] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 812.202690][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 812.362167][ T5887] usb 4-1: config 0 descriptor?? [ 812.371797][ T5887] hub 4-1:0.125: bad descriptor, ignoring hub [ 812.382427][ T5887] hub 4-1:0.125: probe with driver hub failed with error -5 [ 812.405514][ T5887] usb 4-1: Found UVC 0.00 device (17dc:0202) [ 812.417409][ T1614] loop6: detected capacity change from 0 to 128 [ 812.439346][ T5887] usb 4-1: No valid video chain found. [ 812.448620][ T1619] netlink: 'syz.5.9718': attribute type 1 has an invalid length. [ 812.498818][ T1614] befs: (loop6): invalid magic header [ 812.503445][ T1619] netlink: 224 bytes leftover after parsing attributes in process `syz.5.9718'. [ 812.687918][ T1632] loop4: detected capacity change from 0 to 2048 [ 812.767846][ T5887] usb 4-1: USB disconnect, device number 48 [ 812.842423][ T1632] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 812.935491][ T1632] ext4 filesystem being mounted at /1627/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 813.104333][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 813.393570][ T1677] binder: 1676:1677 ioctl c00c6211 0 returned -14 [ 813.406891][ T1666] loop6: detected capacity change from 0 to 4096 [ 813.460684][ T1666] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 813.724166][T14640] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 814.192353][ T1725] nfs: Unknown parameter 'ntext' [ 814.283431][ T1732] netlink: 'syz.4.9747': attribute type 21 has an invalid length. [ 814.305603][ T24] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 814.311788][ T1732] netlink: 'syz.4.9747': attribute type 1 has an invalid length. [ 814.331119][ T1730] loop5: detected capacity change from 0 to 1024 [ 814.504335][ T24] usb 7-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 814.543920][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 814.566429][ T24] usb 7-1: Product: syz [ 814.582811][ T24] usb 7-1: Manufacturer: syz [ 814.587468][ T24] usb 7-1: SerialNumber: syz [ 814.649668][ T24] r8152-cfgselector 7-1: Unknown version 0x0000 [ 814.668228][ T24] r8152-cfgselector 7-1: config 0 descriptor?? [ 815.133679][ T24] r8152-cfgselector 7-1: USB disconnect, device number 23 [ 815.237607][ T1783] loop4: detected capacity change from 0 to 64 [ 815.297923][ T1783] bio_check_eod: 8 callbacks suppressed [ 815.297944][ T1783] syz.4.9759: attempt to access beyond end of device [ 815.297944][ T1783] loop4: rw=0, sector=2590, nr_sectors = 2 limit=64 [ 815.362017][ T1783] buffer_io_error: 6 callbacks suppressed [ 815.362038][ T1783] Buffer I/O error on dev loop4, logical block 1295, async page read [ 815.393637][ T1783] syz.4.9759: attempt to access beyond end of device [ 815.393637][ T1783] loop4: rw=0, sector=2590, nr_sectors = 2 limit=64 [ 815.444836][ T1783] Buffer I/O error on dev loop4, logical block 1295, async page read [ 815.510761][ T30] audit: type=1800 audit(2000000391.969:340): pid=1783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.9759" name="file2" dev="loop4" ino=6 res=0 errno=0 [ 815.653314][ T1803] netlink: 52 bytes leftover after parsing attributes in process `syz.3.9765'. [ 815.691915][ T1803] netlink: 52 bytes leftover after parsing attributes in process `syz.3.9765'. [ 815.701424][ T1801] loop1: detected capacity change from 0 to 1024 [ 816.329231][ T1838] autofs4:pid:1838:validate_dev_ioctl: path string terminator missing for cmd(0xc018937e) [ 816.733861][ T1865] loop6: detected capacity change from 0 to 1024 [ 817.091567][ T1889] loop1: detected capacity change from 0 to 128 [ 817.098029][ T24] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 817.133168][ T1889] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 817.200266][ T1889] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 817.265889][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 817.312767][ T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 817.332359][ T24] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 817.356324][ T24] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 817.409350][ T24] usb 6-1: Product: syz [ 817.442842][ T24] usb 6-1: Manufacturer: syz [ 817.447818][ T24] usb 6-1: SerialNumber: syz [ 817.552983][ T1918] netlink: 'syz.6.9797': attribute type 1 has an invalid length. [ 817.561387][ T1918] netlink: 244 bytes leftover after parsing attributes in process `syz.6.9797'. [ 817.681704][ T1918] NCSI netlink: No device for ifindex 0 [ 817.709906][ T24] usb 6-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 817.740041][ T24] usb 6-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 817.762791][ T24] usb 6-1: Handspring Visor / Palm OS: Number of ports: 2 [ 817.913787][ T24] usb 6-1: palm_os_3_probe - error -71 getting bytes available request [ 817.922161][ T24] visor 6-1:1.0: Handspring Visor / Palm OS converter detected [ 818.014559][ T24] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 818.069464][ T24] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 818.127364][ T24] usb 6-1: USB disconnect, device number 49 [ 818.147845][ T24] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 818.266644][ T24] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 818.289485][ T24] visor 6-1:1.0: device disconnected [ 818.656550][ T1996] loop6: detected capacity change from 0 to 64 [ 818.659898][ T1993] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (18446744073709551615) [ 818.680627][ T1994] netlink: 'syz.2.9818': attribute type 4 has an invalid length. [ 818.710341][ T1994] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.9818'. [ 818.760472][ T1993] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535 [ 818.940748][ T2009] loop1: detected capacity change from 0 to 16 [ 819.012960][ T2009] erofs (device loop1): mounted with root inode @ nid 36. [ 819.379054][ T2037] qrtr: Invalid version 0 [ 819.733967][ T2058] A link change request failed with some changes committed already. Interface xfrm0 may have been left with an inconsistent configuration, please check. [ 819.930393][ T2071] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9844'. [ 820.212516][ T2088] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long [ 820.719328][ T2113] netlink: 156 bytes leftover after parsing attributes in process `syz.2.9857'. [ 820.896745][ T2120] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 821.272802][ T24] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 821.451754][ T24] usb 7-1: config 220 has an invalid interface number: 76 but max is 2 [ 821.482228][ T24] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 821.521409][ T24] usb 7-1: config 220 has no interface number 2 [ 821.562530][ T24] usb 7-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 821.624368][ T24] usb 7-1: config 220 interface 0 has no altsetting 0 [ 821.662212][ T24] usb 7-1: config 220 interface 76 has no altsetting 0 [ 821.692592][ T24] usb 7-1: config 220 interface 1 has no altsetting 0 [ 821.725055][ T24] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 821.742786][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 821.766098][ T2169] netlink: 44 bytes leftover after parsing attributes in process `syz.4.9877'. [ 821.792705][ T24] usb 7-1: Product: syz [ 821.803198][ T24] usb 7-1: Manufacturer: syz [ 821.813478][ T24] usb 7-1: SerialNumber: syz [ 822.008883][ T2125] loop5: detected capacity change from 0 to 32768 [ 822.050634][ T24] usb 7-1: selecting invalid altsetting 0 [ 822.078976][ T24] usb 7-1: Found UVC 7.01 device syz (8086:0b07) [ 822.110950][ T2188] netlink: 'syz.4.9881': attribute type 21 has an invalid length. [ 822.131478][ T24] usb 7-1: No valid video chain found. [ 822.138235][ T2125] (syz.5.9863,2125,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 822.159737][ T2188] netlink: 132 bytes leftover after parsing attributes in process `syz.4.9881'. [ 822.181562][ T2125] (syz.5.9863,2125,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 822.218890][ T24] usb 7-1: selecting invalid altsetting 0 [ 822.240100][ T2191] (unnamed net_device) (uninitialized): up delay (7) is not a multiple of miimon (3), value rounded to 6 ms [ 822.262157][ T24] usbtest 7-1:220.1: probe with driver usbtest failed with error -22 [ 822.314527][ T2191] (unnamed net_device) (uninitialized): down delay (7) is not a multiple of miimon (3), value rounded to 6 ms [ 822.329438][ T24] usb 7-1: USB disconnect, device number 24 [ 822.358111][ T2125] JBD2: Ignoring recovery information on journal [ 822.447120][ T2125] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 822.588230][ T2191] 8021q: adding VLAN 0 to HW filter on device bond3 [ 822.780721][ T5821] ocfs2: Unmounting device (7,5) on (node local) [ 823.560717][ T2301] No such timeout policy "syz1" [ 823.779817][ T2299] loop5: detected capacity change from 0 to 4096 [ 823.883929][ T2299] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 823.910246][ T2299] ntfs3(loop5): Failed to initialize $Extend/$ObjId. [ 824.036653][ T2299] ntfs3(loop5): ino=1e, "file1" attr_set_size [ 824.071134][ T2325] netlink: 'syz.4.9913': attribute type 1 has an invalid length. [ 824.703027][ T2353] netlink: 44 bytes leftover after parsing attributes in process `syz.1.9920'. [ 824.996859][ T2368] loop6: detected capacity change from 0 to 256 [ 825.051237][ T30] audit: type=1326 audit(2000000401.509:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2371 comm="syz.1.9927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ec798e969 code=0x7ffc0000 [ 825.062945][ T2368] exfat: Deprecated parameter 'namecase' [ 825.132962][ T2368] exfat: Deprecated parameter 'namecase' [ 825.163406][ T2368] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xc2dc8e67, utbl_chksum : 0xe619d30d) [ 825.187224][ T30] audit: type=1326 audit(2000000401.509:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2371 comm="syz.1.9927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ec798e969 code=0x7ffc0000 [ 825.338222][ T30] audit: type=1326 audit(2000000401.559:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2371 comm="syz.1.9927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f7ec798e969 code=0x7ffc0000 [ 825.423295][ T30] audit: type=1326 audit(2000000401.559:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2371 comm="syz.1.9927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ec798e969 code=0x7ffc0000 [ 825.461962][ T30] audit: type=1326 audit(2000000401.559:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2371 comm="syz.1.9927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ec798e969 code=0x7ffc0000 [ 825.560315][ T2406] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 825.831837][ T2416] loop6: detected capacity change from 0 to 764 [ 825.909740][ T2416] rock: directory entry would overflow storage [ 825.952848][ T2416] rock: sig=0x4654, size=5, remaining=4 [ 826.175474][ T2440] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9945'. [ 826.942371][ T2503] tc_dump_action: action bad kind [ 827.623600][ T2552] netlink: 348 bytes leftover after parsing attributes in process `syz.1.9975'. [ 827.748639][ T5835] Bluetooth: hci0: unexpected event for opcode 0x203d [ 828.085100][ T2583] loop6: detected capacity change from 0 to 1764 [ 828.141984][ T2591] affs: No valid root block on device nbd5 [ 829.037919][ T24] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 829.206632][ T24] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 829.232187][ T24] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 829.282341][ T24] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 829.303633][ T5887] usb 6-1: new high-speed USB device number 50 using dummy_hcd [ 829.322791][ T24] usb 4-1: config 220 has no interface number 2 [ 829.345077][ T24] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 829.404598][ T24] usb 4-1: config 220 interface 0 has no altsetting 0 [ 829.411616][ T24] usb 4-1: config 220 interface 76 has no altsetting 0 [ 829.443250][ T24] usb 4-1: config 220 interface 1 has no altsetting 0 [ 829.493110][ T24] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 829.503135][ T5887] usb 6-1: Using ep0 maxpacket: 32 [ 829.532880][ T5887] usb 6-1: config 0 has an invalid interface number: 68 but max is 0 [ 829.534570][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 829.576668][ T5887] usb 6-1: config 0 has no interface number 0 [ 829.583873][ T24] usb 4-1: Product: syz [ 829.596926][ T5887] usb 6-1: config 0 interface 68 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 829.605612][ T24] usb 4-1: Manufacturer: syz [ 829.614296][ T2696] loop4: detected capacity change from 0 to 64 [ 829.622893][ T24] usb 4-1: SerialNumber: syz [ 829.647879][ T5887] usb 6-1: config 0 interface 68 has no altsetting 0 [ 829.688458][ T5887] usb 6-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=58.31 [ 829.701145][ T5887] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 829.741698][ T5887] usb 6-1: Product: syz [ 829.761215][ T5887] usb 6-1: Manufacturer: syz [ 829.799736][ T5887] usb 6-1: SerialNumber: syz [ 829.854738][ T5887] usb 6-1: config 0 descriptor?? [ 829.890086][ T2631] wg1 speed is unknown, defaulting to 1000 [ 829.907531][ T24] usb 4-1: selecting invalid altsetting 0 [ 829.946906][ T24] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 829.980517][ T24] usb 4-1: No valid video chain found. [ 830.049391][ T24] usb 4-1: selecting invalid altsetting 0 [ 830.096808][ T24] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 830.181918][ T24] usb 4-1: USB disconnect, device number 49 [ 831.050874][ T24] usb 5-1: new full-speed USB device number 43 using dummy_hcd [ 831.058943][ T2812] tmpfs: Bad value for 'mpol' [ 831.143721][ T2815] netlink: 20 bytes leftover after parsing attributes in process `syz.3.10031'. [ 831.235964][ T24] usb 5-1: config index 0 descriptor too short (expected 1051, got 27) [ 831.257958][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10 [ 831.308098][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 831.365767][ T24] usb 5-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=7d.f9 [ 831.408910][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 831.437409][ T24] usb 5-1: Product: syz [ 831.457697][ T24] usb 5-1: Manufacturer: syz [ 831.472752][ T24] usb 5-1: SerialNumber: syz [ 831.526823][ T24] usb 5-1: config 0 descriptor?? [ 831.786780][ T24] usb 5-1: USB disconnect, device number 43 [ 831.828251][ T2863] unsupported nla_type 52263 [ 832.064905][ T5960] usb 6-1: USB disconnect, device number 50 [ 832.218741][ T30] audit: type=1400 audit(2000000408.679:346): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=26260A3AF6EFF374925873ECE44CF3460B0BA260624F2A08BDBB6D3C92592016EA4E0F401876B1958B3F9AA5153386EED838C49D3A pid=2884 comm="syz.6.10044" [ 832.283047][ T2888] netlink: 'syz.3.10045': attribute type 11 has an invalid length. [ 832.399624][ T2891] loop6: detected capacity change from 0 to 512 [ 832.442195][ T2808] loop2: detected capacity change from 0 to 40427 [ 832.497186][ T2808] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x3fffff [ 832.532170][ T2808] F2FS-fs (loop2): Image doesn't support compression [ 832.534740][ T2891] Quota error (device loop6): write_blk: dquota write failed [ 832.547101][ T2808] F2FS-fs (loop2): Image doesn't support compression [ 832.608240][ T2900] xt_l2tp: v2 doesn't support IP mode [ 832.616051][ T2808] F2FS-fs (loop2): invalid crc value [ 832.633688][ T2891] Quota error (device loop6): qtree_write_dquot: Error -28 occurred while creating quota [ 832.683011][ T2891] EXT4-fs error (device loop6): ext4_acquire_dquot:6935: comm syz.6.10047: Failed to acquire dquot type 1 [ 832.764768][ T2891] EXT4-fs (loop6): 1 truncate cleaned up [ 832.772388][ T2891] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 832.840381][ T2891] ext4 filesystem being mounted at /973/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 833.007758][ T2808] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 833.083455][ T2921] netlink: 28 bytes leftover after parsing attributes in process `syz.5.10054'. [ 833.153050][ T2921] netlink: 28 bytes leftover after parsing attributes in process `syz.5.10054'. [ 833.157065][T14640] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 833.168783][ T2808] syz.2.10028: attempt to access beyond end of device [ 833.168783][ T2808] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 833.189464][ T13] Quota error (device loop6): do_check_range: Getting block 0 out of range 1-5 [ 833.235084][ T13] EXT4-fs error (device loop6): ext4_release_dquot:6971: comm kworker/u8:1: Failed to release dquot type 1 [ 833.347525][ T5827] syz-executor: attempt to access beyond end of device [ 833.347525][ T5827] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 833.428982][ T5827] CPU: 0 UID: 0 PID: 5827 Comm: syz-executor Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) [ 833.429017][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 833.429032][ T5827] Call Trace: [ 833.429042][ T5827] [ 833.429052][ T5827] dump_stack_lvl+0x189/0x250 [ 833.429098][ T5827] ? __pfx_dump_stack_lvl+0x10/0x10 [ 833.429134][ T5827] ? __pfx_queue_work_on+0x10/0x10 [ 833.429156][ T5827] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 833.429183][ T5827] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 833.429211][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.429250][ T5827] f2fs_handle_critical_error+0x37c/0x540 [ 833.429285][ T5827] f2fs_write_end_io+0x4e2/0x6d0 [ 833.429332][ T5827] __submit_merged_bio+0x27a/0x6a0 [ 833.429364][ T5827] __submit_merged_write_cond+0x255/0x530 [ 833.429414][ T5827] f2fs_write_data_pages+0x2854/0x31f0 [ 833.429444][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.429512][ T5827] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 833.429603][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.429630][ T5827] ? __mod_node_page_state+0xf4/0x170 [ 833.429671][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.429699][ T5827] ? lru_gen_update_size+0x7bd/0xd20 [ 833.429741][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.429769][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.429797][ T5827] ? __bfs+0x154/0x2a0 [ 833.429846][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.429874][ T5827] ? check_path+0x21/0x40 [ 833.429894][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.429922][ T5827] ? check_noncircular+0xe0/0x160 [ 833.429952][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.429980][ T5827] ? lockdep_unlock+0x89/0x120 [ 833.430010][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.430044][ T5827] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 833.430075][ T5827] do_writepages+0x3b1/0x7b0 [ 833.430129][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.430156][ T5827] ? do_raw_spin_lock+0x121/0x290 [ 833.430184][ T5827] ? __pfx_do_writepages+0x10/0x10 [ 833.430226][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.430257][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.430285][ T5827] ? do_raw_spin_unlock+0x122/0x240 [ 833.430319][ T5827] filemap_fdatawrite+0x191/0x230 [ 833.430353][ T5827] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 833.430435][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.430469][ T5827] ? do_raw_spin_unlock+0x122/0x240 [ 833.430504][ T5827] f2fs_sync_dirty_inodes+0x31f/0x830 [ 833.430554][ T5827] f2fs_write_checkpoint+0x94a/0x1de0 [ 833.430613][ T5827] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 833.430701][ T5827] ? kill_f2fs_super+0x298/0x6c0 [ 833.430746][ T5827] kill_f2fs_super+0x2c3/0x6c0 [ 833.430785][ T5827] ? __pfx_kill_f2fs_super+0x10/0x10 [ 833.430814][ T5827] ? radix_tree_delete_item+0x2b6/0x400 [ 833.430856][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.430884][ T5827] ? shrinker_free+0x2ce/0x3e0 [ 833.430913][ T5827] deactivate_locked_super+0xbc/0x130 [ 833.430957][ T5827] cleanup_mnt+0x425/0x4c0 [ 833.430994][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.431022][ T5827] ? lockdep_hardirqs_on+0x9c/0x150 [ 833.431055][ T5827] task_work_run+0x1d4/0x260 [ 833.431092][ T5827] ? __pfx_task_work_run+0x10/0x10 [ 833.431125][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.431170][ T5827] resume_user_mode_work+0x5e/0x80 [ 833.431206][ T5827] syscall_exit_to_user_mode+0x9a/0x120 [ 833.431237][ T5827] do_syscall_64+0x103/0x210 [ 833.431269][ T5827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 833.431296][ T5827] ? exc_page_fault+0x91/0x110 [ 833.431326][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 833.431351][ T5827] RIP: 0033:0x7f778958fc97 [ 833.431372][ T5827] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 833.431393][ T5827] RSP: 002b:00007ffd7f3e9ba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 833.431419][ T5827] RAX: 0000000000000000 RBX: 00007f778961089d RCX: 00007f778958fc97 [ 833.431437][ T5827] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd7f3e9c60 [ 833.431453][ T5827] RBP: 00007ffd7f3e9c60 R08: 0000000000000000 R09: 0000000000000000 [ 833.431470][ T5827] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd7f3eacf0 [ 833.431487][ T5827] R13: 00007f778961089d R14: 00000000000cb6ca R15: 00007ffd7f3ead30 [ 833.431526][ T5827] [ 833.431537][ T5827] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 833.528217][ T2881] loop1: detected capacity change from 0 to 32768 [ 833.924078][ T2940] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 834.206252][ T2949] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10063'. [ 834.588653][ T2968] netlink: 'syz.5.10069': attribute type 21 has an invalid length. [ 834.630322][ T2968] netlink: 128 bytes leftover after parsing attributes in process `syz.5.10069'. [ 834.663653][ T2968] netlink: 3 bytes leftover after parsing attributes in process `syz.5.10069'. [ 835.094810][ T2990] netlink: 'syz.3.10075': attribute type 13 has an invalid length. [ 835.540383][ T2990] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 835.633297][ T3017] netlink: 52 bytes leftover after parsing attributes in process `syz.2.10084'. [ 835.642594][ T3017] netlink: 52 bytes leftover after parsing attributes in process `syz.2.10084'. [ 835.805314][ T3017] netlink: 52 bytes leftover after parsing attributes in process `syz.2.10084'. [ 836.404592][ T24] usb 6-1: new high-speed USB device number 51 using dummy_hcd [ 836.595740][ T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 836.636669][ T24] usb 6-1: config 0 interface 0 has no altsetting 0 [ 836.658609][ T24] usb 6-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 836.679469][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 836.723471][ T24] usb 6-1: Product: syz [ 836.727749][ T24] usb 6-1: Manufacturer: syz [ 836.783290][ T24] usb 6-1: SerialNumber: syz [ 836.816912][ T24] usb 6-1: config 0 descriptor?? [ 836.829015][ T24] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 836.879318][ T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 836.943252][ T24] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 836.952031][ T24] usb 6-1: media controller created [ 837.088394][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 837.336604][ T3109] loop6: detected capacity change from 0 to 2048 [ 837.347494][ T24] DVB: Unable to find symbol tda10046_attach() [ 837.382332][ T24] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 837.419391][ T3109] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 837.435162][ T24] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 837.603115][ T5887] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 837.686616][ T24] dvb_usb_m920x 6-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 837.751063][ T24] usb 6-1: USB disconnect, device number 51 [ 837.812918][ T5887] usb 4-1: Using ep0 maxpacket: 32 [ 837.847375][ T5887] usb 4-1: unable to get BOS descriptor or descriptor too short [ 837.876695][ T5887] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 837.908877][ T5887] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 837.939135][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 837.983467][ T5887] usb 4-1: Product: syz [ 837.987688][ T5887] usb 4-1: Manufacturer: syz [ 838.008058][ T5887] usb 4-1: SerialNumber: syz [ 838.273581][ T5887] usb 4-1: Invalid number of CPorts: 0 [ 838.279110][ T5887] es2_ap_driver 4-1:7.0: probe with driver es2_ap_driver failed with error -22 [ 838.486231][ T24] usb 4-1: USB disconnect, device number 50 [ 838.493409][ T30] audit: type=1326 audit(2000000414.929:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3180 comm="syz.5.10131" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f16f138e969 code=0x0 [ 838.521814][ T3189] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 838.856062][ T3209] netlink: 292 bytes leftover after parsing attributes in process `syz.4.10138'. [ 839.065046][ T3220] netlink: 132 bytes leftover after parsing attributes in process `syz.4.10144'. [ 839.195381][ T3230] loop1: detected capacity change from 0 to 64 [ 839.347766][ T30] audit: type=1800 audit(2000000415.799:348): pid=3230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.10146" name="file1" dev="loop1" ino=18 res=0 errno=0 [ 839.644360][ T3252] loop5: detected capacity change from 0 to 256 [ 839.694460][ T3252] exfat: Deprecated parameter 'namecase' [ 839.767830][ T3263] netlink: 'syz.6.10157': attribute type 1 has an invalid length. [ 839.777893][ T3263] netlink: 'syz.6.10157': attribute type 2 has an invalid length. [ 839.786569][ T3263] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10157'. [ 839.812144][ T3252] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 840.066932][ T3275] loop6: detected capacity change from 0 to 256 [ 840.172577][ T3275] FAT-fs (loop6): error, fat_free: invalid cluster chain (i_pos 198) [ 840.217465][ T3275] FAT-fs (loop6): Filesystem has been set read-only [ 840.313259][ T24] usb 2-1: new full-speed USB device number 50 using dummy_hcd [ 840.499855][ T24] usb 2-1: config 0 has an invalid interface number: 120 but max is 0 [ 840.522789][ T24] usb 2-1: config 0 has no interface number 0 [ 840.549373][ T24] usb 2-1: config 0 interface 120 altsetting 0 endpoint 0x2 has invalid maxpacket 6400, setting to 64 [ 840.582286][ T3312] netlink: 32 bytes leftover after parsing attributes in process `syz.4.10173'. [ 840.622972][ T3312] netlink: 32 bytes leftover after parsing attributes in process `syz.4.10173'. [ 840.626402][ T24] usb 2-1: config 0 interface 120 altsetting 0 endpoint 0xC has invalid maxpacket 65535, setting to 64 [ 840.675625][ T24] usb 2-1: New USB device found, idVendor=e828, idProduct=cea8, bcdDevice=50.03 [ 840.685920][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 840.722808][ T24] usb 2-1: Product: syz [ 840.732220][ T24] usb 2-1: Manufacturer: syz [ 840.769839][ T24] usb 2-1: SerialNumber: syz [ 840.791107][ T3319] syz.3.10176: attempt to access beyond end of device [ 840.791107][ T3319] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 840.815763][ T24] usb 2-1: config 0 descriptor?? [ 840.823078][ T3280] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 840.830823][ T3280] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 840.874848][ T3319] (syz.3.10176,3319,1):ocfs2_get_sector:1714 ERROR: status = -5 [ 840.903140][ T3319] (syz.3.10176,3319,1):ocfs2_sb_probe:753 ERROR: status = -5 [ 840.951614][ T3319] (syz.3.10176,3319,1):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 840.993184][ T3319] (syz.3.10176,3319,0):ocfs2_fill_super:1177 ERROR: status = -5 [ 841.095986][ T24] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 841.132922][ T24] usb 2-1: MIDIStreaming interface descriptor not found [ 841.335375][ T24] usb 2-1: USB disconnect, device number 50 [ 841.357728][ T3360] netlink: 'syz.5.10186': attribute type 10 has an invalid length. [ 841.402576][ T3365] kAFS: No cell specified [ 841.440509][ T3360] bridge0: port 2(bridge_slave_1) entered disabled state [ 841.447858][ T3360] bridge0: port 1(bridge_slave_0) entered disabled state [ 841.542102][ T6281] udevd[6281]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.120/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 841.574780][ T3360] bridge0: port 2(bridge_slave_1) entered blocking state [ 841.582077][ T3360] bridge0: port 2(bridge_slave_1) entered listening state [ 841.589601][ T3360] bridge0: port 1(bridge_slave_0) entered blocking state [ 841.596822][ T3360] bridge0: port 1(bridge_slave_0) entered listening state [ 841.614767][ T3375] loop2: detected capacity change from 0 to 1764 [ 841.675576][ T3375] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 841.749307][ T3360] : (slave bridge0): Enslaving as an active interface with an up link [ 841.797586][ T3392] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 841.806197][ T3392] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 842.703285][ T3451] loop2: detected capacity change from 0 to 8 [ 842.733749][ T3451] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 843.129609][ T30] audit: type=1326 audit(2000000419.589:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3475 comm="syz.4.10216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29bbb8e969 code=0x7ffc0000 [ 843.223065][ T30] audit: type=1326 audit(2000000419.609:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3475 comm="syz.4.10216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29bbb8e969 code=0x7ffc0000 [ 843.312235][ T30] audit: type=1326 audit(2000000419.619:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3475 comm="syz.4.10216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7f29bbb8e969 code=0x7ffc0000 [ 843.360352][ T30] audit: type=1326 audit(2000000419.619:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3475 comm="syz.4.10216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29bbb8e969 code=0x7ffc0000 [ 843.461806][ T3487] loop5: detected capacity change from 0 to 2048 [ 843.583038][ T3498] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 843.679742][ T3432] infiniband syz1: set down [ 843.684512][ T3432] infiniband syz1: added ipvlan0 [ 843.743862][ T3432] syz1: rxe_create_cq: returned err = -12 [ 843.749706][ T3432] infiniband syz1: Couldn't create ib_mad CQ [ 843.763166][ T3505] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10225'. [ 843.785560][ T3432] infiniband syz1: Couldn't open port 1 [ 843.936112][ T3432] RDS/IB: syz1: added [ 843.952859][ T3432] smc: adding ib device syz1 with port count 1 [ 843.959104][ T3432] smc: ib device syz1 port 1 has pnetid [ 844.033645][ T3519] delete_channel: no stack [ 844.546071][ T3540] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 844.761847][ T3492] loop4: detected capacity change from 0 to 32768 [ 844.803076][ T3492] (syz.4.10222,3492,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 844.853893][ T3492] (syz.4.10222,3492,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 844.913358][T31063] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 844.994594][ T3492] JBD2: Ignoring recovery information on journal [ 845.073840][T31063] usb 3-1: Using ep0 maxpacket: 16 [ 845.123185][T31063] usb 3-1: config 0 has an invalid interface number: 105 but max is 0 [ 845.131411][T31063] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 845.193034][T31063] usb 3-1: config 0 has no interface number 0 [ 845.201324][ T3492] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 845.234836][T31063] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 845.263221][T31063] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 845.293486][T31063] usb 3-1: Product: syz [ 845.297801][T31063] usb 3-1: Manufacturer: syz [ 845.302441][T31063] usb 3-1: SerialNumber: syz [ 845.344571][T31063] usb 3-1: config 0 descriptor?? [ 845.389230][T31063] usb 3-1: Found UVC 0.00 device syz (046d:08f3) [ 845.407163][T31063] usb 3-1: No valid video chain found. [ 845.508489][ T5828] ocfs2: Unmounting device (7,4) on (node local) [ 845.609285][ T24] usb 3-1: USB disconnect, device number 32 [ 845.753034][ T3591] netlink: 52 bytes leftover after parsing attributes in process `syz.1.10249'. [ 845.817739][ T3556] loop5: detected capacity change from 0 to 32768 [ 846.183461][ T3602] netlink: 'syz.4.10248': attribute type 1 has an invalid length. [ 846.191456][ T3602] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.10248'. [ 846.800053][ T3630] sctp: [Deprecated]: syz.2.10262 (pid 3630) Use of int in max_burst socket option. [ 846.800053][ T3630] Use struct sctp_assoc_value instead [ 847.408214][ T30] audit: type=1400 audit(2000000423.859:353): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AA009F5D15F47DB2D pid=3651 comm="syz.3.10270" [ 847.524735][ T3662] loop5: detected capacity change from 0 to 64 [ 847.811180][ T3672] bridge0: port 3(veth0_to_bridge) entered disabled state [ 847.976050][ T3685] x_tables: unsorted underflow at hook 2 [ 848.607291][ T3712] syz.3.10290 (3712): drop_caches: 0 [ 849.287928][ T3689] loop4: detected capacity change from 0 to 32768 [ 849.314978][ T3735] xt_TPROXY: Can be used only with -p tcp or -p udp [ 849.322272][ T3689] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.10283 (3689) [ 849.366790][ T3689] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 849.394044][ T3689] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 849.437073][ T3689] BTRFS info (device loop4): using free-space-tree [ 849.493870][ T3699] loop5: detected capacity change from 0 to 32768 [ 849.521464][ T3699] (syz.5.10286,3699,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 849.584157][ T3699] (syz.5.10286,3699,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 849.747136][ T3699] JBD2: Ignoring recovery information on journal [ 849.951686][ T3699] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 849.965785][ T5828] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 850.019204][ T3699] (syz.5.10286,3699,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC. [ 850.390866][ T3699] (syz.5.10286,3699,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x1cec3d0f, computed 0xd2ffbdfe. Applying ECC. [ 850.558072][ T3699] (syz.5.10286,3699,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xdf8356d3, computed 0xb8c23ae4. Applying ECC. [ 850.598759][ T3802] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10314'. [ 850.603051][ T3699] (syz.5.10286,3699,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xdf8356d3, computed 0x2acb7e3c [ 850.642980][ T3699] (syz.5.10286,3699,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 850.678484][ T3699] (syz.5.10286,3699,1):ocfs2_quota_read:201 ERROR: status = -5 [ 850.729181][ T3699] Quota error (device loop5): find_block_dqentry: Can't read quota tree block 6 [ 850.786789][ T3699] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 850.816916][ T3699] (syz.5.10286,3699,1):ocfs2_acquire_dquot:890 ERROR: status = -5 [ 850.874385][ T3699] (syz.5.10286,3699,1):ocfs2_mknod:314 ERROR: status = -5 [ 850.914393][ T3699] (syz.5.10286,3699,1):ocfs2_mknod:502 ERROR: status = -5 [ 850.974867][ T3699] (syz.5.10286,3699,1):ocfs2_mkdir:658 ERROR: status = -5 [ 851.422857][ T5821] ocfs2: Unmounting device (7,5) on (node local) [ 852.322938][T31063] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 852.504210][T31063] usb 7-1: Using ep0 maxpacket: 8 [ 852.529716][T31063] usb 7-1: config 0 has an invalid interface number: 52 but max is 0 [ 852.542773][T31063] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 852.590738][T31063] usb 7-1: config 0 has no interface number 0 [ 852.634064][T31063] usb 7-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 852.690374][T31063] usb 7-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 852.727292][T31063] usb 7-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 852.766997][T31063] usb 7-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 852.793106][ T3907] loop1: detected capacity change from 0 to 512 [ 852.841733][T31063] usb 7-1: config 0 interface 52 has no altsetting 0 [ 852.868486][ T3907] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002] [ 852.887081][T31063] usb 7-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 852.921392][ T3907] System zones: 0-2, 18-18, 34-34 [ 852.932798][T31063] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 853.038496][ T3907] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.10348: bg 0: block 248: padding at end of block bitmap is not set [ 853.065587][T31063] usb 7-1: config 0 descriptor?? [ 853.092314][ T3907] Quota error (device loop1): write_blk: dquota write failed [ 853.117735][ T3907] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 853.172869][ T3907] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.10348: Failed to acquire dquot type 1 [ 853.222145][ T3907] EXT4-fs (loop1): 1 truncate cleaned up [ 853.226038][ T24] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 853.270729][ T3907] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 853.321177][T31063] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.52/input/input43 [ 853.329115][ T3907] ext4 filesystem being mounted at /1738/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 853.422894][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 853.456485][ T24] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 853.511843][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 853.576390][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 853.595130][T28863] usb 7-1: USB disconnect, device number 25 [ 853.626838][T13345] synaptics_usb 7-1:0.52: synusb_open - usb_submit_urb failed, error: -19 [ 853.668227][ T24] usb 5-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 853.679084][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 853.688541][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 853.688866][ T24] usb 5-1: Product: syz [ 853.713498][ T24] usb 5-1: Manufacturer: syz [ 853.718238][ T24] usb 5-1: SerialNumber: syz [ 853.777516][ T24] usb 5-1: config 0 descriptor?? [ 854.044694][ T3989] loop2: detected capacity change from 0 to 256 [ 854.096024][ T24] appledisplay: Apple Cinema Display connected [ 854.163353][ T3989] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18bdb, utbl_chksum : 0xe619d30d) [ 854.360340][ T30] audit: type=1326 audit(2000000430.819:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4001 comm="syz.6.10370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd80338e969 code=0x7ffc0000 [ 854.487864][ T5826] usb 5-1: USB disconnect, device number 44 [ 854.487915][ C1] usb 5-1: appledisplay_complete - usb_submit_urb failed with result -19 [ 854.509461][ T30] audit: type=1326 audit(2000000430.819:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4001 comm="syz.6.10370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd80338e969 code=0x7ffc0000 [ 854.566260][ T5826] appledisplay: Apple Cinema Display disconnected [ 854.597379][ T30] audit: type=1326 audit(2000000430.849:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4001 comm="syz.6.10370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7fd80338e969 code=0x7ffc0000 [ 854.680743][ T30] audit: type=1326 audit(2000000430.849:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4001 comm="syz.6.10370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd80338e969 code=0x7ffc0000 [ 854.800659][ T24] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 854.982889][ T4042] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10379'. [ 855.003265][ T24] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 855.012415][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 855.036117][ T4042] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10379'. [ 855.046416][ T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 855.057627][ T4042] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10379'. [ 855.067190][ T24] usb 2-1: config 1 has no interface number 0 [ 855.078690][ T24] usb 2-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 855.123072][ T24] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 855.201112][ T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 855.243002][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 855.251089][ T24] usb 2-1: Product: syz [ 855.296188][ T24] usb 2-1: Manufacturer: syz [ 855.300853][ T24] usb 2-1: SerialNumber: syz [ 855.327466][ T30] audit: type=1326 audit(2000000431.789:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4059 comm="syz.5.10386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16f138e969 code=0x7ffc0000 [ 855.426369][ T30] audit: type=1326 audit(2000000431.819:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4059 comm="syz.5.10386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16f138e969 code=0x7ffc0000 [ 855.521957][ T30] audit: type=1326 audit(2000000431.839:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4059 comm="syz.5.10386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f16f138e969 code=0x7ffc0000 [ 855.630087][ T30] audit: type=1326 audit(2000000431.839:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4059 comm="syz.5.10386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16f138e969 code=0x7ffc0000 [ 855.672595][ T24] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 855.758927][ T24] usb 2-1: USB disconnect, device number 51 [ 856.665259][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 856.673654][ C0] bridge0: port 2(bridge_slave_1) entered learning state [ 857.138018][ T4166] netlink: 'syz.4.10418': attribute type 10 has an invalid length. [ 857.146905][ T4166] netlink: 40 bytes leftover after parsing attributes in process `syz.4.10418'. [ 857.300405][ T4161] netlink: 'syz.3.10417': attribute type 4 has an invalid length. [ 857.313450][ T4166] batman_adv: batadv0: Adding interface: vlan1 [ 857.320556][ T4166] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 857.397571][ T4166] batman_adv: batadv0: Interface activated: vlan1 [ 857.728834][ T4190] openvswitch: netlink: Message has -1 unknown bytes. [ 858.036684][ T4208] loop4: detected capacity change from 0 to 256 [ 858.113998][ T4208] exfat: Deprecated parameter 'namecase' [ 858.200114][ T4208] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 858.335493][ T4225] netlink: 12 bytes leftover after parsing attributes in process `syz.6.10439'. [ 858.349725][ T4227] netlink: 'syz.1.10438': attribute type 10 has an invalid length. [ 858.367172][ T4227] bridge0: port 2(bridge_slave_1) entered disabled state [ 858.374690][ T4227] bridge0: port 1(bridge_slave_0) entered disabled state [ 858.491982][ T4227] bridge0: port 2(bridge_slave_1) entered blocking state [ 858.499574][ T4227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 858.507350][ T4227] bridge0: port 1(bridge_slave_0) entered blocking state [ 858.514585][ T4227] bridge0: port 1(bridge_slave_0) entered forwarding state [ 858.616381][ T4227] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 858.895104][ T4255] loop2: detected capacity change from 0 to 16 [ 859.029748][ T4255] erofs (device loop2): mounted with root inode @ nid 36. [ 859.160600][ T4268] ieee802154 phy0 wpan0: encryption failed: -90 [ 859.283335][ T4276] loop1: detected capacity change from 0 to 256 [ 859.314335][ T4276] exfat: Deprecated parameter 'namecase' [ 859.320145][ T4276] exfat: Deprecated parameter 'utf8' [ 859.401426][ T4276] exfat: Deprecated parameter 'namecase' [ 859.429847][ T4276] exfat: Deprecated parameter 'utf8' [ 859.498829][ T4276] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 859.590472][ T4276] exFAT-fs (loop1): start_clu is invalid cluster(0x400) [ 859.874263][ T4243] loop4: detected capacity change from 0 to 32768 [ 859.928542][ T4243] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.10442 (4243) [ 859.973292][ T4312] netlink: 'syz.2.10466': attribute type 2 has an invalid length. [ 859.999525][ T4243] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 860.025756][ T4302] Process accounting resumed [ 860.053015][ T4243] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 860.062504][ T4243] BTRFS info (device loop4): using free-space-tree [ 860.254062][ T4333] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 860.500416][ T4351] netlink: 'syz.2.10475': attribute type 1 has an invalid length. [ 860.513174][ T4350] netlink: 72 bytes leftover after parsing attributes in process `syz.6.10474'. [ 861.002123][ T5828] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 861.308549][ T4380] loop5: detected capacity change from 0 to 4096 [ 861.359157][ T4380] ntfs3(loop5): Different NTFS sector size (2048) and media sector size (512). [ 861.557800][ T4401] loop6: detected capacity change from 0 to 512 [ 861.629480][ T4401] EXT4-fs error (device loop6): ext4_orphan_get:1417: comm syz.6.10490: bad orphan inode 15 [ 861.782894][ T4401] ext4_test_bit(bit=14, block=5) = 0 [ 861.784756][ T4401] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 861.829493][ T4401] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7987 vs 220 free clusters [ 861.841005][ T4401] EXT4-fs error (device loop6): ext4_free_inode:354: comm syz.6.10490: bit already cleared for inode 13 [ 862.008877][T14640] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 864.023019][ T5826] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 864.212857][ T5826] usb 6-1: Using ep0 maxpacket: 16 [ 864.243316][ T5826] usb 6-1: config 1 has an invalid descriptor of length 78, skipping remainder of the config [ 864.276478][ T5826] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 864.300806][ T5826] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 864.324639][ T5826] usb 6-1: SerialNumber: syz [ 864.354710][ T4552] loop2: detected capacity change from 0 to 8 [ 864.386837][ T5826] cdc_acm 6-1:1.0: invalid descriptor buffer length [ 864.404261][ T5826] cdc_acm 6-1:1.0: Control and data interfaces are not separated! [ 864.420125][ T5826] cdc_acm 6-1:1.0: This needs exactly 3 endpoints [ 864.433318][T31063] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 864.441036][ T5826] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -22 [ 864.583173][ T5826] usb 6-1: USB disconnect, device number 52 [ 864.602671][T31063] usb 2-1: Using ep0 maxpacket: 8 [ 864.612683][T31063] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 864.620897][T31063] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 864.642867][T31063] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 864.655318][T31063] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 864.703128][T31063] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 864.730742][T31063] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 864.757533][T31063] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 864.776755][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 864.776775][ T30] audit: type=1326 audit(2000000441.239:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4613 comm="syz.2.10542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778958e969 code=0x7ffc0000 [ 864.845714][ T30] audit: type=1326 audit(2000000441.239:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4613 comm="syz.2.10542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f778958e969 code=0x7ffc0000 [ 864.999101][ T4625] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 865.030610][ T4625] overlayfs: conflicting options: userxattr,redirect_dir=on [ 865.082346][ T4627] netlink: 16 bytes leftover after parsing attributes in process `syz.2.10546'. [ 865.114454][ T4627] netlink: 16 bytes leftover after parsing attributes in process `syz.2.10546'. [ 865.163140][ T4627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10546'. [ 865.245541][T31063] usb 2-1: USB disconnect, device number 52 [ 865.317067][ T4640] netlink: 5120 bytes leftover after parsing attributes in process `syz.5.10549'. [ 865.677153][ T4658] netlink: 'syz.2.10552': attribute type 11 has an invalid length. [ 865.729874][ T4658] netlink: 140 bytes leftover after parsing attributes in process `syz.2.10552'. [ 866.744902][ T24] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 866.847883][ T30] audit: type=1326 audit(2000000443.309:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4717 comm="syz.1.10573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ec798e969 code=0x7ffc0000 [ 866.922754][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 866.932306][ T30] audit: type=1326 audit(2000000443.359:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4717 comm="syz.1.10573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f7ec798e969 code=0x7ffc0000 [ 866.960680][ T30] audit: type=1326 audit(2000000443.359:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4717 comm="syz.1.10573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ec798e969 code=0x7ffc0000 [ 867.009756][ T24] usb 4-1: config 1 has an invalid descriptor of length 93, skipping remainder of the config [ 867.055813][ T4678] loop4: detected capacity change from 0 to 32768 [ 867.062958][ T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 867.072040][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 867.102744][ T30] audit: type=1326 audit(2000000443.359:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4717 comm="syz.1.10573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ec798e969 code=0x7ffc0000 [ 867.109493][ T4678] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.10560 (4678) [ 867.138512][ T24] usb 4-1: Product: syz [ 867.138540][ T24] usb 4-1: Manufacturer: syz [ 867.138560][ T24] usb 4-1: SerialNumber: syz [ 867.149455][ T24] cdc_ether 4-1:1.0: skipping garbage [ 867.213633][ T24] usb 4-1: bad CDC descriptors [ 867.314088][ T4678] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 867.353317][ T24] usb 4-1: USB disconnect, device number 51 [ 867.371473][ T4678] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 867.432871][ T4678] BTRFS info (device loop4): using free-space-tree [ 867.495643][ T4756] netlink: 'syz.5.10580': attribute type 13 has an invalid length. [ 867.671450][ T4678] BTRFS info (device loop4): rebuilding free space tree [ 867.706773][ T4775] loop2: detected capacity change from 0 to 8 [ 867.757780][ T4775] squashfs image failed sanity check [ 867.773435][ T4778] cgroup: name respecified [ 867.892062][ T4678] BTRFS info (device loop4): balance: start -f -susage=12582909,drange=33235..8,limit=9..0 [ 867.892529][ T4785] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10585'. [ 867.952866][ T4678] BTRFS info (device loop4): balance: ended with status: 0 [ 868.179500][ T5828] BTRFS info (device loop4): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 868.302855][ T4806] delete_channel: no stack [ 868.616812][ T4825] netlink: 'syz.6.10597': attribute type 2 has an invalid length. [ 868.868090][ T4837] loop2: detected capacity change from 0 to 16 [ 868.959824][ T4837] erofs (device loop2): mounted with root inode @ nid 36. [ 869.115653][ T4851] netlink: 40 bytes leftover after parsing attributes in process `syz.5.10605'. [ 869.289304][ T4853] veth7: entered allmulticast mode [ 869.493612][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 869.500459][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 869.690529][ T4889] loop1: detected capacity change from 0 to 2048 [ 869.825262][ T4889] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 870.438088][ T4934] cgroup: name respecified [ 870.639499][ T4944] loop4: detected capacity change from 0 to 512 [ 870.683315][ T4944] EXT4-fs: Ignoring removed orlov option [ 870.785638][ T4944] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 870.847489][ T4944] EXT4-fs (loop4): orphan cleanup on readonly fs [ 870.986552][ T4944] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.10632: bg 0: block 248: padding at end of block bitmap is not set [ 871.059980][ T4944] Quota error (device loop4): write_blk: dquota write failed [ 871.112953][ T4944] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 871.151948][ T4944] EXT4-fs error (device loop4): ext4_acquire_dquot:6935: comm syz.4.10632: Failed to acquire dquot type 1 [ 871.203482][ T4944] EXT4-fs (loop4): 1 truncate cleaned up [ 871.249415][ T4944] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 871.319390][ T4982] netlink: 72 bytes leftover after parsing attributes in process `syz.2.10644'. [ 871.369412][ T4982] netlink: 72 bytes leftover after parsing attributes in process `syz.2.10644'. [ 871.412503][ T4944] EXT4-fs: Ignoring removed orlov option [ 871.451995][ T4944] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 871.561805][ T4944] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 871.592423][ T4999] loop1: detected capacity change from 0 to 128 [ 871.606986][ T4944] EXT4-fs warning (device loop4): read_mmp_block:115: Error -117 while reading MMP block 0 [ 871.710314][ T5004] xt_hashlimit: size too large, truncated to 1048576 [ 871.725221][ T5004] xt_hashlimit: max too large, truncated to 1048576 [ 871.849809][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 871.859968][ T5004] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 871.982873][T31063] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 872.032741][ C0] bridge0: port 2(bridge_slave_1) entered forwarding state [ 872.038841][ T5022] netlink: 176 bytes leftover after parsing attributes in process `syz.3.10657'. [ 872.040014][ C0] bridge0: topology change detected, propagating [ 872.056073][ C0] bridge0: port 1(bridge_slave_0) entered forwarding state [ 872.063357][ C0] bridge0: topology change detected, propagating [ 872.177293][T31063] usb 2-1: config 49 has too many interfaces: 48, using maximum allowed: 32 [ 872.223753][ T5032] TCP: TCP_TX_DELAY enabled [ 872.235065][T31063] usb 2-1: config 49 descriptor has 1 excess byte, ignoring [ 872.242405][T31063] usb 2-1: config 49 has 0 interfaces, different from the descriptor's value: 48 [ 872.311826][T31063] usb 2-1: New USB device found, idVendor=04d9, idProduct=a072, bcdDevice= 0.00 [ 872.346100][T31063] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 872.503096][T19173] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 872.595766][T31063] usb 2-1: string descriptor 0 read error: -71 [ 872.657387][T31063] usb 2-1: USB disconnect, device number 53 [ 872.688109][T19173] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 872.744812][T19173] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 872.780823][T19173] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 872.824946][T19173] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 872.840629][T19173] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 872.877112][ T5034] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 873.185368][ T5079] loop6: detected capacity change from 0 to 4096 [ 873.246468][ T5079] ntfs3(loop6): Different NTFS sector size (4096) and media sector size (512). [ 873.316743][T19173] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 873.373392][T19173] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input47 [ 873.470731][ T5079] ntfs3(loop6): ino=19, mi_enum_attr [ 873.479509][T19173] usb 3-1: USB disconnect, device number 33 [ 873.485658][ C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 873.512481][ T5079] ntfs3(loop6): Mark volume as dirty due to NTFS errors [ 873.600898][ T5079] 9pnet_fd: p9_fd_create_unix (5079): problem connecting socket: ./file0: -1 [ 874.018221][ T5140] loop6: detected capacity change from 0 to 64 [ 874.672779][T19173] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 874.843176][T19173] usb 5-1: Using ep0 maxpacket: 32 [ 874.855581][T19173] usb 5-1: config 2 has an invalid interface number: 16 but max is 0 [ 874.868782][ T5196] netlink: 'syz.2.10698': attribute type 11 has an invalid length. [ 874.885321][ T5190] nvme_fabrics: missing parameter 'transport=%s' [ 874.892307][ T5190] nvme_fabrics: missing parameter 'nqn=%s' [ 874.908935][T19173] usb 5-1: config 2 has no interface number 0 [ 874.920205][T19173] usb 5-1: config 2 interface 16 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 874.962488][T19173] usb 5-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d [ 875.000212][T19173] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 875.043396][T19173] usb 5-1: Product: syz [ 875.047628][T19173] usb 5-1: Manufacturer: syz [ 875.084533][T19173] usb 5-1: SerialNumber: syz [ 875.122375][ T5168] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 875.179935][T19173] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 875.299362][ T5142] loop5: detected capacity change from 0 to 32768 [ 875.351467][ T5142] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.10685 (5142) [ 875.448213][ T5142] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 875.499480][ T5142] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm [ 875.520236][T19173] usb 5-1: USB disconnect, device number 45 [ 875.565906][ T5142] BTRFS info (device loop5): using free-space-tree [ 875.706022][T21761] udevd[21761]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:2.16/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 876.165686][ T5821] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 876.435574][ T5300] loop1: detected capacity change from 0 to 64 [ 876.566072][ T5311] kAFS: No cell specified [ 876.571094][ T5313] Invalid source name [ 876.893302][ T5328] netlink: 36 bytes leftover after parsing attributes in process `syz.4.10730'. [ 878.186234][ T5383] netlink: 124 bytes leftover after parsing attributes in process `syz.6.10747'. [ 878.197405][ T5375] loop1: detected capacity change from 0 to 4096 [ 879.595337][ T5452] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10768'. [ 879.662062][ T5452] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10768'. [ 879.672354][ T30] audit: type=1326 audit(2000000456.129:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5455 comm="syz.4.10769" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29bbb8e969 code=0x0 [ 879.710899][ T5452] netlink: 2 bytes leftover after parsing attributes in process `syz.6.10768'. [ 879.812445][ T5466] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10772'. [ 879.824055][ T5466] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 879.831689][ T5466] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 879.845593][ T5461] bridge3: the hash_elasticity option has been deprecated and is always 16 [ 880.356696][ T5497] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10778'. [ 880.536274][ T5510] netlink: 20 bytes leftover after parsing attributes in process `syz.4.10784'. [ 880.635828][ T5514] netlink: 56 bytes leftover after parsing attributes in process `syz.1.10786'. [ 881.692745][ T30] audit: type=1326 audit(2000000458.139:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5578 comm="syz.3.10807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5910b8e969 code=0x7ffc0000 [ 881.815156][ T30] audit: type=1326 audit(2000000458.139:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5578 comm="syz.3.10807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5910b8e969 code=0x7ffc0000 [ 881.823366][ T5585] loop6: detected capacity change from 0 to 128 [ 881.934769][ T30] audit: type=1326 audit(2000000458.169:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5578 comm="syz.3.10807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7f5910b8e969 code=0x7ffc0000 [ 881.993661][T31063] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 882.017483][ T30] audit: type=1326 audit(2000000458.169:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5578 comm="syz.3.10807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5910b8e969 code=0x7ffc0000 [ 882.052655][ T30] audit: type=1326 audit(2000000458.169:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5578 comm="syz.3.10807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5910b8e969 code=0x7ffc0000 [ 882.215153][T31063] usb 5-1: config 0 has an invalid interface number: 58 but max is 0 [ 882.232734][T31063] usb 5-1: config 0 has no interface number 0 [ 882.239181][ T5610] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 882.283363][T31063] usb 5-1: config 0 interface 58 altsetting 0 endpoint 0xE has invalid maxpacket 1023, setting to 64 [ 882.322395][T31063] usb 5-1: New USB device found, idVendor=085a, idProduct=0008, bcdDevice=7f.81 [ 882.332032][T31063] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 882.382768][T31063] usb 5-1: Product: syz [ 882.390684][T31063] usb 5-1: Manufacturer: syz [ 882.411848][T31063] usb 5-1: SerialNumber: syz [ 882.450403][T31063] usb 5-1: config 0 descriptor?? [ 882.546466][ T5627] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 882.781343][T31063] kaweth 5-1:0.58: Firmware present in device. [ 882.871028][ T5648] loop6: detected capacity change from 0 to 128 [ 882.939083][T31063] kaweth 5-1:0.58: Error reading configuration (-71), no net device created [ 882.953128][T31063] kaweth 5-1:0.58: probe with driver kaweth failed with error -5 [ 882.972203][ T5648] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100) [ 882.992932][T31063] usb 5-1: USB disconnect, device number 46 [ 883.042585][ T5648] FAT-fs (loop6): Filesystem has been set read-only [ 883.049835][ T5648] syz.6.10828: attempt to access beyond end of device [ 883.049835][ T5648] loop6: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 883.069520][ T30] audit: type=1326 audit(2000000459.529:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5665 comm="syz.2.10831" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f778958e969 code=0x0 [ 883.142366][ T5648] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100) [ 883.172820][ T5648] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100) [ 883.258715][ T5648] syz.6.10828: attempt to access beyond end of device [ 883.258715][ T5648] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 883.302941][ T30] audit: type=1800 audit(2000000459.759:379): pid=5648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.10828" name="file2" dev="loop6" ino=1048688 res=0 errno=0 [ 883.565448][ T5695] loop6: detected capacity change from 0 to 16 [ 883.611368][ T5695] erofs (device loop6): mounted with root inode @ nid 36. [ 883.632775][ T24] usb 2-1: new full-speed USB device number 54 using dummy_hcd [ 883.664875][ T5701] loop4: detected capacity change from 0 to 16 [ 883.717410][ T5701] erofs (device loop4): mounted with root inode @ nid 36. [ 883.838468][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 883.889798][ T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 883.922729][ T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 27763, setting to 64 [ 884.005843][ T24] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 884.036739][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 884.083368][ T5681] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 884.115810][ T24] hub 2-1:1.0: bad descriptor, ignoring hub [ 884.142053][ T24] hub 2-1:1.0: probe with driver hub failed with error -5 [ 884.173505][ T24] cdc_wdm 2-1:1.0: skipping garbage [ 884.173535][ T5728] cgroup: Unexpected value for 'cpuset_v2_mode' [ 884.203343][ T24] cdc_wdm 2-1:1.0: skipping garbage [ 884.246631][ T24] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 884.282771][ T24] cdc_wdm 2-1:1.0: Unknown control protocol [ 884.379926][ T24] usb 2-1: USB disconnect, device number 54 [ 884.768463][ T5771] IPv6: Can't replace route, no match found [ 884.800313][ T5776] loop5: detected capacity change from 0 to 16 [ 884.859691][ T5776] erofs (device loop5): mounted with root inode @ nid 36. [ 885.443178][ T5802] cgroup: No subsys list or none specified [ 885.703012][ T5810] loop1: detected capacity change from 0 to 1024 [ 885.755472][ T5825] loop4: detected capacity change from 0 to 128 [ 885.780746][ T5810] hfsplus: extend alloc file! (16384,256,150995124) [ 885.791319][ T5767] loop2: detected capacity change from 0 to 32768 [ 885.804965][ T5767] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.10857 (5767) [ 885.825994][ T5825] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 885.841147][ T5767] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 885.860613][ T5767] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 885.871191][ T5825] ext4 filesystem being mounted at /1811/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 885.871231][ T5767] BTRFS info (device loop2): disk space caching is enabled [ 885.891493][ T5767] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 886.179306][ T5767] BTRFS info (device loop2): rebuilding free space tree [ 886.289708][ T5828] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 886.323363][ T5767] BTRFS info (device loop2): disabling free space tree [ 886.330358][ T5767] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 886.353351][ T5767] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 886.495090][ T5903] MPI: mpi too large (107144 bits) [ 886.645032][ T5767] BTRFS info (device loop2): balance: start -susage=34359738372,drange=7..526336,limit=4294967295..2147483647 [ 886.716608][ T5767] BTRFS info (device loop2): balance: ended with status: 0 [ 887.026064][ T5827] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 887.465050][ T5945] netlink: 'syz.1.10892': attribute type 10 has an invalid length. [ 887.521744][ T5945] macvlan0: entered promiscuous mode [ 887.546645][ T5945] macvlan0: entered allmulticast mode [ 887.578298][ T5954] rdma_rxe: rxe_newlink: failed to add lo [ 887.585865][ T5945] veth1_vlan: entered allmulticast mode [ 887.629447][ T5945] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 888.396396][ T5973] loop2: detected capacity change from 0 to 4096 [ 888.402542][ T5984] loop1: detected capacity change from 0 to 1024 [ 888.460222][ T5973] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 888.525165][ T5984] overlay: filesystem on ./file0 not supported [ 888.662340][ T5973] ntfs3(loop2): ino=19, mi_enum_attr [ 888.680158][ T5973] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 888.740640][ T5973] ntfs3(loop2): failed to convert "c46c" to cp932 [ 888.760510][ T3409] hfsplus: b-tree write err: -5, ino 4 [ 888.778516][ T5973] ntfs3(loop2): ino=20, mi_enum_attr [ 888.976995][ T6007] tmpfs: Bad value for 'mpol' [ 889.290107][ T6025] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 889.359651][ T6025] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 889.825746][ T6058] loop6: detected capacity change from 0 to 512 [ 889.902820][ T6058] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 889.934219][ T24] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 889.970426][ T6058] EXT4-fs (loop6): Remounting filesystem read-only [ 890.015233][ T6058] EXT4-fs (loop6): 1 truncate cleaned up [ 890.061307][ T6058] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 890.083264][T31063] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 890.102925][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 890.119238][ T24] usb 5-1: unable to get BOS descriptor or descriptor too short [ 890.137482][ T24] usb 5-1: config 2 has an invalid interface number: 22 but max is 0 [ 890.177242][ T24] usb 5-1: config 2 has no interface number 0 [ 890.193873][ T24] usb 5-1: config 2 interface 22 has no altsetting 0 [ 890.254761][ T24] usb 5-1: New USB device found, idVendor=0451, idProduct=5416, bcdDevice= 1.00 [ 890.284372][T31063] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 890.294771][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 890.308854][ T24] usb 5-1: Product: syz [ 890.314985][T31063] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 890.328664][ T24] usb 5-1: Manufacturer: syz [ 890.342740][ T24] usb 5-1: SerialNumber: syz [ 890.350751][T31063] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 890.384488][ T6090] loop1: detected capacity change from 0 to 2048 [ 890.394357][T14640] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 890.417276][T31063] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 890.461660][ T6090] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 890.466059][T31063] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 890.520470][T31063] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 890.554091][T31063] usb 4-1: config 0 descriptor?? [ 890.593171][ T24] usb-storage 5-1:2.22: USB Mass Storage device detected [ 890.623066][ T24] usb-storage 5-1:2.22: Quirks match for vid 0451 pid 5416: 2 [ 890.753561][ T24] usb 5-1: USB disconnect, device number 47 [ 890.809451][T31063] hdpvr 4-1:0.0: firmware version 0x0 dated [ 890.830184][T31063] hdpvr 4-1:0.0: untested firmware, the driver might not work. [ 891.003892][T31063] hdpvr 4-1:0.0: device init failed [ 891.033402][T31063] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -12 [ 891.081969][T31063] usb 4-1: USB disconnect, device number 52 [ 891.420007][ T6157] loop4: detected capacity change from 0 to 764 [ 891.866199][ T6187] netlink: 148 bytes leftover after parsing attributes in process `syz.1.10956'. [ 891.871638][ T6185] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(3) [ 891.881865][ T6185] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 891.893601][ T6193] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10953'. [ 891.953606][ T6185] vhci_hcd vhci_hcd.0: Device attached [ 892.117265][ T6207] loop2: detected capacity change from 0 to 16 [ 892.176868][ T6207] erofs (device loop2): mounted with root inode @ nid 36. [ 892.182921][ T5960] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 892.215665][ T24] usb 45-1: new high-speed USB device number 2 using vhci_hcd [ 892.224766][ T6207] erofs (device loop2): failed to decompress -20 in[62, 4034] out[1849] [ 892.266141][ T6207] erofs (device loop2): read error -117 @ 43 of nid 36 [ 892.381106][ T5960] usb 7-1: Using ep0 maxpacket: 8 [ 892.391443][ T5960] usb 7-1: unable to get BOS descriptor or descriptor too short [ 892.401737][ T5960] usb 7-1: config 4 interface 0 has no altsetting 0 [ 892.411741][ T5960] usb 7-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 892.430282][ T5960] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 892.441346][ T5960] usb 7-1: Product: syz [ 892.447547][ T5960] usb 7-1: Manufacturer: syz [ 892.452341][ T5960] usb 7-1: SerialNumber: syz [ 892.642536][ T6231] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 892.745237][ T6189] vhci_hcd: connection reset by peer [ 892.756812][ T3409] vhci_hcd: stop threads [ 892.761117][ T5960] usb 7-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 892.761365][ T3409] vhci_hcd: release socket [ 892.823310][ T5960] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 892.825018][ T3409] vhci_hcd: disconnect device [ 892.861758][ T5960] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 892.896832][ T5960] usb 7-1: media controller created [ 892.996053][ T5960] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 893.090509][ T5960] zl10353_read_register: readreg error (reg=127, ret==0) [ 893.361271][ T6271] netlink: 'syz.3.10976': attribute type 10 has an invalid length. [ 893.473804][ T5960] usb 7-1: USB disconnect, device number 26 [ 894.038545][ T6309] loop5: detected capacity change from 0 to 256 [ 894.110893][ T6309] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 894.149738][ T6309] exFAT-fs (loop5): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 894.301600][ T6309] loop5: Can't mount, would change RO state [ 894.437431][ T6326] netlink: 268 bytes leftover after parsing attributes in process `syz.4.10993'. [ 895.066020][ T6298] loop6: detected capacity change from 0 to 32768 [ 895.134786][ T6298] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.10985 (6298) [ 895.243470][ T6298] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 895.313574][ T6298] BTRFS info (device loop6): using sha256 (sha256-ni) checksum algorithm [ 895.322086][ T6298] BTRFS info (device loop6): using free-space-tree [ 895.870608][T14640] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 895.881731][ T6412] loop2: detected capacity change from 0 to 256 [ 896.043896][ T6412] FAT-fs (loop2): Directory bread(block 64) failed [ 896.091400][ T6412] FAT-fs (loop2): Directory bread(block 65) failed [ 896.141360][ T6412] FAT-fs (loop2): Directory bread(block 66) failed [ 896.162724][ T6412] FAT-fs (loop2): Directory bread(block 67) failed [ 896.182872][ T6412] FAT-fs (loop2): Directory bread(block 68) failed [ 896.189456][ T6412] FAT-fs (loop2): Directory bread(block 69) failed [ 896.229191][ T6365] loop1: detected capacity change from 0 to 32768 [ 896.253948][ T6412] FAT-fs (loop2): Directory bread(block 70) failed [ 896.293157][ T6412] FAT-fs (loop2): Directory bread(block 71) failed [ 896.299955][ T6412] FAT-fs (loop2): Directory bread(block 72) failed [ 896.351284][ T6412] FAT-fs (loop2): Directory bread(block 73) failed [ 896.368060][ T6431] netlink: 12 bytes leftover after parsing attributes in process `syz.5.11021'. [ 896.382945][ T6365] JBD2: Ignoring recovery information on journal [ 896.456977][ T6365] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 896.623230][ T6365] OCFS2: ERROR (device loop1): int ocfs2_reserve_suballoc_bits(struct ocfs2_super *, struct ocfs2_alloc_context *, int, u32, u64 *, int): Invalid chain allocator 71 [ 896.747345][ T6365] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 896.822958][ T6365] OCFS2: File system is now read-only. [ 896.824554][ T6447] netlink: 'syz.6.11018': attribute type 15 has an invalid length. [ 896.853634][ T6365] (syz.1.11006,6365,0):ocfs2_reserve_suballoc_bits:854 ERROR: status = -30 [ 896.870002][ T6365] (syz.1.11006,6365,0):ocfs2_reserve_cluster_bitmap_bits:1137 ERROR: status = -30 [ 896.879763][ T6447] netlink: 24 bytes leftover after parsing attributes in process `syz.6.11018'. [ 896.913055][ T6365] (syz.1.11006,6365,0):ocfs2_reserve_clusters_with_limit:1206 ERROR: status = -30 [ 896.992943][ T6365] (syz.1.11006,6365,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30 [ 897.043258][ T6365] (syz.1.11006,6365,0):ocfs2_block_group_alloc:679 ERROR: status = -30 [ 897.051571][ T6365] (syz.1.11006,6365,0):ocfs2_block_group_alloc:762 ERROR: status = -30 [ 897.102913][ T6365] (syz.1.11006,6365,1):ocfs2_reserve_suballoc_bits:837 ERROR: status = -30 [ 897.149588][ T6365] (syz.1.11006,6365,1):ocfs2_reserve_suballoc_bits:854 ERROR: status = -30 [ 897.202762][ T6365] (syz.1.11006,6365,1):ocfs2_reserve_new_metadata_blocks:994 ERROR: status = -30 [ 897.211974][ T6365] (syz.1.11006,6365,1):ocfs2_reserve_new_metadata_blocks:1017 ERROR: status = -30 [ 897.262135][ T6365] (syz.1.11006,6365,1):ocfs2_expand_inline_dir:2839 ERROR: status = -30 [ 897.296870][ T6467] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 897.303141][ T6365] (syz.1.11006,6365,1):ocfs2_extend_dir:3203 ERROR: status = -30 [ 897.350848][ T6471] loop4: detected capacity change from 0 to 512 [ 897.383507][ T24] vhci_hcd: vhci_device speed not set [ 897.389781][ T6365] (syz.1.11006,6365,1):ocfs2_prepare_dir_for_insert:4308 ERROR: status = -30 [ 897.411455][ T6471] EXT4-fs (loop4): Test dummy encryption mode enabled [ 897.431672][ T6471] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 897.445265][ T6365] (syz.1.11006,6365,1):ocfs2_mknod:298 ERROR: status = -30 [ 897.484598][ T6365] (syz.1.11006,6365,1):ocfs2_mknod:502 ERROR: status = -30 [ 897.491874][ T6365] (syz.1.11006,6365,1):ocfs2_create:675 ERROR: status = -30 [ 897.533972][ T6471] EXT4-fs (loop4): 1 truncate cleaned up [ 897.562898][ T6471] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 897.683069][ T6471] EXT4-fs error (device loop4): ext4_search_dir:1476: inode #2: block 13: comm syz.4.11034: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=16, rec_len=0, size=1024 fake=0 [ 897.776484][ T6471] EXT4-fs (loop4): Remounting filesystem read-only [ 897.800259][ T5823] ocfs2: Unmounting device (7,1) on (node local) [ 897.978610][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 898.183412][ T6513] program syz.2.11046 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 898.491516][ T6527] netlink: 'syz.5.11052': attribute type 11 has an invalid length. [ 898.701218][ T6541] loop2: detected capacity change from 0 to 256 [ 899.578686][ T6593] bridge4: the hash_elasticity option has been deprecated and is always 16 [ 899.589234][ T6590] loop4: detected capacity change from 0 to 1764 [ 899.661521][ T6602] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11074'. [ 899.692782][ T6605] netlink: 'syz.2.11075': attribute type 32 has an invalid length. [ 899.694677][ T6590] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 900.464309][ T5960] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 900.571854][ T6652] netlink: 'syz.4.11089': attribute type 1 has an invalid length. [ 900.663129][ T5960] usb 4-1: Using ep0 maxpacket: 32 [ 900.673160][ T6661] xt_bpf: check failed: parse error [ 900.686725][ T5960] usb 4-1: config 0 has an invalid interface number: 85 but max is 0 [ 900.731285][ T5960] usb 4-1: config 0 has no interface number 0 [ 900.757494][ T5960] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 900.806221][ T5960] usb 4-1: config 0 interface 85 has no altsetting 0 [ 900.833352][ T5960] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 900.848267][ T5960] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 900.903085][ T5960] usb 4-1: Product: syz [ 900.917876][ T5960] usb 4-1: Manufacturer: syz [ 900.943788][ T5960] usb 4-1: SerialNumber: syz [ 900.959262][ T5960] usb 4-1: config 0 descriptor?? [ 901.162756][ T5911] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 901.171680][ T6693] binder: 6692:6693 ioctl 40046210 0 returned -14 [ 901.342650][ T5911] usb 6-1: Using ep0 maxpacket: 16 [ 901.399280][ T5960] appletouch 4-1:0.85: Failed to request geyser raw mode [ 901.415579][ T5911] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 901.419711][ T5960] appletouch 4-1:0.85: probe with driver appletouch failed with error -5 [ 901.453798][ T5911] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 901.463628][ T5960] usb 4-1: USB disconnect, device number 53 [ 901.502473][ T5911] usb 6-1: Product: syz [ 901.512641][ T5911] usb 6-1: Manufacturer: syz [ 901.517278][ T5911] usb 6-1: SerialNumber: syz [ 901.580692][ T5911] r8152-cfgselector 6-1: Unknown version 0x0000 [ 901.603927][ T5911] r8152-cfgselector 6-1: config 0 descriptor?? [ 901.972837][ T5887] usb 7-1: new full-speed USB device number 27 using dummy_hcd [ 902.021550][ T5960] r8152-cfgselector 6-1: USB disconnect, device number 53 [ 902.069315][ T6697] loop2: detected capacity change from 0 to 32768 [ 902.121328][ T6697] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.11102 (6697) [ 902.142899][ T5887] usb 7-1: config 0 has an invalid interface number: 176 but max is 2 [ 902.153565][ T6729] ieee802154 phy0 wpan0: encryption failed: -90 [ 902.171084][ T5887] usb 7-1: config 0 has an invalid interface number: 3 but max is 2 [ 902.179996][ T5887] usb 7-1: config 0 has no interface number 0 [ 902.211727][ T6697] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 902.224996][ T5887] usb 7-1: config 0 has no interface number 1 [ 902.231159][ T5887] usb 7-1: too many endpoints for config 0 interface 3 altsetting 255: 255, using maximum allowed: 30 [ 902.245775][ T6699] loop1: detected capacity change from 0 to 32768 [ 902.250454][ T6697] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 902.275230][ T5887] usb 7-1: config 0 interface 3 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 902.311810][ T6697] BTRFS info (device loop2): disk space caching is enabled [ 902.350951][ T6697] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 902.367719][ T5887] usb 7-1: config 0 interface 3 has no altsetting 0 [ 902.388403][ T5887] usb 7-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 902.410854][ T5887] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 902.425629][ T6736] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11108'. [ 902.442440][ T5887] usb 7-1: config 0 descriptor?? [ 902.477017][ T6702] loop4: detected capacity change from 0 to 32768 [ 902.608175][ T6697] BTRFS info (device loop2): rebuilding free space tree [ 902.702038][ T5887] usb 7-1: Could not set interface, error -71 [ 902.709634][ T6697] BTRFS info (device loop2): disabling free space tree [ 902.732954][ T6697] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 902.746909][ T5887] usb 7-1: selecting invalid altsetting 0 [ 902.784032][ T5887] usb 7-1: Could not set interface, error -22 [ 902.804203][ T5887] usb 7-1: USB disconnect, device number 27 [ 902.806442][ T6697] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 903.080477][ T6697] BTRFS info (device loop2): balance: start -sprofiles=NONE,usage=9,usage=9..0,drange=0..70368744177664,vrange=9223372036854775809..4294967295,limit=351830835986432,limit=0..81917,stripes=0..32767 [ 903.139091][ T6697] BTRFS info (device loop2): balance: ended with status: 0 [ 903.343629][ T5827] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 903.463093][ T6795] loop4: detected capacity change from 0 to 16 [ 903.524324][ T6795] erofs (device loop4): mounted with root inode @ nid 36. [ 904.046250][ T6825] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11125'. [ 904.303887][ T6846] netlink: 168 bytes leftover after parsing attributes in process `syz.3.11129'. [ 904.362991][ T6846] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11129'. [ 904.495365][ T6851] deleting an unspecified loop device is not supported. [ 904.782771][ T5960] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 905.020463][ T5960] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 905.040321][ T5960] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 905.073548][ T5960] usb 5-1: Product: syz [ 905.090895][ T5960] usb 5-1: Manufacturer: syz [ 905.103258][ T5960] usb 5-1: SerialNumber: syz [ 905.160611][ T5960] usb 5-1: config 0 descriptor?? [ 905.189751][ T6885] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 905.232938][ T6885] overlayfs: missing 'lowerdir' [ 905.340583][ T6823] loop5: detected capacity change from 0 to 32768 [ 905.414310][ T5960] hso 5-1:0.0: Failed to find BULK IN ep [ 905.420255][ T6823] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.11124 (6823) [ 905.477717][ T5960] usb-storage 5-1:0.0: USB Mass Storage device detected [ 905.501149][ T6823] BTRFS info (device loop5): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 905.552843][ T6823] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 905.562123][ T6823] BTRFS info (device loop5): disk space caching is enabled [ 905.667091][ T6823] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 905.739787][ T5960] usb 5-1: USB disconnect, device number 48 [ 905.958595][ T6951] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 905.982883][ T6823] BTRFS info (device loop5): rebuilding free space tree [ 906.069603][ T6823] BTRFS info (device loop5): disabling free space tree [ 906.092782][ T6823] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 906.142835][ T6823] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 906.434464][ T6823] BTRFS info (device loop5): balance: start -sprofiles=data|system|metadata|single|raid0|raid1|dup|raid10|raid5|raid6|raid1c3|raid1c4|0xfffefffffffff800,usage=6,usage=6..0,devid=0,vrange=9223372036854775809..4294967295,limit=0 [ 906.472803][ T6970] netlink: 256 bytes leftover after parsing attributes in process `syz.4.11159'. [ 906.506732][ T6823] BTRFS info (device loop5): balance: ended with status: 0 [ 906.782828][ T5821] BTRFS info (device loop5): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 906.851282][ T6990] loop1: detected capacity change from 0 to 22 [ 906.876592][ T6990] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 906.955032][ T6990] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 907.063280][ T6997] netlink: 'syz.2.11169': attribute type 1 has an invalid length. [ 907.381016][ T7017] loop2: detected capacity change from 0 to 24 [ 907.434984][ T7017] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 907.475969][ T7017] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 907.588000][ T7017] romfs: read error for inode 0x70040 [ 908.025713][ T7047] netlink: 3 bytes leftover after parsing attributes in process `syz.2.11182'. [ 908.107599][ T7054] binfmt_misc: register: failed to install interpreter file ./file0 [ 908.205564][ T7057] loop6: detected capacity change from 0 to 2048 [ 908.225437][ T7057] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found [ 908.237268][ T7057] UDF-fs: Scanning with blocksize 512 failed [ 908.284075][ T7057] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 908.324428][ T7061] ÿÿÿÿÿÿ: renamed from vlan1 [ 908.701571][ T7084] loop4: detected capacity change from 0 to 256 [ 908.764330][ T30] audit: type=1326 audit(2000000485.219:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7085 comm="syz.1.11195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ec798e969 code=0x7ffc0000 [ 908.881723][ T30] audit: type=1326 audit(2000000485.219:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7085 comm="syz.1.11195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ec798e969 code=0x7ffc0000 [ 908.952969][ T30] audit: type=1326 audit(2000000485.259:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7085 comm="syz.1.11195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f7ec798e969 code=0x7ffc0000 [ 908.960098][ T7097] loop6: detected capacity change from 0 to 1024 [ 909.072753][ T30] audit: type=1326 audit(2000000485.259:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7085 comm="syz.1.11195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ec798e969 code=0x7ffc0000 [ 909.083259][ T7101] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 909.102423][ T7101] IPv6: NLM_F_CREATE should be set when creating new route [ 909.109779][ T7101] IPv6: NLM_F_CREATE should be set when creating new route [ 909.169808][ T30] audit: type=1326 audit(2000000485.259:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7085 comm="syz.1.11195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ec798e969 code=0x7ffc0000 [ 910.027206][ T30] audit: type=1326 audit(2000000486.479:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7161 comm="syz.6.11219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd80338e969 code=0x7ffc0000 [ 910.140263][ T30] audit: type=1326 audit(2000000486.499:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7161 comm="syz.6.11219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd80338e969 code=0x7ffc0000 [ 910.281475][ T30] audit: type=1326 audit(2000000486.499:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7161 comm="syz.6.11219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7fd80338e969 code=0x7ffc0000 [ 910.409956][ T30] audit: type=1326 audit(2000000486.499:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7161 comm="syz.6.11219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd80338e969 code=0x7ffc0000 [ 910.510756][ T30] audit: type=1326 audit(2000000486.499:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7161 comm="syz.6.11219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd80338e969 code=0x7ffc0000 [ 911.186378][ T7226] loop4: detected capacity change from 0 to 64 [ 911.269502][ T7226] [ 911.271874][ T7226] ====================================================== [ 911.278910][ T7226] WARNING: possible circular locking dependency detected [ 911.285932][ T7226] 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 Not tainted [ 911.293110][ T7226] ------------------------------------------------------ [ 911.300135][ T7226] syz.4.11239/7226 is trying to acquire lock: [ 911.306211][ T7226] ffff88807e7c00b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x165/0x1e0 [ 911.315582][ T7226] [ 911.315582][ T7226] but task is already holding lock: [ 911.322996][ T7226] ffff8880584d00f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 911.333866][ T7226] [ 911.333866][ T7226] which lock already depends on the new lock. [ 911.333866][ T7226] [ 911.344280][ T7226] [ 911.344280][ T7226] the existing dependency chain (in reverse order) is: [ 911.353297][ T7226] [ 911.353297][ T7226] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}: [ 911.362541][ T7226] lock_acquire+0x120/0x360 [ 911.367596][ T7226] __mutex_lock+0x182/0xe80 [ 911.372638][ T7226] hfs_extend_file+0xda/0x1230 [ 911.377936][ T7226] hfs_bmap_reserve+0x107/0x430 [ 911.383331][ T7226] __hfs_ext_write_extent+0x1fa/0x470 [ 911.389237][ T7226] __hfs_ext_cache_extent+0x6b/0x9b0 [ 911.395059][ T7226] hfs_extend_file+0x316/0x1230 [ 911.400445][ T7226] hfs_get_block+0x3d7/0xbd0 [ 911.405595][ T7226] __block_write_begin_int+0x6b5/0x1900 [ 911.411727][ T7226] cont_write_begin+0x789/0xb50 [ 911.417140][ T7226] hfs_write_begin+0x66/0xb0 [ 911.422268][ T7226] cont_write_begin+0x2fd/0xb50 [ 911.427669][ T7226] hfs_write_begin+0x66/0xb0 [ 911.432792][ T7226] hfs_file_truncate+0x190/0x9c0 [ 911.438254][ T7226] hfs_inode_setattr+0x4a9/0x670 [ 911.443711][ T7226] notify_change+0xb36/0xe40 [ 911.448852][ T7226] do_truncate+0x19a/0x220 [ 911.453816][ T7226] vfs_truncate+0x493/0x520 [ 911.458862][ T7226] do_sys_truncate+0xdb/0x190 [ 911.464086][ T7226] __x64_sys_truncate+0x5b/0x70 [ 911.469464][ T7226] do_syscall_64+0xf6/0x210 [ 911.474519][ T7226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 911.480957][ T7226] [ 911.480957][ T7226] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 911.488914][ T7226] validate_chain+0xb9b/0x2140 [ 911.494214][ T7226] __lock_acquire+0xaac/0xd20 [ 911.499428][ T7226] lock_acquire+0x120/0x360 [ 911.504465][ T7226] __mutex_lock+0x182/0xe80 [ 911.509491][ T7226] hfs_find_init+0x165/0x1e0 [ 911.514607][ T7226] hfs_extend_file+0x2ee/0x1230 [ 911.519979][ T7226] hfs_bmap_reserve+0x107/0x430 [ 911.525357][ T7226] hfs_cat_create+0x1b3/0x640 [ 911.530566][ T7226] hfs_create+0x66/0xe0 [ 911.535236][ T7226] path_openat+0x14f4/0x3830 [ 911.540347][ T7226] do_filp_open+0x1fa/0x410 [ 911.545365][ T7226] do_sys_openat2+0x121/0x1c0 [ 911.550574][ T7226] __x64_sys_openat+0x138/0x170 [ 911.555958][ T7226] do_syscall_64+0xf6/0x210 [ 911.560981][ T7226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 911.567389][ T7226] [ 911.567389][ T7226] other info that might help us debug this: [ 911.567389][ T7226] [ 911.577637][ T7226] Possible unsafe locking scenario: [ 911.577637][ T7226] [ 911.585091][ T7226] CPU0 CPU1 [ 911.590447][ T7226] ---- ---- [ 911.595805][ T7226] lock(&HFS_I(tree->inode)->extents_lock); [ 911.601787][ T7226] lock(&tree->tree_lock/1); [ 911.609004][ T7226] lock(&HFS_I(tree->inode)->extents_lock); [ 911.617505][ T7226] lock(&tree->tree_lock/1); [ 911.622196][ T7226] [ 911.622196][ T7226] *** DEADLOCK *** [ 911.622196][ T7226] [ 911.630330][ T7226] 4 locks held by syz.4.11239/7226: [ 911.635549][ T7226] #0: ffff88803394c420 (sb_writers#26){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 911.644824][ T7226] #1: ffff8880584d1ca0 (&type->i_mutex_dir_key#18){++++}-{4:4}, at: path_openat+0x8da/0x3830 [ 911.655127][ T7226] #2: ffff88807e7c40b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x165/0x1e0 [ 911.664727][ T7226] #3: ffff8880584d00f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 911.675980][ T7226] [ 911.675980][ T7226] stack backtrace: [ 911.681867][ T7226] CPU: 1 UID: 0 PID: 7226 Comm: syz.4.11239 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) [ 911.681898][ T7226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 911.681912][ T7226] Call Trace: [ 911.681920][ T7226] [ 911.681929][ T7226] dump_stack_lvl+0x189/0x250 [ 911.681967][ T7226] ? __pfx_dump_stack_lvl+0x10/0x10 [ 911.681998][ T7226] ? __pfx__printk+0x10/0x10 [ 911.682021][ T7226] ? print_lock_name+0xde/0x100 [ 911.682057][ T7226] print_circular_bug+0x2ee/0x310 [ 911.682082][ T7226] check_noncircular+0x134/0x160 [ 911.682107][ T7226] validate_chain+0xb9b/0x2140 [ 911.682127][ T7226] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 911.682154][ T7226] ? srso_alias_return_thunk+0x5/0xfbef5 [ 911.682179][ T7226] ? look_up_lock_class+0x74/0x170 [ 911.682204][ T7226] ? srso_alias_return_thunk+0x5/0xfbef5 [ 911.682228][ T7226] ? register_lock_class+0x51/0x320 [ 911.682256][ T7226] ? srso_alias_return_thunk+0x5/0xfbef5 [ 911.682284][ T7226] __lock_acquire+0xaac/0xd20 [ 911.682316][ T7226] ? hfs_find_init+0x165/0x1e0 [ 911.682343][ T7226] lock_acquire+0x120/0x360 [ 911.682371][ T7226] ? hfs_find_init+0x165/0x1e0 [ 911.682406][ T7226] __mutex_lock+0x182/0xe80 [ 911.682432][ T7226] ? hfs_find_init+0x165/0x1e0 [ 911.682464][ T7226] ? hfs_find_init+0x165/0x1e0 [ 911.682493][ T7226] ? __pfx___mutex_lock+0x10/0x10 [ 911.682522][ T7226] ? srso_alias_return_thunk+0x5/0xfbef5 [ 911.682546][ T7226] ? rcu_is_watching+0x15/0xb0 [ 911.682579][ T7226] ? srso_alias_return_thunk+0x5/0xfbef5 [ 911.682606][ T7226] ? __kmalloc_noprof+0x29b/0x4f0 [ 911.682635][ T7226] ? hfs_find_init+0x8b/0x1e0 [ 911.682667][ T7226] hfs_find_init+0x165/0x1e0 [ 911.682700][ T7226] hfs_extend_file+0x2ee/0x1230 [ 911.682723][ T7226] ? __pfx___mutex_trylock_common+0x10/0x10 [ 911.682752][ T7226] ? __pfx_hfs_extend_file+0x10/0x10 [ 911.682774][ T7226] ? trace_contention_end+0x39/0x120 [ 911.682799][ T7226] ? srso_alias_return_thunk+0x5/0xfbef5 [ 911.682828][ T7226] ? __mutex_lock+0x330/0xe80 [ 911.682863][ T7226] ? hfs_find_init+0x165/0x1e0 [ 911.682908][ T7226] ? __pfx___mutex_lock+0x10/0x10 [ 911.682944][ T7226] hfs_bmap_reserve+0x107/0x430 [ 911.682990][ T7226] hfs_cat_create+0x1b3/0x640 [ 911.683030][ T7226] ? do_raw_spin_lock+0x121/0x290 [ 911.683058][ T7226] ? __pfx_hfs_cat_create+0x10/0x10 [ 911.683107][ T7226] ? srso_alias_return_thunk+0x5/0xfbef5 [ 911.683132][ T7226] ? _raw_spin_unlock+0x28/0x50 [ 911.683151][ T7226] ? srso_alias_return_thunk+0x5/0xfbef5 [ 911.683175][ T7226] ? hfs_new_inode+0x7c9/0xba0 [ 911.683202][ T7226] hfs_create+0x66/0xe0 [ 911.683221][ T7226] ? __pfx_hfs_create+0x10/0x10 [ 911.683240][ T7226] path_openat+0x14f4/0x3830 [ 911.683260][ T7226] ? arch_stack_walk+0xfc/0x150 [ 911.683306][ T7226] ? __pfx_path_openat+0x10/0x10 [ 911.683331][ T7226] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 911.683364][ T7226] do_filp_open+0x1fa/0x410 [ 911.683385][ T7226] ? __pfx_do_filp_open+0x10/0x10 [ 911.683418][ T7226] ? _raw_spin_unlock+0x28/0x50 [ 911.683436][ T7226] ? srso_alias_return_thunk+0x5/0xfbef5 [ 911.683460][ T7226] ? alloc_fd+0x64c/0x6c0 [ 911.683493][ T7226] do_sys_openat2+0x121/0x1c0 [ 911.683527][ T7226] ? __pfx_do_sys_openat2+0x10/0x10 [ 911.683562][ T7226] ? rcu_is_watching+0x15/0xb0 [ 911.683598][ T7226] __x64_sys_openat+0x138/0x170 [ 911.683634][ T7226] do_syscall_64+0xf6/0x210 [ 911.683661][ T7226] ? srso_alias_return_thunk+0x5/0xfbef5 [ 911.683685][ T7226] ? exc_page_fault+0x91/0x110 [ 911.683709][ T7226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 911.683730][ T7226] RIP: 0033:0x7f29bbb8e969 [ 911.683750][ T7226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 911.683768][ T7226] RSP: 002b:00007f29bc972038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 911.683791][ T7226] RAX: ffffffffffffffda RBX: 00007f29bbdb5fa0 RCX: 00007f29bbb8e969 [ 911.683807][ T7226] RDX: 0000000000000042 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 911.683823][ T7226] RBP: 00007f29bbc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 911.683837][ T7226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 911.683851][ T7226] R13: 0000000000000000 R14: 00007f29bbdb5fa0 R15: 00007ffe162a6c68 [ 911.683882][ T7226] [ 912.113917][ T7226] hfs: request for non-existent node 16777216 in B*Tree [ 912.120936][ T7226] hfs: request for non-existent node 16777216 in B*Tree