last executing test programs: 11m15.484892093s ago: executing program 3 (id=7285): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000140)='\n\x00\x00\x00', 0x4}], 0x1) 11m15.452837395s ago: executing program 3 (id=7286): r0 = socket(0x40000000015, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x271b, 0x0, &(0x7f0000000400)) 11m15.271678851s ago: executing program 3 (id=7287): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) ioctl$FBIOGETCMAP(r0, 0x4604, &(0x7f0000000380)={0x8, 0x1, &(0x7f0000000140)=[0x0], &(0x7f0000000180), 0x0, 0x0}) 11m15.101190906s ago: executing program 3 (id=7290): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20044e, &(0x7f0000000340)={[{@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 11m14.38885817s ago: executing program 3 (id=7298): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="180100001e00010000000000000000000501e7800d0001"], 0x118}], 0x1}, 0x0) 11m13.77713371s ago: executing program 3 (id=7301): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCDELRT(r0, 0x891c, 0x0) 11m13.409811132s ago: executing program 32 (id=7301): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCDELRT(r0, 0x891c, 0x0) 11m11.040062321s ago: executing program 1 (id=7328): mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) mbind(&(0x7f0000ff9000/0x7000)=nil, 0x7000, 0x4, 0x0, 0x0, 0x1) 11m10.589720296s ago: executing program 1 (id=7336): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020100090a000000007fffffff0000000200100007e9000000e9000000000000030005000000000002000000ac1414000000000000000000030006000000000002"], 0x50}}, 0x0) 11m10.425085152s ago: executing program 1 (id=7339): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f6873720000000014"], 0xfc}}, 0x0) 11m10.17675626s ago: executing program 1 (id=7343): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20044e, &(0x7f0000000340)={[{@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 11m9.699120905s ago: executing program 1 (id=7347): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0xfffffffffffffff5, 0x0, {0x0, 0x2, 0xfffffffffffffffe, 0x0, 0x0, 0x0, {0x100040, 0x3, 0x0, 0xffff, 0x20, 0xffffffffffffffff, 0x0, 0x0, 0x11e, 0x6000, 0x8, 0x0, 0x0, 0x902}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f00000001c0)={0x710c01, 0x127, 0x2e}, 0x4a) 11m8.322088581s ago: executing program 1 (id=7356): r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0) 11m7.974377153s ago: executing program 33 (id=7356): r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0) 56.179799108s ago: executing program 4 (id=21199): creat(&(0x7f0000000140)='./file0\x00', 0x182) syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000376ec"], 0x1, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=") 55.811193419s ago: executing program 4 (id=21207): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000001c0), &(0x7f0000000200)=0x4) 55.697841263s ago: executing program 4 (id=21211): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000002500)=[{{&(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000880)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x401}}], 0x18}}], 0x1, 0x40044) 55.581579087s ago: executing program 4 (id=21213): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000002e40), 0x2, 0x0) read(r0, 0x0, 0x0) 55.505435659s ago: executing program 4 (id=21216): mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) readlinkat(0xffffffffffffffff, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000840)=""/66, 0x42) 55.430184382s ago: executing program 4 (id=21218): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0xb, 0x141042) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f00000000c0)={0x80, 0x6, 0x302, 0x7f, 0x0, 0x5, 0x0}) 39.223018646s ago: executing program 34 (id=21218): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0xb, 0x141042) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f00000000c0)={0x80, 0x6, 0x302, 0x7f, 0x0, 0x5, 0x0}) 2.20372248s ago: executing program 5 (id=22433): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="70010000100033060000000000000000fc0000000000000000000000e3000000ffffffff00000000000000000000000000004000000080ff0000000000000000", @ANYRES32, @ANYRES32=r0, @ANYBLOB="ac1414000000000000000000000000000000000032000000fe80000000000000000000000000001a27030000000000000000000000000000fdffffffffffffff0000000000000000ff0f000000000000fcffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008f000000000000000000000029bd7000000000000a00040000000000000000001c00200000004e2200000000ac1414bb00000000000000000000000048000200656362286369706865725f6e756c6c2900"/265, @ANYRES8], 0x170}, 0x1, 0x0, 0x0, 0x20000000}, 0x48040) 1.249072771s ago: executing program 0 (id=22446): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000003850000002c000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r0, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 972.811389ms ago: executing program 2 (id=22449): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000500000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000088850000002d000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000007c0)={r0}, 0xc) 937.85836ms ago: executing program 7 (id=22450): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x60, 0x10, 0x439, 0x0, 0x10000, {0x0, 0x0, 0x0, 0x0, 0x9801}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}}, @IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}]}}}]}, 0x60}}, 0x0) 926.819551ms ago: executing program 6 (id=22451): r0 = socket(0x22, 0x2, 0x4) bind$alg(r0, 0x0, 0x0) 808.109275ms ago: executing program 0 (id=22452): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000640)='./file1\x00', 0x1808000, &(0x7f0000001600)=ANY=[@ANYRES32=0x0, @ANYRES8, @ANYRESOCT=0x0, @ANYRES8, @ANYRES64, @ANYRES64, @ANYRESDEC, @ANYRES16], 0x1, 0x5e7, &(0x7f0000000680)="$eJzs3cFvHFcdB/DvbBxnHaTUcZM2oEpYRaoQFsl6LZGUC1AKslCFKnHgbBEnsbJJK3uL3B4gIA4Vp/4JRcj/AOJYpBxoDxzg1LNRj0jcfdtqZmfX62TrJrab3TSfjzT73ps38/b3fjM7mVkr2gDPrNWlzNxPkdWlN7bL9u7OSmd3Z+XOoJ7kTJJG0kxSlKv/nuSz5F76S7456BgpH/LpR82bn3zw8fv9VjlWs5jpb18ctt+jGcYy34+1Kk9qvPbxxzsww4Uki8ceD05Ab+C/Y7uP+bkEAKZZkZwat34+OVvfsJfPAf274v499lPt3qQDAAAAgCfgub3sZTvnJh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPE3q3/8v6qUxqC+mGPz+/2y9LnX9qXZ/0gEAAAAAAAAAwAn49l72sp1zg3avqP7m/3LVuFC9fiPvZCvr2czlbGct3XSzmeUk8yMDzW6vdbuby4+wZ3vsnu0nM18AAAAAAAAA+Jr6Y1b3//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADToEhO9YtquTCoz6cxk6SZZLbc7l7yn0H9aXZ/0gEAAADAE/DcXvaynXODdq+onvlfqJ77m3knd9PNRrrpZD3Xq+8C+k/9jd2dlc7uzsqdcnl43J/8/7HCqEZM/7uH8e98qdpiLjeyUa25nN/krXRyPY1qz9KlQTzj4/pDGVPxo9ojRna9LsuZ/6Iup8N8lZHTw4y06tjKbJw/PBOPeXQefKflNIbf/Fz4CnJ+ti7L+bw+1Tlvj5x9LxyeiWTh13++eqtz9/atG1tL0zOlI3owEysjmXjxmcpEq8rExWF7NT/Pr7KUxbyZzWzkt1lLN+tZzOtVba0+n8vX+cMz9eMDrTe/LJLZ+rj0r6KPF9PL1b7nspFf5q1cr45oK1dzNe38IK+mdeAIXxwb9+97dfder9dL4/E+9d/5bl05neRndTkdyryeH8nr6DV3vuobXbOfpYWTvzbOfKuulGfPa1N3bTz/wL8Sg0w8f3gm/lKdOFudu7c3b629/Yjv90pdlhn46TATM/Xa3qkTmdSRlOfLwjCWg2dH2ff82L7lqu/CsK/xUN/FYd+XfVJn63u4h0dqV30vju3r73dppG/c/RYAU+/s987Ozv1v7t9zH879ae7W3BvN185cO/PSbE7/8/QPZ1qnXmm8VPwtH+Z3+8//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0W29+97ttU5nffPIlcEvER13HBUVlempTPrKBHzVrnTvvH1l6933vr9xZ+3m+s31u6+2rl1bXl6+2rpyY6OzXr9OOkoA4CTt3/RPOhIAAAAAAAAAAAAAAOCLPIn/TjzpOQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9vq0uZuZ8iy63LrbK9u7PSKZdBfX/LZpKirPwjyWfJvfSXzI8MV3zR+3z6UfPmJx98/P7+WM1q+3+1T2IWB2JpPBDTccdrj4z31yMNVwwzs5hkoS5h4j4PAAD//6e3Br8=") unlinkat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x200) 805.119685ms ago: executing program 2 (id=22453): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) shutdown(r0, 0x0) 756.633706ms ago: executing program 6 (id=22454): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x103302) ioctl$SG_IO(r0, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffc, 0x6, 0x0, @scatter={0x1, 0x3, &(0x7f00000006c0)=[{&(0x7f0000000380)=""/204, 0xcc}]}, &(0x7f0000000240)="008d7acda0b2", 0x0, 0x0, 0x0, 0x0, 0x0}) 745.281447ms ago: executing program 7 (id=22455): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=@base={0x19, 0x4, 0x8, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001680)={r0, &(0x7f0000001540), 0x0}, 0x20) 722.293137ms ago: executing program 5 (id=22456): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000540)={'team_slave_1\x00', &(0x7f0000000040)=@ethtool_perm_addr={0x4b, 0x10, "5c63276f6c86622447091eb03f61b1ff"}}) 633.24464ms ago: executing program 2 (id=22457): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in6={0xa, 0x0, 0x0, @loopback={0xfffffffffffffffe}}], 0x1c) 628.17324ms ago: executing program 6 (id=22458): r0 = socket$inet6(0xa, 0x3, 0x2) getsockopt$inet6_int(r0, 0x29, 0x43, 0x0, &(0x7f0000000080)) 599.987701ms ago: executing program 7 (id=22459): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$BLKZEROOUT(r0, 0x127f, 0x0) 524.124583ms ago: executing program 5 (id=22460): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x42001) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x0, 'client0\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352340900", 0x0, 0xfffffffd}) 482.505425ms ago: executing program 0 (id=22461): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000680)={&(0x7f0000000240)=@ipv6_newnexthop={0x24, 0x68, 0x1, 0x2004, 0x25dfdc00, {0x2, 0x0, 0x4}, [@NHA_FDB={0x4}, @NHA_ENCAP_TYPE={0x6, 0x7, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c050}, 0x8000) 467.729256ms ago: executing program 6 (id=22462): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_timeval(r0, 0x1, 0x45, &(0x7f00000000c0), 0x10) 452.895225ms ago: executing program 2 (id=22463): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000000)={[{@mpol={'mpol', 0x3d, {'bind', '', @val={0x3a, [0x35, 0x2d, 0x31]}}}, 0x64}]}) 451.684265ms ago: executing program 7 (id=22464): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x62040, 0x0) ioctl$PTP_SYS_OFFSET_EXTENDED(r0, 0xc4c03d09, 0x0) 396.491328ms ago: executing program 5 (id=22465): prlimit64(0x0, 0x9, &(0x7f00000000c0), 0x0) execveat(0xffffffffffffffff, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0) 346.052049ms ago: executing program 0 (id=22466): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x7, 0x1, 0x701, 0x0, 0x0, {0x0, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x44800}, 0x80) 307.75909ms ago: executing program 6 (id=22467): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000001c0)=@setlink={0x40, 0x13, 0x5, 0x200, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4010}, [@IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xc}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004) 264.321592ms ago: executing program 2 (id=22468): r0 = socket(0x2, 0x3, 0x3) getsockopt$sock_int(r0, 0xffff, 0x1001, 0x0, 0x0) 263.932232ms ago: executing program 7 (id=22469): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x18, 0x55, 0x2e5, 0x70bd26, 0x1}, 0x18}, 0x1, 0x0, 0x0, 0x2000c844}, 0x20000110) 237.691803ms ago: executing program 5 (id=22470): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00') writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='16', 0x2}], 0x1) 203.284823ms ago: executing program 0 (id=22471): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x8000000}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @quota={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_QUOTA_CONSUMED={0xc, 0x4, 0x1, 0x0, 0x7}, @NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x1}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x0) 185.304594ms ago: executing program 6 (id=22472): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000000700)=[@dstopts_2292={{0x18, 0x29, 0x4, {0x2}}}, @dstopts_2292={{0x18, 0x29, 0x3b}}, @rthdr_2292={{0x28, 0x29, 0x5, {0x0, 0x2, 0x2, 0x1, 0x0, [@remote]}}}], 0x58}, 0x0) 129.923726ms ago: executing program 2 (id=22473): syz_mount_image$hfs(&(0x7f0000000280), &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1214080, &(0x7f0000004240)={[{@uid={'uid', 0x3d, 0xee01}}, {@codepage={'codepage', 0x3d, 'maciceland'}}, {@uid}, {@dir_umask={'dir_umask', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@part={'part', 0x3d, 0x802}}, {@gid}]}, 0x1, 0x32e, &(0x7f0000000b00)="$eJzs3U1r1E4cB/DvZLPb3XbpP/+2UvBYLXgqbT0oXixSBPENeJBibVcojRW0ggri6lmKngTBoze9ir4FvYhvQE89iCe9FA9GZiazSbaZ7ENj02W/H+g2D/Pwm0weZlZqQERD68Ly19end+WPKAMoATgHOACqgAvgGKard7e2N7b9xnpWQSWVQ/4I6JxiX5q1rUZaVplP5Qh5cs1FHe7OpRyaSJmC4FvHND8PJRIqjtDX/j4OMBJenWp/9dAj+zeaul3DJdbDYg97uIfxIsMhIqLihc9/J3xK1MPxu+MAs+HYfNCf/4nxzV5xcRwJree/o9cDIY/Pf2pXNN9TUzjZ+46ZJaaVpc+JenJjEB3uCvSZlegA0WlWqWJxajc2/MZcUxXwBOdDsWRT6nMdpiGKLdqK/jWTMjfNkNX2bGOqDWXZhkVL/JM91/jhO16kV7fyqYuYxEfxWawIDy+x3hr/uYGQB0cdH6+tp3T88/YSVSs9nSrRymhO/7+q5LjpgfdvolbWbMe1ipKMJY0sRbSP3z0T57OKPRcmEl81mNYt2Funck2m5lpsrf9OzTXVnqvmlv3G3NotP/OrlNykzujEjrgiZvAD77AcG/87MvUs7Fdm4s4vVMrwzMhsj6tSWvoxQV3AN1OuTKeLzEPtYmpHZ3uK6ziL8Tv3H2yu+n7jdk4Lz9/q4vvIbi6VXOPpf0GfiCJqjvwdS4OqXCgDyK3SP0EQ+L6pM7bLxWE0uayqPfMq0YOiqVcPVgWa+06JJXtiAEsAwi3mjtBP7Y9auUaiArvK/kv2gNqSfkKaqHLsgrpll6kqsauEka6ulFof8Vx+uLnq935LocETdTqmrxYdDBVBDq+Env/F5ivz6q4jP7yM2UjQqfBYiQuWGdCE+hztbgbXKtY6gxszCx3mXCdOASfbanRganzcXqwXxtk2pD8aev+nDLGML7jG7/+JiIiIiIiIiIiIiIiIiIiIiIiIiAZNr3+o0M+fEyRr3B3C/3iDiIiIiIiIiIiIiIiIiIiIiIiIiIiIiOhgYu//BUrqjTGVwt//WzLv/w03jKZkMu+lIKK+/Q0AAP//oLJZGA==") open(&(0x7f00000000c0)='./file2\x00', 0x24842, 0x80) 98.341077ms ago: executing program 5 (id=22474): r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f) 54.420318ms ago: executing program 7 (id=22475): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xc3) 0s ago: executing program 0 (id=22476): r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000d7dda4108911930800000102030109022400020000000009046802006e02c0000904680001253e5300090508", @ANYRES16=r0, @ANYRESOCT=r0], 0x0) kernel console output (not intermixed with test programs): nterval 18, changing to 8 [ 1326.838265][T16152] netlink: 209852 bytes leftover after parsing attributes in process `syz.6.19927'. [ 1326.874795][T16150] loop2: detected capacity change from 0 to 1024 [ 1326.879081][T16152] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 1326.881466][ T9892] usb 5-1: config 0 interface 186 altsetting 0 has an invalid endpoint with address 0x9A, skipping [ 1326.892187][T16152] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 1326.910357][ T9892] usb 5-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 1327.007326][T16150] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 1327.032613][T16161] netlink: 132 bytes leftover after parsing attributes in process `syz.0.19933'. [ 1327.117768][ T9892] usb 5-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 1327.143104][ T9892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1327.188105][ T9892] usb 5-1: Product: syz [ 1327.203565][ T9892] usb 5-1: Manufacturer: syz [ 1327.208261][ T9892] usb 5-1: SerialNumber: syz [ 1327.234041][ T9892] usb 5-1: config 0 descriptor?? [ 1327.242767][T16171] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 1327.290430][ T9892] iowarrior 5-1:0.186: no interrupt-in endpoint found [ 1327.499451][T16191] SET target dimension over the limit! [ 1327.516028][ T4239] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 1327.588035][ T5131] usb 7-1: new high-speed USB device number 54 using dummy_hcd [ 1327.876751][ T5131] usb 7-1: Using ep0 maxpacket: 8 [ 1327.962274][ T4239] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1328.022027][ T5131] usb 7-1: config 156 has an invalid interface number: 91 but max is 0 [ 1328.036920][ T5131] usb 7-1: config 156 has no interface number 0 [ 1328.043290][ T5131] usb 7-1: config 156 interface 91 has no altsetting 0 [ 1328.047813][ T4239] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1328.068378][ T4239] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1328.077585][ T4239] usb 6-1: config 1 has no interface number 0 [ 1328.090565][ T4239] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1328.107613][ T4239] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1328.118970][ T4239] usb 6-1: Duplicate descriptor for config 1 interface 1 altsetting 1, skipping [ 1328.160088][T16223] netlink: 12 bytes leftover after parsing attributes in process `syz.0.19965'. [ 1328.169479][T16223] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19965'. [ 1328.178960][T32250] usb 3-1: new full-speed USB device number 91 using dummy_hcd [ 1328.183436][T16223] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19965'. [ 1328.304430][ T4239] usb 6-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice= 0.40 [ 1328.313782][ T4239] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1328.322180][ T4239] usb 6-1: Product: syz [ 1328.326693][ T4239] usb 6-1: Manufacturer: syz [ 1328.331315][ T4239] usb 6-1: SerialNumber: syz [ 1328.336759][ T5131] usb 7-1: string descriptor 0 read error: -22 [ 1328.344269][ T5131] usb 7-1: New USB device found, idVendor=249c, idProduct=9008, bcdDevice=90.15 [ 1328.356899][ T5131] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1328.405873][ T5131] usb 7-1: can't set first interface for hiFace device. [ 1328.412937][ T5131] snd-usb-hiface: probe of 7-1:156.91 failed with error -5 [ 1328.571641][T32250] usb 3-1: config 15 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1328.628125][ T5131] usb 7-1: USB disconnect, device number 54 [ 1328.654510][ T4239] snd-usb-audio: probe of 6-1:1.1 failed with error -2 [ 1328.667933][T32250] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1328.678806][ T4239] usb 6-1: USB disconnect, device number 52 [ 1328.685283][T32250] usb 3-1: New USB device strings: Mfr=0, Product=7, SerialNumber=0 [ 1328.698169][T32250] usb 3-1: Product: syz [ 1328.703462][ T4370] udevd[4370]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1328.732199][T16203] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 1328.755763][T32250] usbhid 3-1:15.0: fixing wrong optional hid class descriptors count [ 1328.764444][T32250] usbhid 3-1:15.0: can't add hid device: -22 [ 1328.770487][T32250] usbhid: probe of 3-1:15.0 failed with error -22 [ 1328.984829][T32250] usb 3-1: USB disconnect, device number 91 [ 1329.268175][T32250] usb 5-1: USB disconnect, device number 56 [ 1330.278085][T16297] loop2: detected capacity change from 0 to 164 [ 1330.370532][T16297] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 1330.397090][T32250] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 1330.477755][T16304] netlink: 'syz.6.20005': attribute type 1 has an invalid length. [ 1330.486649][T16306] netlink: 12 bytes leftover after parsing attributes in process `syz.2.20006'. [ 1330.688305][T32250] usb 6-1: Using ep0 maxpacket: 8 [ 1330.816856][T32250] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1330.845533][T16325] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1330.900051][T16329] SET target dimension over the limit! [ 1330.990714][T16334] netlink: 72 bytes leftover after parsing attributes in process `syz.4.20020'. [ 1331.019969][T32250] usb 6-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b [ 1331.050586][T32250] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1331.077988][T32250] usb 6-1: Product: syz [ 1331.097943][T32250] usb 6-1: Manufacturer: syz [ 1331.102637][T32250] usb 6-1: SerialNumber: syz [ 1331.128146][T32250] usb 6-1: config 0 descriptor?? [ 1331.183511][T32250] gspca_main: stk014-2.14.0 probing 05e1:0893 [ 1331.201946][T32250] usb 6-1: selecting invalid altsetting 1 [ 1331.415575][T32250] gspca_stk014: init reg: 0x00 [ 1331.420604][T32250] stk014: probe of 6-1:0.0 failed with error -5 [ 1331.646505][T32250] usb 6-1: USB disconnect, device number 53 [ 1332.345374][T16421] netlink: 830 bytes leftover after parsing attributes in process `syz.4.20062'. [ 1332.393298][T16425] netlink: 'syz.5.20063': attribute type 1 has an invalid length. [ 1332.483356][T16428] device vti2 entered promiscuous mode [ 1332.509448][T16401] loop6: detected capacity change from 0 to 32768 [ 1332.520354][T16431] loop5: detected capacity change from 0 to 1024 [ 1332.602175][T16401] ea_get: invalid extended attribute [ 1332.623664][T16401] ffff888050440330: 04 00 00 00 .... [ 1332.828891][T16445] ieee802154 phy0 wpan0: encryption failed: -22 [ 1332.945298][T16448] loop2: detected capacity change from 0 to 512 [ 1332.997026][T16448] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 1333.090668][T16448] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 1333.113916][T16448] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.20076: invalid indirect mapped block 33554432 (level 0) [ 1333.143274][T16448] EXT4-fs (loop2): Remounting filesystem read-only [ 1333.150485][T16448] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.20076: attempt to clear invalid blocks 2 len 1 [ 1333.165108][T16448] EXT4-fs (loop2): Remounting filesystem read-only [ 1333.186656][T16448] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.20076: bg 0: block 255: padding at end of block bitmap is not set [ 1333.219837][T16448] EXT4-fs (loop2): Remounting filesystem read-only [ 1333.227344][T16448] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6191: Corrupt filesystem [ 1333.248162][T16448] EXT4-fs (loop2): Remounting filesystem read-only [ 1333.307131][T16448] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.20076: invalid indirect mapped block 1819239214 (level 0) [ 1333.338223][T16448] EXT4-fs (loop2): Remounting filesystem read-only [ 1333.350639][T16448] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.20076: invalid indirect mapped block 1819239214 (level 1) [ 1333.374323][T16480] loop4: detected capacity change from 0 to 16 [ 1333.423281][T16448] EXT4-fs (loop2): Remounting filesystem read-only [ 1333.442792][T16448] EXT4-fs (loop2): 1 truncate cleaned up [ 1333.457200][T16448] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=... Quota mode: writeback. [ 1333.484460][T16480] erofs: (device loop4): mounted with root inode @ nid 36. [ 1333.616723][T16490] IPVS: length: 15 != 8 [ 1333.782710][T16494] loop2: detected capacity change from 0 to 8 [ 1333.941752][T16494] unable to read fragment index table [ 1334.196532][T16509] sctp: [Deprecated]: syz.0.20104 (pid 16509) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1334.196532][T16509] Use struct sctp_sack_info instead [ 1334.346317][T16512] netlink: 'syz.4.20106': attribute type 29 has an invalid length. [ 1334.354285][T16512] netlink: 'syz.4.20106': attribute type 3 has an invalid length. [ 1334.435336][T16482] loop6: detected capacity change from 0 to 32768 [ 1334.442580][T16488] loop5: detected capacity change from 0 to 32768 [ 1334.450519][T16512] netlink: 132 bytes leftover after parsing attributes in process `syz.4.20106'. [ 1334.526397][T16482] [ 1334.526397][T16482] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1334.526397][T16482] [ 1334.596559][T16482] [ 1334.596559][T16482] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1334.596559][T16482] [ 1334.637935][T16524] netlink: 'syz.4.20112': attribute type 4 has an invalid length. [ 1334.667503][T16482] [ 1334.667503][T16482] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1334.667503][T16482] [ 1334.692283][T16526] netlink: 12 bytes leftover after parsing attributes in process `syz.0.20113'. [ 1334.697317][T16482] jfs: Unrecognized mount option "jfs" or missing value [ 1334.706383][T16524] netlink: 17 bytes leftover after parsing attributes in process `syz.4.20112'. [ 1334.743137][T16526] netlink: 20 bytes leftover after parsing attributes in process `syz.0.20113'. [ 1334.771473][T16526] netlink: 20 bytes leftover after parsing attributes in process `syz.0.20113'. [ 1334.850841][T21067] [ 1334.850841][T21067] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1334.850841][T21067] [ 1334.911226][T21067] [ 1334.911226][T21067] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1334.911226][T21067] [ 1335.010488][T16532] loop4: detected capacity change from 0 to 4096 [ 1335.281819][T16550] MTD: Couldn't look up '': -22 [ 1335.586486][T16567] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 4294967180 out of range (51000000..2150000000) [ 1335.968056][T16597] netlink: 8 bytes leftover after parsing attributes in process `syz.0.20148'. [ 1336.082541][T16605] netlink: 28 bytes leftover after parsing attributes in process `syz.5.20152'. [ 1336.108506][ T5131] usb 7-1: new high-speed USB device number 55 using dummy_hcd [ 1336.108931][T16605] netlink: 28 bytes leftover after parsing attributes in process `syz.5.20152'. [ 1336.163303][T16605] netlink: 28 bytes leftover after parsing attributes in process `syz.5.20152'. [ 1336.181466][T16605] netlink: 28 bytes leftover after parsing attributes in process `syz.5.20152'. [ 1336.206960][T16605] netlink: 28 bytes leftover after parsing attributes in process `syz.5.20152'. [ 1336.225161][T16605] netlink: 28 bytes leftover after parsing attributes in process `syz.5.20152'. [ 1336.248226][T16605] netlink: 28 bytes leftover after parsing attributes in process `syz.5.20152'. [ 1336.252780][T16618] dlm: non-version read from control device 4096 [ 1336.264032][T16605] netlink: 28 bytes leftover after parsing attributes in process `syz.5.20152'. [ 1336.301192][T16605] netlink: 28 bytes leftover after parsing attributes in process `syz.5.20152'. [ 1336.418605][ T5131] usb 7-1: Using ep0 maxpacket: 32 [ 1336.589648][T16639] dlm: Unknown command passed to DLM device : 132 [ 1336.589648][T16639] [ 1336.606883][ T5131] usb 7-1: config index 0 descriptor too short (expected 35577, got 27) [ 1336.619484][ T5131] usb 7-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1336.647270][ T5131] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1336.674628][ T5131] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1336.694576][ T5131] usb 7-1: config 1 has no interface number 0 [ 1336.713845][ T5131] usb 7-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1336.739100][ T5131] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1336.765348][T16649] netlink: 'syz.5.20173': attribute type 4 has an invalid length. [ 1336.794809][T16649] netlink: 'syz.5.20173': attribute type 10 has an invalid length. [ 1336.815124][T16649] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 1336.863558][ T5131] snd_usb_pod 7-1:1.1: Line 6 Pocket POD found [ 1337.087606][ T5131] snd_usb_pod 7-1:1.1: set_interface failed [ 1337.096761][ T5131] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now disconnected [ 1337.120746][ T5131] snd_usb_pod: probe of 7-1:1.1 failed with error -71 [ 1337.131867][ T5131] usb 7-1: USB disconnect, device number 55 [ 1337.202465][T16661] netlink: 'syz.5.20180': attribute type 12 has an invalid length. [ 1337.578693][T16699] openvswitch: netlink: Actions may not be safe on all matching packets [ 1338.027574][T16736] device team0 entered promiscuous mode [ 1338.053637][T16736] device team_slave_0 entered promiscuous mode [ 1338.084996][T16736] device team_slave_1 entered promiscuous mode [ 1338.803606][T16792] loop2: detected capacity change from 0 to 1024 [ 1338.902689][T16792] EXT4-fs (loop2): Ignoring removed orlov option [ 1339.039281][T16792] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,bsddf,grpquota,nobarrier,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 1339.087577][T16793] loop4: detected capacity change from 0 to 8192 [ 1339.171401][T16793] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 1339.189380][T16786] loop6: detected capacity change from 0 to 32768 [ 1339.196628][T16793] REISERFS (device loop4): using ordered data mode [ 1339.204593][T16793] reiserfs: using flush barriers [ 1339.211052][T16793] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1339.227816][T16793] REISERFS (device loop4): checking transaction log (loop4) [ 1339.364873][T16786] XFS (loop6): Mounting V5 Filesystem [ 1339.485739][T16820] netlink: 'syz.5.20252': attribute type 11 has an invalid length. [ 1339.514372][T16786] XFS (loop6): Ending clean mount [ 1339.535751][T16793] REISERFS (device loop4): Using tea hash to sort names [ 1339.566491][T16793] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 1339.760431][T21067] XFS (loop6): Unmounting Filesystem [ 1340.187875][T16852] netlink: 'syz.4.20261': attribute type 1 has an invalid length. [ 1340.331332][T16858] netlink: 'syz.4.20270': attribute type 28 has an invalid length. [ 1340.343528][T16848] loop5: detected capacity change from 0 to 4096 [ 1340.472370][T16848] ntfs: volume version 3.1. [ 1340.497386][T16848] ntfs: (device loop5): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 1340.544094][T16848] ntfs: (device loop5): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 1340.612327][T16848] ntfs: (device loop5): load_system_files(): Failed to determine if Windows is hibernated. Mounting read-only. Run chkdsk. [ 1340.664547][T16848] ntfs: (device loop5): ntfs_read_locked_attr_inode(): Failed with error code -2 while reading attribute inode (mft_no 0x1a, type 0x80, name_len 4). Marking corrupt inode and base inode 0x1a as bad. Run chkdsk. [ 1340.697433][ C0] sd 0:0:1:0: tag#9403 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 1340.707385][ C0] sd 0:0:1:0: tag#9403 CDB: opcode=0xdf (vendor) [ 1340.713752][ C0] sd 0:0:1:0: tag#9403 CDB[00]: df da ea 67 37 29 de ee 3f 2e 48 1d 98 f9 14 a8 [ 1340.722964][ C0] sd 0:0:1:0: tag#9403 CDB[10]: 69 9e e0 fc 14 85 5a c8 92 10 d9 b6 a2 30 85 8a [ 1340.732068][ C0] sd 0:0:1:0: tag#9403 CDB[20]: ba [ 1340.774942][T16848] ntfs: (device loop5): load_and_init_usnjrnl(): Failed to load $UsnJrnl/$DATA/$Max attribute. [ 1340.826460][T16848] ntfs: (device loop5): load_system_files(): Failed to load $UsnJrnl. Will not be able to remount read-write. Run chkdsk. [ 1340.883685][T16890] loop6: detected capacity change from 0 to 256 [ 1340.967536][T16890] exFAT-fs (loop6): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 1341.274694][T16933] loop6: detected capacity change from 0 to 512 [ 1341.909852][T16991] SET target dimension over the limit! [ 1342.247547][T17023] netlink: 'syz.0.20317': attribute type 3 has an invalid length. [ 1342.287809][T17023] __nla_validate_parse: 18 callbacks suppressed [ 1342.287829][T17023] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.20317'. [ 1342.321172][T17027] loop6: detected capacity change from 0 to 764 [ 1342.412696][T17027] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1342.748398][T17066] loop4: detected capacity change from 0 to 1024 [ 1342.798268][T17066] EXT4-fs (loop4): Ignoring removed bh option [ 1342.883856][T17066] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,nodelalloc,errors=remount-ro,bh,resuid=0x0000000000000000,lazytime,dax=never,. Quota mode: none. [ 1343.008914][T17066] EXT4-fs error (device loop4): ext4_get_first_dir_block:3608: inode #11: comm syz.4.20331: directory missing '.' [ 1343.048771][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 1343.055118][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 [ 1343.060899][T17066] EXT4-fs (loop4): Remounting filesystem read-only [ 1343.485808][T17139] netlink: 'syz.4.20351': attribute type 3 has an invalid length. [ 1343.549716][T17144] xt_socket: unknown flags 0x48 [ 1343.595479][T17149] loop5: detected capacity change from 0 to 164 [ 1344.454194][T17224] tmpfs: Bad value for 'mpol' [ 1344.887587][T17269] netlink: 'syz.0.20389': attribute type 5 has an invalid length. [ 1344.941943][T17277] loop4: detected capacity change from 0 to 128 [ 1344.984219][T17277] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 1345.012960][T17281] loop2: detected capacity change from 0 to 16 [ 1345.045036][T17277] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1345.125348][T17281] erofs: (device loop2): mounted with root inode @ nid 36. [ 1345.165523][T17277] UDF-fs: error (device loop4): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 187 marked as free, partition length is 32) [ 1345.269047][T17297] libceph: resolve '0.' (ret=-3): failed [ 1345.453141][T17311] netlink: 192 bytes leftover after parsing attributes in process `syz.5.20400'. [ 1345.532506][T17311] netlink: 192 bytes leftover after parsing attributes in process `syz.5.20400'. [ 1345.552593][T17317] loop2: detected capacity change from 0 to 256 [ 1345.583079][T17311] netlink: 192 bytes leftover after parsing attributes in process `syz.5.20400'. [ 1345.592886][T17311] netlink: 192 bytes leftover after parsing attributes in process `syz.5.20400'. [ 1345.605089][T17311] netlink: 192 bytes leftover after parsing attributes in process `syz.5.20400'. [ 1345.629232][T17311] netlink: 192 bytes leftover after parsing attributes in process `syz.5.20400'. [ 1345.642043][T17311] netlink: 192 bytes leftover after parsing attributes in process `syz.5.20400'. [ 1345.652257][T17311] netlink: 192 bytes leftover after parsing attributes in process `syz.5.20400'. [ 1345.662053][T17317] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1345.692419][T17311] netlink: 192 bytes leftover after parsing attributes in process `syz.5.20400'. [ 1345.962202][T17341] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1346.411108][T17390] device bridge4 entered promiscuous mode [ 1346.572755][T17407] loop6: detected capacity change from 0 to 1024 [ 1346.684049][T17407] EXT4-fs (loop6): Ignoring removed bh option [ 1346.819518][T17407] EXT4-fs (loop6): mounted filesystem without journal. Opts: nobarrier,nodelalloc,errors=remount-ro,bh,resuid=0x0000000000000000,lazytime,dax=never,. Quota mode: none. [ 1346.947537][T17407] EXT4-fs error (device loop6): ext4_get_first_dir_block:3608: inode #11: comm syz.6.20429: directory missing '.' [ 1346.963968][T17407] EXT4-fs (loop6): Remounting filesystem read-only [ 1347.022629][T17442] netlink: 'syz.4.20439': attribute type 9 has an invalid length. [ 1347.029373][T17443] xt_ecn: cannot match TCP bits for non-tcp packets [ 1347.176983][T17454] printk: syz.0.20441 (17454): Attempt to access syslog with CAP_SYS_ADMIN but no CAP_SYSLOG (deprecated). [ 1347.325451][T17465] dlm: no locking on control device [ 1347.943022][ T4239] usb 6-1: new high-speed USB device number 54 using dummy_hcd [ 1347.996140][T17530] __nla_validate_parse: 18 callbacks suppressed [ 1347.996160][T17530] netlink: 28 bytes leftover after parsing attributes in process `syz.0.20465'. [ 1348.112813][T17530] netlink: 28 bytes leftover after parsing attributes in process `syz.0.20465'. [ 1348.180523][T17534] netlink: 'syz.6.20468': attribute type 3 has an invalid length. [ 1348.371623][ T4239] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1348.627338][ T4239] usb 6-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice= 0.40 [ 1348.647722][ T4239] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1348.680786][ T4239] usb 6-1: Product: syz [ 1348.690927][ T4239] usb 6-1: Manufacturer: syz [ 1348.702333][ T4239] usb 6-1: SerialNumber: syz [ 1349.025169][ T4239] usb 6-1: Invalid firmware size=96. [ 1349.041917][ T4239] usb 6-1: Invalid firmware size=96. [ 1349.077937][ T4239] usb 6-1: Invalid firmware size=96. [ 1349.106870][T17626] loop2: detected capacity change from 0 to 2048 [ 1349.113996][ T4239] usb 6-1: USB disconnect, device number 54 [ 1349.198305][T17626] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1349.289881][T17626] UDF-fs: incorrect filename length (10) [ 1349.504443][T17663] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.20504'. [ 1349.534074][T17663] bridge_slave_1: default FDB implementation only supports local addresses [ 1349.698991][T17672] netlink: 'syz.0.20507': attribute type 9 has an invalid length. [ 1349.752020][T17672] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.20507'. [ 1349.765415][T17660] loop6: detected capacity change from 0 to 8192 [ 1349.803524][T17660] REISERFS (device loop6): found reiserfs format "3.6" with non-standard journal [ 1349.842091][T17660] REISERFS (device loop6): using ordered data mode [ 1349.851400][T17660] reiserfs: using flush barriers [ 1349.861524][T17660] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1349.881583][T17660] REISERFS (device loop6): checking transaction log (loop6) [ 1349.993833][T17660] REISERFS (device loop6): Using tea hash to sort names [ 1350.001709][T17660] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage. [ 1350.162830][ T4217] smc: removing ib device syz1 [ 1350.200333][ T5122] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 1350.315548][ T4239] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 1350.349000][ T4239] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 1350.378069][T32250] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 1350.501835][T17746] cgroup: Invalid name [ 1350.573111][ T4239] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 1350.637272][ T5122] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1350.647719][ T5122] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1350.712584][T17759] SET target dimension over the limit! [ 1350.733917][T17762] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1350.761782][ T5122] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1350.796237][ T5122] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1350.821367][T17767] netlink: 'syz.0.20518': attribute type 1 has an invalid length. [ 1350.847263][ T5122] usb 5-1: SerialNumber: syz [ 1351.211806][ T5122] usb 5-1: 0:2 : does not exist [ 1351.327552][ T5122] usb 5-1: USB disconnect, device number 57 [ 1351.428436][ T4239] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 1351.641447][T17848] netlink: 'syz.0.20541': attribute type 1 has an invalid length. [ 1351.652642][T17848] netlink: 'syz.0.20541': attribute type 2 has an invalid length. [ 1351.660610][T17848] netlink: 'syz.0.20541': attribute type 1 has an invalid length. [ 1351.693348][ T4370] udevd[4370]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1351.709472][ T5131] usb 7-1: new high-speed USB device number 56 using dummy_hcd [ 1351.811694][T17852] loop5: detected capacity change from 0 to 8192 [ 1351.885711][T17852] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal [ 1351.904786][T17852] REISERFS (device loop5): using ordered data mode [ 1351.920835][T17852] reiserfs: using flush barriers [ 1351.941575][T17852] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1351.969286][T17852] REISERFS (device loop5): checking transaction log (loop5) [ 1351.992403][T17852] REISERFS (device loop5): Using r5 hash to sort names [ 1352.005633][T17852] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 1352.177069][ T5131] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1352.305023][ T5131] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1352.335763][ T5131] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1352.375306][ T5131] usb 7-1: SerialNumber: syz [ 1352.504495][T17906] sock: sock_timestamping_bind_phc: sock not bind to device [ 1352.976741][ T5131] cdc_ether: probe of 7-1:1.0 failed with error -71 [ 1353.002471][ T5131] usb 7-1: USB disconnect, device number 56 [ 1353.075447][T17958] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1353.281561][T17977] netlink: 16 bytes leftover after parsing attributes in process `syz.2.20578'. [ 1353.305428][T17977] netlink: 16 bytes leftover after parsing attributes in process `syz.2.20578'. [ 1353.501626][T18002] xt_l2tp: invalid flags combination: c [ 1353.876318][ T4239] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 1353.930781][T18036] loop4: detected capacity change from 0 to 1024 [ 1353.945331][T18043] netlink: 12 bytes leftover after parsing attributes in process `syz.5.20599'. [ 1354.006886][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1354.139936][T18056] netlink: 'syz.5.20603': attribute type 2 has an invalid length. [ 1354.253661][T18063] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 1354.282788][ T4239] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1354.307498][ T4239] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1354.333025][ T4239] usb 3-1: config 0 descriptor?? [ 1354.394383][ T4239] cp210x 3-1:0.0: cp210x converter detected [ 1354.521645][T18089] loop5: detected capacity change from 0 to 16 [ 1354.546692][T18089] erofs: (device loop5): mounted with root inode @ nid 36. [ 1354.616689][ T4239] usb 3-1: cp210x converter now attached to ttyUSB0 [ 1354.836081][T18122] loop4: detected capacity change from 0 to 256 [ 1354.849481][ T4239] usb 3-1: USB disconnect, device number 92 [ 1354.879505][ T4239] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1354.907239][ T4239] cp210x 3-1:0.0: device disconnected [ 1354.959021][T18122] FAT-fs (loop4): Directory bread(block 64) failed [ 1354.982695][T18122] FAT-fs (loop4): Directory bread(block 65) failed [ 1355.013971][T18122] FAT-fs (loop4): Directory bread(block 66) failed [ 1355.025195][T18122] FAT-fs (loop4): Directory bread(block 67) failed [ 1355.032403][T18122] FAT-fs (loop4): Directory bread(block 68) failed [ 1355.080249][T18122] FAT-fs (loop4): Directory bread(block 69) failed [ 1355.087835][T18122] FAT-fs (loop4): Directory bread(block 70) failed [ 1355.098153][T18145] loop5: detected capacity change from 0 to 1024 [ 1355.105702][ C0] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 1355.117013][T18122] FAT-fs (loop4): Directory bread(block 71) failed [ 1355.123666][T18122] FAT-fs (loop4): Directory bread(block 72) failed [ 1355.188041][T18122] FAT-fs (loop4): Directory bread(block 73) failed [ 1355.240942][T18145] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 1355.256864][T18145] EXT4-fs (loop5): orphan cleanup on readonly fs [ 1355.291506][T18160] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1355.320045][T18145] EXT4-fs error (device loop5): __ext4_get_inode_loc:4334: comm syz.5.20627: Invalid inode table block 0 in block_group 0 [ 1355.342136][T18145] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 1355.355767][T18145] EXT4-fs error (device loop5): ext4_quota_write:6648: inode #3: comm syz.5.20627: mark_inode_dirty error [ 1355.378464][T18145] Quota error (device loop5): write_blk: dquota write failed [ 1355.386464][T18145] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 1355.397149][T18145] EXT4-fs error (device loop5): ext4_acquire_dquot:6236: comm syz.5.20627: Failed to acquire dquot type 0 [ 1355.447811][T18145] EXT4-fs error (device loop5): __ext4_get_inode_loc:4334: comm syz.5.20627: Invalid inode table block 0 in block_group 0 [ 1355.488583][T18145] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 1355.519818][T18145] EXT4-fs error (device loop5): ext4_ext_truncate:4472: inode #15: comm syz.5.20627: mark_inode_dirty error [ 1355.583914][T18145] EXT4-fs error (device loop5): __ext4_get_inode_loc:4334: comm syz.5.20627: Invalid inode table block 0 in block_group 0 [ 1355.628448][T18145] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 1355.658017][T18145] EXT4-fs error (device loop5) in ext4_orphan_del:303: Corrupt filesystem [ 1355.680552][T18187] netlink: 196 bytes leftover after parsing attributes in process `syz.4.20640'. [ 1355.696906][T18145] EXT4-fs error (device loop5): __ext4_get_inode_loc:4334: comm syz.5.20627: Invalid inode table block 0 in block_group 0 [ 1355.721252][T18187] netlink: 196 bytes leftover after parsing attributes in process `syz.4.20640'. [ 1355.736332][T18145] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5873: Corrupt filesystem [ 1355.747242][T18187] netlink: 19 bytes leftover after parsing attributes in process `syz.4.20640'. [ 1355.768030][T18145] EXT4-fs error (device loop5): ext4_truncate:4286: inode #15: comm syz.5.20627: mark_inode_dirty error [ 1355.782058][ T4239] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 1355.818233][T18145] EXT4-fs error (device loop5) in ext4_process_orphan:345: Corrupt filesystem [ 1355.854276][T18145] EXT4-fs (loop5): 1 truncate cleaned up [ 1355.860130][T18145] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1355.910330][T18201] ipt_REJECT: TCP_RESET invalid for non-tcp [ 1356.085482][ T4239] usb 3-1: Using ep0 maxpacket: 16 [ 1356.239127][ T4239] usb 3-1: config 3 has an invalid interface number: 25 but max is 0 [ 1356.255193][ T4239] usb 3-1: config 3 has no interface number 0 [ 1356.270144][ T4239] usb 3-1: config 3 interface 25 has no altsetting 0 [ 1356.463618][ T4239] usb 3-1: New USB device found, idVendor=0ab4, idProduct=0011, bcdDevice=e6.a2 [ 1356.483670][ T4239] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1356.507199][ T4239] usb 3-1: Product: syz [ 1356.511429][ T4239] usb 3-1: Manufacturer: syz [ 1356.537799][ T4239] usb 3-1: SerialNumber: syz [ 1356.697969][T18254] usb usb8: usbfs: interface 0 claimed by hub while 'syz.6.20661' sets config #2 [ 1356.902261][ T4239] esd_usb2 3-1:3.25: sending version message failed [ 1356.911572][ T4239] esd_usb2: probe of 3-1:3.25 failed with error -22 [ 1356.940002][ T4239] usb 3-1: USB disconnect, device number 93 [ 1356.998901][T18244] loop4: detected capacity change from 0 to 32768 [ 1357.059567][T18244] read_mapping_page failed! [ 1357.081933][T18244] ERROR: (device loop4): txCommit: [ 1357.081933][T18244] [ 1357.136968][ T4578] usb 7-1: new high-speed USB device number 57 using dummy_hcd [ 1357.145140][ T9] read_mapping_page failed! [ 1357.152295][ T9] ERROR: (device loop4): txCommit: [ 1357.152295][ T9] [ 1357.161566][ T9] jfs_write_inode: jfs_commit_inode failed! [ 1357.220499][T18285] IPv6: ADDRCONF(NETDEV_CHANGE): rose0: link becomes ready [ 1357.372465][T18295] netlink: 1052 bytes leftover after parsing attributes in process `syz.0.20677'. [ 1357.565905][ T4578] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1357.640627][T18320] Unsupported ieee802154 address type: 0 [ 1357.660981][ T4578] usb 7-1: config 1 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1357.721709][ T4578] usb 7-1: config 1 interface 0 has no altsetting 0 [ 1357.823035][T18337] kAFS: unparsable volume name [ 1357.907016][ T4578] usb 7-1: New USB device found, idVendor=05ac, idProduct=025a, bcdDevice= 0.40 [ 1357.935793][ T4578] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1357.961157][ T4578] usb 7-1: Product: syz [ 1357.965384][ T4578] usb 7-1: Manufacturer: syz [ 1357.996618][T18358] x_tables: ip_tables: RATEEST.0 target: invalid size 32 (kernel) != (user) 0 [ 1358.006398][ T4578] usb 7-1: SerialNumber: syz [ 1358.368964][ T4578] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/input/input82 [ 1358.430606][ T3546] bcm5974 7-1:1.0: could not read from device [ 1358.457258][ T4578] usb 7-1: USB disconnect, device number 57 [ 1358.473331][ T3546] bcm5974 7-1:1.0: could not read from device [ 1358.490775][ T3546] bcm5974 7-1:1.0: could not read from device [ 1358.672836][T18435] netlink: 'syz.4.20718': attribute type 10 has an invalid length. [ 1358.769177][T18439] loop5: detected capacity change from 0 to 2048 [ 1358.805850][T18445] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1358.877330][T18439] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1359.079974][T18465] xt_hashlimit: max too large, truncated to 1048576 [ 1359.224106][T18479] netlink: 'syz.4.20734': attribute type 1 has an invalid length. [ 1359.278422][T18483] netlink: 8 bytes leftover after parsing attributes in process `syz.2.20735'. [ 1359.364676][T18489] netlink: 8 bytes leftover after parsing attributes in process `syz.2.20738'. [ 1359.469072][ T2426] pvrusb2: request_firmware fatal error with code=-110 [ 1359.486944][ T2426] pvrusb2: Failure uploading firmware1 [ 1359.494592][ T2426] pvrusb2: Device initialization was not successful. [ 1359.506447][ T2426] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 1359.535296][ T2426] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 1359.553020][ T4578] usb 6-1: new high-speed USB device number 55 using dummy_hcd [ 1359.553217][T18503] netlink: 209772 bytes leftover after parsing attributes in process `syz.6.20741'. [ 1359.569082][ T2426] pvrusb2: Failed to submit write-control URB status=-19 [ 1359.570216][ T5127] pvrusb2: Device being rendered inoperable [ 1359.605795][ T2426] usb 1-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2 [ 1359.606159][T18503] openvswitch: netlink: Message has 80 unknown bytes. [ 1359.658855][ T2426] usb 1-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw [ 1359.830980][ T4578] usb 6-1: Using ep0 maxpacket: 16 [ 1360.002024][ T5131] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 1360.131273][ T4578] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1360.140916][ T4578] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1360.149002][ T4578] usb 6-1: Product: syz [ 1360.154479][ T4578] usb 6-1: Manufacturer: syz [ 1360.159169][ T4578] usb 6-1: SerialNumber: syz [ 1360.173301][ T4578] r8152-cfgselector 6-1: config 0 descriptor?? [ 1360.301389][ T5131] usb 5-1: Using ep0 maxpacket: 8 [ 1360.536646][ T5131] usb 5-1: config 6 has an invalid interface number: 85 but max is 0 [ 1360.544817][ T5131] usb 5-1: config 6 has no interface number 0 [ 1360.551775][T18557] Timeout policy `syz0' can only be used by L3 protocol number 33024 [ 1360.560104][ T5131] usb 5-1: config 6 interface 85 has no altsetting 0 [ 1360.686193][ T4578] r8152-cfgselector 6-1: Unknown version 0x0000 [ 1360.701819][ T4578] r8152-cfgselector 6-1: USB disconnect, device number 55 [ 1360.739820][ T5131] usb 5-1: New USB device found, idVendor=2ca3, idProduct=0031, bcdDevice=44.be [ 1360.758344][ T5131] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1360.766764][T18543] bridge0: port 3(bond0) entered disabled state [ 1360.767245][ T5131] usb 5-1: Product: syz [ 1360.773330][T18543] bridge0: port 1(bridge_slave_0) entered disabled state [ 1360.777701][ T5131] usb 5-1: Manufacturer: syz [ 1360.795380][ T5131] usb 5-1: SerialNumber: syz [ 1361.146647][ T5131] usb-storage 5-1:6.85: USB Mass Storage device detected [ 1361.167043][ T5131] usb-storage 5-1:6.85: Quirks match for vid 2ca3 pid 0031: 2000000 [ 1361.239569][ T5131] usb 5-1: USB disconnect, device number 58 [ 1361.579692][T18543] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1361.589681][T18543] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1361.616504][T18543] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1361.644603][T18543] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1361.947798][T18543] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 19971 - 0 [ 1361.972292][T18543] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 19971 - 0 [ 1361.988146][T18543] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 19971 - 0 [ 1362.015684][T18543] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 19971 - 0 [ 1362.245280][T18543] netdevsim netdevsim2 netdevsim0: unset [1, 3] type 2 family 0 port 39137 - 0 [ 1362.255667][T18543] netdevsim netdevsim2 netdevsim1: unset [1, 3] type 2 family 0 port 39137 - 0 [ 1362.267033][T18543] netdevsim netdevsim2 netdevsim2: unset [1, 3] type 2 family 0 port 39137 - 0 [ 1362.305318][T18543] netdevsim netdevsim2 netdevsim3: unset [1, 3] type 2 family 0 port 39137 - 0 [ 1362.387282][T18543] netdevsim netdevsim2 netdevsim0: unset [1, 2] type 2 family 0 port 48362 - 0 [ 1362.397363][T18543] netdevsim netdevsim2 netdevsim1: unset [1, 2] type 2 family 0 port 48362 - 0 [ 1362.415339][T18543] netdevsim netdevsim2 netdevsim2: unset [1, 2] type 2 family 0 port 48362 - 0 [ 1362.457977][T18543] netdevsim netdevsim2 netdevsim3: unset [1, 2] type 2 family 0 port 48362 - 0 [ 1362.749610][T18560] netlink: 12 bytes leftover after parsing attributes in process `syz.6.20758'. [ 1363.252114][T18713] netlink: 44 bytes leftover after parsing attributes in process `syz.4.20808'. [ 1363.282562][T18721] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1363.529994][T32250] usb 7-1: new full-speed USB device number 58 using dummy_hcd [ 1364.147503][T32250] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 1364.175343][T32250] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1364.217471][T18801] netlink: 'syz.0.20839': attribute type 10 has an invalid length. [ 1364.267929][T18801] netlink: 40 bytes leftover after parsing attributes in process `syz.0.20839'. [ 1364.281178][T18801] device batadv0 entered promiscuous mode [ 1364.287697][T18801] bridge0: port 2(batadv0) entered blocking state [ 1364.301307][T18801] bridge0: port 2(batadv0) entered disabled state [ 1364.385452][T32250] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ac.7e [ 1364.394695][T32250] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1364.414147][T32250] usb 7-1: Product: syz [ 1364.424494][T32250] usb 7-1: Manufacturer: syz [ 1364.435424][T32250] usb 7-1: SerialNumber: syz [ 1364.448279][T32250] usb 7-1: config 0 descriptor?? [ 1364.503651][T32250] hub 7-1:0.0: bad descriptor, ignoring hub [ 1364.516002][T32250] hub: probe of 7-1:0.0 failed with error -5 [ 1364.539226][T32250] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input84 [ 1364.555335][T18837] netlink: 'syz.2.20850': attribute type 6 has an invalid length. [ 1364.793487][T18852] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 1364.811982][ T9] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 1364.821446][ T9] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 1364.941498][ C0] ip6_tunnel: ip6tnl3 xmit: Local address not yet configured! [ 1364.975180][T18873] netlink: 12 bytes leftover after parsing attributes in process `syz.5.20861'. [ 1365.030513][T18873] netlink: 12 bytes leftover after parsing attributes in process `syz.5.20861'. [ 1365.254679][T18900] netlink: 4 bytes leftover after parsing attributes in process `syz.5.20870'. [ 1365.443507][ T9892] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 1365.565323][T18929] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1365.593685][T18929] overlayfs: conflicting options: userxattr,metacopy=on [ 1365.828557][ T9892] usb 5-1: config index 0 descriptor too short (expected 45, got 27) [ 1365.836751][ T9892] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1365.862335][T18953] netlink: 24 bytes leftover after parsing attributes in process `syz.5.20890'. [ 1366.074402][ T9892] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 1366.114148][ T9892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1366.151946][ T9892] usb 5-1: Product: syz [ 1366.156182][ T9892] usb 5-1: Manufacturer: syz [ 1366.190108][ T9892] usb 5-1: SerialNumber: syz [ 1366.257056][ T9892] rtl8150 5-1:1.0: couldn't find required endpoints [ 1366.263755][ T9892] rtl8150: probe of 5-1:1.0 failed with error -5 [ 1366.279168][T18980] loop2: detected capacity change from 0 to 4096 [ 1366.493892][ T5131] usb 5-1: USB disconnect, device number 59 [ 1366.625609][T19001] netlink: 'syz.5.20903': attribute type 21 has an invalid length. [ 1366.640790][T19001] netlink: 132 bytes leftover after parsing attributes in process `syz.5.20903'. [ 1366.706467][T18980] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1366.739272][T18980] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1366.809557][T18980] ntfs: (device loop2): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1366.858387][T18980] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1366.902765][T18980] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1366.957341][T18980] ntfs: volume version 3.1. [ 1366.985816][T18980] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 1367.018859][T18980] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 1367.076794][T18980] ntfs: (device loop2): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 1367.143983][T18980] ntfs: (device loop2): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute is corrupt. [ 1367.178364][T18980] ntfs: (device loop2): ntfs_read_locked_index_inode(): Failed with error code -5 while reading index inode (mft_no 0x18, name_len 2. [ 1367.704606][T19009] loop6: detected capacity change from 0 to 32768 [ 1367.714712][T19076] x_tables: duplicate underflow at hook 2 [ 1367.841059][T19009] [ 1367.841059][T19009] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1367.841059][T19009] [ 1367.844143][T19089] tmpfs: Bad value for 'mpol' [ 1367.899841][T19092] xt_hashlimit: size too large, truncated to 1048576 [ 1368.044176][T19103] loop4: detected capacity change from 0 to 8 [ 1368.089137][T19103] SQUASHFS error: Unable to read inode 0xa7 [ 1368.101167][T19109] loop5: detected capacity change from 0 to 512 [ 1368.132364][T21067] [ 1368.132364][T21067] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1368.132364][T21067] [ 1368.171636][T19109] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 1368.237254][T21067] [ 1368.237254][T21067] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1368.237254][T21067] [ 1368.238325][T19109] EXT4-fs (loop5): 1 truncate cleaned up [ 1368.275346][T19109] EXT4-fs (loop5): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,jqfmt=vfsold,minixdf,quota,,errors=continue. Quota mode: writeback. [ 1368.860638][T19164] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1369.066451][T19185] netlink: 'syz.4.20957': attribute type 3 has an invalid length. [ 1369.075865][T19183] netlink: 4 bytes leftover after parsing attributes in process `syz.6.20956'. [ 1369.100814][T19185] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.20957'. [ 1369.688460][T32250] usb 7-1: USB disconnect, device number 58 [ 1369.851971][T19273] netlink: 'syz.6.20984': attribute type 2 has an invalid length. [ 1369.910551][T19273] netlink: 'syz.6.20984': attribute type 1 has an invalid length. [ 1369.971428][T19273] netlink: 152 bytes leftover after parsing attributes in process `syz.6.20984'. [ 1370.054936][T19285] netlink: 'syz.0.20988': attribute type 12 has an invalid length. [ 1370.085169][T19285] netlink: 197276 bytes leftover after parsing attributes in process `syz.0.20988'. [ 1370.286917][T19309] netlink: 'syz.2.20998': attribute type 21 has an invalid length. [ 1370.319542][T19309] netlink: 100 bytes leftover after parsing attributes in process `syz.2.20998'. [ 1370.646065][T19338] netlink: 8 bytes leftover after parsing attributes in process `syz.4.21007'. [ 1370.671208][T32250] usb 7-1: new full-speed USB device number 59 using dummy_hcd [ 1370.709809][T19341] netlink: 'syz.0.21008': attribute type 6 has an invalid length. [ 1370.743467][T19341] netlink: 'syz.0.21008': attribute type 7 has an invalid length. [ 1370.751730][T19341] netlink: 'syz.0.21008': attribute type 8 has an invalid length. [ 1371.040846][ T5121] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 1371.066831][T32250] usb 7-1: config 8 has an invalid interface number: 80 but max is 0 [ 1371.085860][T32250] usb 7-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 1371.116116][T19324] loop2: detected capacity change from 0 to 32768 [ 1371.126383][T32250] usb 7-1: config 8 has no interface number 0 [ 1371.139577][T32250] usb 7-1: config 8 interface 80 altsetting 0 has an invalid endpoint with address 0xE7, skipping [ 1371.161259][T32250] usb 7-1: config 8 interface 80 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 1371.161728][T19365] netlink: 'syz.0.21014': attribute type 1 has an invalid length. [ 1371.183154][T32250] usb 7-1: config 8 interface 80 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 1371.187716][T19365] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.21014'. [ 1371.206978][T32250] usb 7-1: config 8 interface 80 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 14 [ 1371.208998][T19365] netlink: 'syz.0.21014': attribute type 1 has an invalid length. [ 1371.234286][T32250] usb 7-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c1.6f [ 1371.252750][T32250] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1371.313319][T32250] usb 7-1: NFC: intf ffff88807dca6000 id ffffffff8cb52700 [ 1371.533326][T32250] usb 7-1: USB disconnect, device number 59 [ 1371.596564][T19324] XFS (loop2): Mounting V5 Filesystem [ 1371.656137][ T5121] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1371.666049][ T5121] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1371.674078][ T5121] usb 5-1: Product: syz [ 1371.692702][ T5121] usb 5-1: Manufacturer: syz [ 1371.699343][ T5121] usb 5-1: SerialNumber: syz [ 1371.724963][T19324] XFS (loop2): Ending clean mount [ 1371.762535][ T5121] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1371.896036][ T4191] XFS (loop2): Unmounting Filesystem [ 1372.127534][T19377] loop5: detected capacity change from 0 to 32768 [ 1372.239602][T19377] [ 1372.239602][T19377] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1372.239602][T19377] [ 1372.405793][T20897] [ 1372.405793][T20897] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1372.405793][T20897] [ 1372.429872][T20897] [ 1372.429872][T20897] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1372.429872][T20897] [ 1372.563826][ T5121] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1372.998572][ T5130] usb 5-1: USB disconnect, device number 60 [ 1373.034732][T19409] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1373.350500][T19409] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1373.360805][T19409] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1373.370461][T19409] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1373.382321][T19409] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1373.541410][T19427] netlink: 20 bytes leftover after parsing attributes in process `syz.2.21028'. [ 1373.565407][T19433] netlink: 16 bytes leftover after parsing attributes in process `syz.5.21030'. [ 1373.635851][T19433] IPv6: sit2: Disabled Multicast RS [ 1373.688668][T19448] mip6: mip6_rthdr_init_state: spi is not 0: 655360 [ 1373.797272][T19458] SET target dimension over the limit! [ 1373.890686][T19468] loop4: detected capacity change from 0 to 8 [ 1373.932214][T19469] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 1373.943613][ T5121] usb 5-1: Service connection timeout for: 256 [ 1373.950063][ T5121] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 1373.976274][ T5121] ath9k_htc: Failed to initialize the device [ 1374.014360][ T5130] usb 5-1: ath9k_htc: USB layer deinitialized [ 1374.027473][T19468] SQUASHFS error: Failed to read block 0x6fc: -5 [ 1374.055344][T19468] SQUASHFS error: Unable to read metadata cache entry [6fa] [ 1374.364980][T19508] loop4: detected capacity change from 0 to 1024 [ 1374.808130][T19552] loop5: detected capacity change from 0 to 256 [ 1374.896459][T19552] FAT-fs (loop5): Directory bread(block 64) failed [ 1374.923089][T19552] FAT-fs (loop5): Directory bread(block 65) failed [ 1374.945514][T19552] FAT-fs (loop5): Directory bread(block 66) failed [ 1374.968846][T19552] FAT-fs (loop5): Directory bread(block 67) failed [ 1374.975590][T19552] FAT-fs (loop5): Directory bread(block 68) failed [ 1375.012282][T19552] FAT-fs (loop5): Directory bread(block 69) failed [ 1375.019551][T19552] FAT-fs (loop5): Directory bread(block 70) failed [ 1375.071759][T19552] FAT-fs (loop5): Directory bread(block 71) failed [ 1375.086452][T19552] FAT-fs (loop5): Directory bread(block 72) failed [ 1375.116764][T19552] FAT-fs (loop5): Directory bread(block 73) failed [ 1375.117157][T19572] loop6: detected capacity change from 0 to 256 [ 1375.168480][T19577] loop4: detected capacity change from 0 to 128 [ 1375.242336][T19577] hpfs: hpfs_map_4sectors(): unaligned read [ 1375.279413][T19572] FAT-fs (loop6): Directory bread(block 64) failed [ 1375.284558][T19577] hpfs: filesystem error: can't load hotfix map; already mounted read-only [ 1375.318228][T19572] FAT-fs (loop6): Directory bread(block 65) failed [ 1375.330466][T19577] hpfs: hpfs_map_sector(): read error [ 1375.342053][T19572] FAT-fs (loop6): Directory bread(block 66) failed [ 1375.386230][T19572] FAT-fs (loop6): Directory bread(block 67) failed [ 1375.412549][T19572] FAT-fs (loop6): Directory bread(block 68) failed [ 1375.439479][T19572] FAT-fs (loop6): Directory bread(block 69) failed [ 1375.487442][T19572] FAT-fs (loop6): Directory bread(block 70) failed [ 1375.513996][T19572] FAT-fs (loop6): Directory bread(block 71) failed [ 1375.559092][T19602] netlink: 72 bytes leftover after parsing attributes in process `syz.2.21084'. [ 1375.573756][T19572] FAT-fs (loop6): Directory bread(block 72) failed [ 1375.588844][T19602] netlink: 12 bytes leftover after parsing attributes in process `syz.2.21084'. [ 1375.598108][T19572] FAT-fs (loop6): Directory bread(block 73) failed [ 1375.619830][T19602] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21084'. [ 1375.641774][T19605] loop5: detected capacity change from 0 to 256 [ 1375.652158][T19602] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21084'. [ 1375.922715][T19629] ax25_connect(): syz.6.21092 uses autobind, please contact jreuter@yaina.de [ 1376.089390][T19643] netlink: 209820 bytes leftover after parsing attributes in process `syz.6.21096'. [ 1376.527320][T19687] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1376.623551][T19680] bridge0: port 1(bridge_slave_0) entered disabled state [ 1376.732895][ T9892] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 1377.191385][T19680] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1377.200613][T19680] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1377.210049][T19680] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1377.219622][T19680] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1377.288820][ T9892] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1377.309267][ T9892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1377.330835][ T9892] usb 3-1: Product: syz [ 1377.335413][ T9892] usb 3-1: Manufacturer: syz [ 1377.340041][ T9892] usb 3-1: SerialNumber: syz [ 1377.407134][ T9892] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1377.467421][T19702] loop6: detected capacity change from 0 to 64 [ 1377.543792][T19702] MINIX-fs: bad superblock [ 1378.020812][T19696] loop4: detected capacity change from 0 to 32768 [ 1378.050080][ T9892] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1378.112604][T19696] XFS (loop4): Mounting V5 Filesystem [ 1378.255544][T19696] XFS (loop4): Ending clean mount [ 1378.347111][ C0] usb 3-1: ath9k_htc: invalid pkt_len (fefd) [ 1378.477037][ T4190] XFS (loop4): Unmounting Filesystem [ 1378.552362][T19787] netlink: 20 bytes leftover after parsing attributes in process `syz.5.21141'. [ 1378.567471][T19787] netlink: 'syz.5.21141': attribute type 1 has an invalid length. [ 1378.581990][ T4570] usb 3-1: USB disconnect, device number 94 [ 1379.223634][ T9892] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 1379.230674][ T9892] ath9k_htc: Failed to initialize the device [ 1379.273893][ T4570] usb 3-1: ath9k_htc: USB layer deinitialized [ 1379.614943][T19871] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1379.653162][T19871] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 1379.684409][T19871] overlayfs: missing 'lowerdir' [ 1379.822427][ T4570] usb 7-1: new full-speed USB device number 60 using dummy_hcd [ 1380.053111][ T9892] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 1380.151771][T19904] loop5: detected capacity change from 0 to 64 [ 1380.265910][ T4570] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1380.325050][ T4570] usb 7-1: not running at top speed; connect to a high speed hub [ 1380.332965][ T9892] usb 3-1: Using ep0 maxpacket: 16 [ 1380.470126][ T9892] usb 3-1: config 0 has an invalid interface number: 105 but max is 0 [ 1380.489489][ T9892] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1380.515036][T19895] loop4: detected capacity change from 0 to 32768 [ 1380.519740][ T9892] usb 3-1: config 0 has no interface number 0 [ 1380.556486][T19895] XFS (loop4): Mounting V5 Filesystem [ 1380.597482][T19895] XFS (loop4): Ending clean mount [ 1380.606856][T19895] XFS (loop4): Quotacheck needed: Please wait. [ 1380.681800][T19895] XFS (loop4): Quotacheck: Done. [ 1380.689177][ T4570] usb 7-1: string descriptor 0 read error: -22 [ 1380.706380][ T4570] usb 7-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice= 0.40 [ 1380.715904][ T9892] usb 3-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 1380.747057][ T9892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1380.763353][ T4570] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1380.780474][ T9892] usb 3-1: Product: syz [ 1380.786515][ T4190] XFS (loop4): Unmounting Filesystem [ 1380.793648][ T9892] usb 3-1: Manufacturer: syz [ 1380.804831][ T9892] usb 3-1: SerialNumber: syz [ 1380.817620][ T9892] usb 3-1: config 0 descriptor?? [ 1380.841053][ T4570] usb 7-1: Audio class v2/v3 interfaces need an interface association [ 1380.875152][ T4570] snd-usb-audio: probe of 7-1:1.0 failed with error -22 [ 1381.029013][T19959] loop5: detected capacity change from 0 to 64 [ 1381.126810][ T9892] usb 3-1: Found UVC 0.00 device syz (046d:08d3) [ 1381.142512][ T9892] usb 3-1: No valid video chain found. [ 1381.276520][T19970] netlink: 11 bytes leftover after parsing attributes in process `syz.4.21187'. [ 1381.335203][ T4570] us122l: couldn't allocate write buffer [ 1381.347322][ T4570] snd-usb-us122l: probe of 7-1:1.1 failed with error -22 [ 1381.355743][T19977] loop4: detected capacity change from 0 to 64 [ 1381.372268][ T9892] usb 3-1: USB disconnect, device number 95 [ 1381.389785][ T4570] usb 7-1: USB disconnect, device number 60 [ 1381.620693][ T4370] udevd[4370]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1381.730877][T20010] loop4: detected capacity change from 0 to 65 [ 1381.751048][T20010] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway [ 1381.839714][T20015] netlink: 'syz.5.21200': attribute type 3 has an invalid length. [ 1381.858891][T20015] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.21200'. [ 1381.970648][T20022] loop4: detected capacity change from 0 to 2048 [ 1381.976014][T20025] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21201'. [ 1382.022909][T20022] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1382.262343][T20045] dlm: plock device version mismatch: kernel (1.2.0), user (1952804395.1769107551.1915428975) [ 1382.282752][T20048] netlink: 16 bytes leftover after parsing attributes in process `syz.2.21209'. [ 1382.299488][T20048] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 1382.534586][T20070] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.21217'. [ 1382.687581][ T4570] usb 7-1: new high-speed USB device number 61 using dummy_hcd [ 1382.707216][T20091] loop5: detected capacity change from 0 to 64 [ 1382.944064][ T4570] usb 7-1: Using ep0 maxpacket: 16 [ 1382.972147][T20099] block device autoloading is deprecated and will be removed. [ 1383.072532][ T4570] usb 7-1: config 1 has an invalid interface number: 105 but max is 0 [ 1383.091740][ T4570] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1383.125881][ T4570] usb 7-1: config 1 has no interface number 0 [ 1383.132035][ T4570] usb 7-1: config 1 interface 105 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1383.179325][ T4570] usb 7-1: config 1 interface 105 has no altsetting 0 [ 1383.358215][T20129] binfmt_misc: register: failed to install interpreter file ./file2 [ 1383.382658][ T4570] usb 7-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1383.391786][ T4570] usb 7-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1383.425989][ T4570] usb 7-1: Product: syz [ 1383.430539][ T4570] usb 7-1: Manufacturer: syz [ 1383.454081][ T4570] usb 7-1: SerialNumber: syz [ 1383.745999][ T4570] aqc111: probe of 7-1:1.105 failed with error -22 [ 1384.001269][ T4570] usb 7-1: USB disconnect, device number 61 [ 1384.170827][T20201] cgroup: name respecified [ 1384.226984][ T4578] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 1384.383911][T20222] netlink: 'syz.2.21264': attribute type 21 has an invalid length. [ 1384.394968][T20222] netlink: 132 bytes leftover after parsing attributes in process `syz.2.21264'. [ 1384.483555][ T4578] usb 6-1: Using ep0 maxpacket: 32 [ 1384.612117][ T4578] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1384.692789][T20250] AppArmor: change_hat: Invalid input '0x000000000000' [ 1384.804441][ T4578] usb 6-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 1384.850730][ T4578] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1384.895186][ T4578] usb 6-1: Product: syz [ 1384.914524][ T4578] usb 6-1: Manufacturer: syz [ 1384.919190][ T4578] usb 6-1: SerialNumber: syz [ 1384.937128][T20276] overlayfs: missing 'lowerdir' [ 1384.952365][ T4578] usb 6-1: config 0 descriptor?? [ 1385.008455][ T4578] usb 6-1: bad CDC descriptors [ 1385.013714][ T4578] usb 6-1: unsupported MDLM descriptors [ 1385.037967][T20286] netlink: 'syz.6.21285': attribute type 8 has an invalid length. [ 1385.169098][T20298] netlink: 'syz.6.21291': attribute type 1 has an invalid length. [ 1385.198771][T20298] netlink: 'syz.6.21291': attribute type 3 has an invalid length. [ 1385.215441][T20298] netlink: 224 bytes leftover after parsing attributes in process `syz.6.21291'. [ 1385.230591][T20298] NCSI netlink: No device for ifindex 2986344450 [ 1385.269586][ T4570] usb 6-1: USB disconnect, device number 56 [ 1385.492209][T20330] openvswitch: netlink: IP tunnel dst address not specified [ 1385.680613][T20348] loop6: detected capacity change from 0 to 256 [ 1385.773040][T20357] nvme_fabrics: unknown parameter or missing value 'Y' in ctrl creation request [ 1386.008174][T20376] netlink: 96 bytes leftover after parsing attributes in process `syz.6.21316'. [ 1386.031439][T20376] netlink: 12 bytes leftover after parsing attributes in process `syz.6.21316'. [ 1386.041532][T20379] netlink: 16 bytes leftover after parsing attributes in process `syz.0.21317'. [ 1386.052148][T20376] netlink: 40 bytes leftover after parsing attributes in process `syz.6.21316'. [ 1386.196719][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 1386.196739][ T26] audit: type=1326 audit(2000526746.589:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20392 comm="syz.5.21321" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4609c5be59 code=0x0 [ 1386.314516][T20401] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 1386.835692][ C0] ip6_tunnel: ip6gretap3 xmit: Local address not yet configured! [ 1386.846086][ C1] ip6_tunnel: ip6gretap4 xmit: Local address not yet configured! [ 1387.418407][T20515] __nla_validate_parse: 7 callbacks suppressed [ 1387.418425][T20515] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21367'. [ 1388.685962][T20635] netlink: 'syz.6.21405': attribute type 10 has an invalid length. [ 1389.023659][T20662] loop5: detected capacity change from 0 to 512 [ 1389.050166][T20609] loop2: detected capacity change from 0 to 32768 [ 1389.105640][T20662] EXT4-fs (loop5): inline encryption not supported [ 1389.163770][T20609] XFS (loop2): Mounting V5 Filesystem [ 1389.176667][T20662] EXT4-fs (loop5): mounted filesystem without journal. Opts: inlinecrypt,errors=remount-ro,abort,. Quota mode: writeback. [ 1389.212213][T20662] ext4 filesystem being mounted at /2786/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1389.244509][T20662] EXT4-fs error (device loop5): ext4_empty_dir:3136: inode #12: comm syz.5.21414: invalid size [ 1389.263928][T20662] EXT4-fs (loop5): Remounting filesystem read-only [ 1389.379775][T20609] XFS (loop2): Ending clean mount [ 1389.506378][T20699] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 1389.520156][T20699] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 1389.530001][T20699] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 1389.538937][T20699] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 1389.557807][T20699] device geneve4 entered promiscuous mode [ 1389.567263][ T4191] XFS (loop2): Unmounting Filesystem [ 1389.578138][T20699] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 20000 - 0 [ 1389.642478][T20699] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 20000 - 0 [ 1389.653944][T20699] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 20000 - 0 [ 1389.675567][T20699] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 20000 - 0 [ 1390.388345][T20765] loop6: detected capacity change from 0 to 8 [ 1390.518716][T20777] netlink: 168 bytes leftover after parsing attributes in process `syz.5.21444'. [ 1390.571867][T20777] netlink: 20 bytes leftover after parsing attributes in process `syz.5.21444'. [ 1390.596053][T20777] netlink: 20 bytes leftover after parsing attributes in process `syz.5.21444'. [ 1390.613652][T20777] netlink: 1 bytes leftover after parsing attributes in process `syz.5.21444'. [ 1390.724917][T20793] netlink: 580 bytes leftover after parsing attributes in process `syz.5.21452'. [ 1390.855813][ T26] audit: type=1326 audit(2000526750.948:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20805 comm="syz.6.21456" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f32c55d1e59 code=0x0 [ 1390.950293][T20814] x_tables: duplicate underflow at hook 4 [ 1391.010478][T20823] netlink: 76 bytes leftover after parsing attributes in process `syz.2.21460'. [ 1391.057813][T20823] unsupported nla_type 34 [ 1391.317398][T20849] JFS: discard option not supported on device [ 1391.348392][T20849] Mount JFS Failure: -22 [ 1391.352798][T20849] jfs_mount failed w/return code = -22 [ 1391.552162][T20868] xt_connbytes: Forcing CT accounting to be enabled [ 1391.581657][T20873] netlink: 'syz.0.21480': attribute type 1 has an invalid length. [ 1391.623284][T20873] netlink: 'syz.0.21480': attribute type 1 has an invalid length. [ 1391.656946][T20873] netlink: 'syz.0.21480': attribute type 1 has an invalid length. [ 1391.839565][T20896] netlink: 16 bytes leftover after parsing attributes in process `syz.5.21488'. [ 1392.141052][T20934] Cannot find del_set index 4 as target [ 1392.423855][T20963] netlink: 'syz.2.21508': attribute type 1 has an invalid length. [ 1392.539239][T20973] netlink: 16 bytes leftover after parsing attributes in process `syz.6.21511'. [ 1392.624591][T20980] xt_TCPMSS: Only works on TCP SYN packets [ 1392.667032][T20982] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21514'. [ 1392.832299][T21000] netlink: zone id is out of range [ 1392.856918][T21000] netlink: zone id is out of range [ 1392.862318][T21000] netlink: zone id is out of range [ 1392.868465][T21000] netlink: zone id is out of range [ 1392.873606][T21000] netlink: zone id is out of range [ 1392.879411][T21000] netlink: zone id is out of range [ 1392.884996][T21000] netlink: zone id is out of range [ 1392.891385][T21000] netlink: zone id is out of range [ 1392.896767][T21000] netlink: zone id is out of range [ 1392.926254][T21000] netlink: zone id is out of range [ 1392.963053][T21009] loop2: detected capacity change from 0 to 64 [ 1392.998545][T21014] CIFS mount error: No usable UNC path provided in device string! [ 1392.998545][T21014] [ 1393.032505][T21014] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1393.043172][ T26] audit: type=1800 audit(2000526752.997:87): pid=21009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.21523" name="file1" dev="loop2" ino=18 res=0 errno=0 [ 1393.151547][T21024] netlink: 28 bytes leftover after parsing attributes in process `syz.2.21527'. [ 1393.176459][T21024] netlink: 28 bytes leftover after parsing attributes in process `syz.2.21527'. [ 1393.186412][T21027] netlink: 'syz.5.21528': attribute type 5 has an invalid length. [ 1393.311821][T21033] loop2: detected capacity change from 0 to 2048 [ 1393.436126][T21033] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1393.760754][T21080] netlink: 'syz.2.21543': attribute type 2 has an invalid length. [ 1393.781514][T21080] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.21543'. [ 1393.877293][T21093] netlink: 256 bytes leftover after parsing attributes in process `syz.2.21547'. [ 1393.974216][T21101] (unnamed net_device) (uninitialized): up delay (1024) is not a multiple of miimon (100), value rounded to 1000 ms [ 1394.006832][T21101] (unnamed net_device) (uninitialized): down delay (4) is not a multiple of miimon (100), value rounded to 0 ms [ 1394.294710][T21169] loop5: detected capacity change from 0 to 64 [ 1394.515965][T21192] netlink: 8 bytes leftover after parsing attributes in process `syz.6.21569'. [ 1394.618643][ T9892] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 1394.669619][T21204] loop6: detected capacity change from 0 to 2048 [ 1394.706519][T21208] loop5: detected capacity change from 0 to 4096 [ 1394.733392][T21204] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1394.781462][T21208] EXT4-fs (loop5): Test dummy encryption mode enabled [ 1394.801591][T21208] EXT4-fs (loop5): mounted filesystem without journal. Opts: test_dummy_encryption,grpquota,,errors=continue. Quota mode: writeback. [ 1395.042700][T21225] loop6: detected capacity change from 0 to 4096 [ 1395.101657][T21225] ntfs: (device loop6): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1395.125852][T21225] ntfs: (device loop6): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1395.157591][T21237] ieee802154 phy0 wpan0: encryption failed: -22 [ 1395.179844][T21225] ntfs: (device loop6): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1395.206355][ T9892] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1395.212967][T21225] ntfs: (device loop6): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1395.232626][ T9892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1395.240448][T21225] ntfs: (device loop6): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1395.256578][ T9892] usb 3-1: Product: syz [ 1395.269265][ T9892] usb 3-1: Manufacturer: syz [ 1395.271545][T21225] ntfs: volume version 3.1. [ 1395.281034][ T9892] usb 3-1: SerialNumber: syz [ 1395.295748][T21225] ntfs: (device loop6): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 1395.341094][ T9892] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1395.356517][T21225] ntfs: (device loop6): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 1395.385255][T21225] ntfs: (device loop6): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 1395.416963][T21225] ntfs: (device loop6): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 1395.824900][T21269] loop6: detected capacity change from 0 to 8192 [ 1395.864607][T21291] trusted_key: encrypted_key: keyword 'newU_5' not recognized [ 1395.915023][T21269] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal [ 1395.924703][T21269] REISERFS (device loop6): using ordered data mode [ 1395.931241][T21269] reiserfs: using flush barriers [ 1395.949926][T21269] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1395.966999][T21269] REISERFS (device loop6): checking transaction log (loop6) [ 1395.976050][ T9892] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1395.996736][T21269] REISERFS (device loop6): Using rupasov hash to sort names [ 1396.023580][T21269] REISERFS (device loop6): using 3.5.x disk format [ 1396.039080][T21298] x_tables: ip_tables: REDIRECT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 1396.061617][T21269] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 1396.103349][T21269] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 1396.131168][T21269] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 1396.167700][T21269] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage. [ 1396.250896][T21269] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 1396.275353][T21269] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 1396.465567][ T4570] usb 3-1: USB disconnect, device number 96 [ 1396.526265][T21318] Timeout policy `syz0' can only be used by L3 protocol number 33024 [ 1396.833681][T21331] loop6: detected capacity change from 0 to 4096 [ 1396.891594][T21349] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1396.970379][T21331] ntfs3: loop6: ntfs_set_state r=3 failed, -22. [ 1397.067608][ T144] ntfs3: loop6: ntfs3_write_inode r=3 failed, -22. [ 1397.074311][T21067] ntfs3: loop6: ntfs_set_state r=3 failed, -22. [ 1397.091485][T21067] ntfs3: loop6: Mark volume as dirty due to NTFS errors [ 1397.098846][ T9892] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 1397.105817][ T9892] ath9k_htc: Failed to initialize the device [ 1397.111074][T21363] netlink: 8 bytes leftover after parsing attributes in process `syz.0.21620'. [ 1397.121354][T21363] netlink: 24 bytes leftover after parsing attributes in process `syz.0.21620'. [ 1397.143806][ T4570] usb 3-1: ath9k_htc: USB layer deinitialized [ 1397.172021][T21067] ntfs3: loop6: ntfs_set_state r=3 failed, -22. [ 1397.194813][ T4217] ntfs3: loop6: ntfs3_write_inode r=3 failed, -22. [ 1397.201897][T21067] ntfs3: loop6: ntfs_evict_inode r=3 failed, -22. [ 1397.577449][T21409] netlink: 'syz.5.21635': attribute type 1 has an invalid length. [ 1397.611541][T21409] netlink: 168864 bytes leftover after parsing attributes in process `syz.5.21635'. [ 1397.621002][T21409] netlink: 1 bytes leftover after parsing attributes in process `syz.5.21635'. [ 1397.757528][T21424] loop2: detected capacity change from 0 to 512 [ 1397.929559][T21424] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.21640: bg 0: block 169: padding at end of block bitmap is not set [ 1397.952403][T21424] EXT4-fs error (device loop2): ext4_acquire_dquot:6236: comm syz.2.21640: Failed to acquire dquot type 0 [ 1397.987732][T21424] EXT4-fs (loop2): 1 truncate cleaned up [ 1397.997451][T21451] netlink: 8 bytes leftover after parsing attributes in process `syz.6.21647'. [ 1398.007499][T21424] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1398.054237][T21424] ext4 filesystem being mounted at /4415/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1398.091342][T21459] netlink: 'syz.6.21650': attribute type 21 has an invalid length. [ 1398.115299][T21459] IPv6: NLM_F_CREATE should be specified when creating new route [ 1398.137177][T21424] EXT4-fs error (device loop2): ext4_acquire_dquot:6236: comm syz.2.21640: Failed to acquire dquot type 0 [ 1399.304529][T21488] chnl_net:caif_netlink_parms(): no params data found [ 1399.487389][T21488] bridge0: port 1(bridge_slave_0) entered blocking state [ 1399.503227][T21488] bridge0: port 1(bridge_slave_0) entered disabled state [ 1399.537078][T21488] device bridge_slave_0 entered promiscuous mode [ 1399.566401][T21488] bridge0: port 2(bridge_slave_1) entered blocking state [ 1399.617704][T21488] bridge0: port 2(bridge_slave_1) entered disabled state [ 1399.641266][T21488] device bridge_slave_1 entered promiscuous mode [ 1399.694315][T21488] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1399.727770][T21488] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1399.872411][T21488] team0: Port device team_slave_0 added [ 1399.889266][T21488] team0: Port device team_slave_1 added [ 1399.935852][T21488] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1399.943136][T21488] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1399.972024][T21488] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1399.993433][T21488] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1400.002253][T21488] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1400.040393][T21488] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1400.144991][T21488] device hsr_slave_0 entered promiscuous mode [ 1400.155029][T21488] device hsr_slave_1 entered promiscuous mode [ 1400.225414][T21488] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1400.246356][T21488] Cannot create hsr debugfs directory [ 1400.279148][T21733] netlink: 20 bytes leftover after parsing attributes in process `syz.5.21677'. [ 1400.446756][T21764] loop2: detected capacity change from 0 to 1024 [ 1400.459132][T21783] loop5: detected capacity change from 0 to 16 [ 1400.516087][T21783] erofs: (device loop5): mounted with root inode @ nid 36. [ 1400.532849][T21783] attempt to access beyond end of device [ 1400.532849][T21783] loop5: rw=524288, want=32, limit=16 [ 1400.551862][T21783] erofs: (device loop5): z_erofs_lz4_decompress: failed to decompress -21 in[49, 4047] out[4096] [ 1400.587961][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 1400.587979][ T26] audit: type=1800 audit(2000526760.050:88): pid=21783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.21681" name="file2" dev="loop5" ino=89 res=0 errno=0 [ 1400.663475][T21764] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,max_dir_size_kb=0x0000000000000001,dioread_lock,norecovery,discard,lazytime,journal_dev=0x0000000000000001,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 1400.720995][T21836] netlink: 100 bytes leftover after parsing attributes in process `syz.6.21685'. [ 1400.780797][T21488] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1400.860824][T21488] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1400.884112][T21488] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1400.904752][T21488] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1401.168777][T21488] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1401.226467][ T5121] Bluetooth: hci5: command 0x0409 tx timeout [ 1401.239714][T21875] netlink: 'syz.0.21696': attribute type 2 has an invalid length. [ 1401.268701][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1401.289948][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1401.329412][T21488] 8021q: adding VLAN 0 to HW filter on device team0 [ 1401.368168][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1401.384693][T21879] loop2: detected capacity change from 0 to 2048 [ 1401.386463][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1401.417328][ T326] bridge0: port 1(bridge_slave_0) entered blocking state [ 1401.424533][ T326] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1401.457719][T21879] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1401.512440][ T4370] udevd[4370]: incorrect nilfs2 checksum on /dev/loop2 [ 1401.531160][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1401.557647][T21895] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1401.564655][T21879] NILFS error (device loop2): __nilfs_read_inode: invalid file type bits in mode 0177777 for inode 12 [ 1401.578710][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1401.590629][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1401.617859][ T326] bridge0: port 2(bridge_slave_1) entered blocking state [ 1401.625013][ T326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1401.671509][T21879] Remounting filesystem read-only [ 1401.714250][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1401.790353][T21906] netlink: 'syz.5.21706': attribute type 3 has an invalid length. [ 1401.815478][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1401.847790][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1401.903506][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1401.959730][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1401.995591][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1402.052002][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1402.069689][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1402.112837][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1402.175143][T21488] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1402.252483][T21488] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1402.271374][T21940] loop6: detected capacity change from 0 to 2048 [ 1402.307479][ T4217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1402.334853][ T4217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1402.376459][T21952] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1402.396566][T21940] NILFS error (device loop6): nilfs_check_page: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=0, rec_len=16, name_len=8 [ 1402.423444][T21940] Remounting filesystem read-only [ 1402.567415][T21962] ip6gretap5: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1402.646528][T21970] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1402.825314][ T5727] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1402.848340][ T5727] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1402.866149][T21488] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1403.012686][T21995] netlink: 'syz.6.21734': attribute type 12 has an invalid length. [ 1403.069038][T21941] loop2: detected capacity change from 0 to 32768 [ 1403.143581][T21941] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.21717 (21941) [ 1403.208989][T21941] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 1403.247544][T21941] BTRFS info (device loop2): using free space tree [ 1403.299213][T21941] BTRFS info (device loop2): has skinny extents [ 1403.338486][T22019] xt_TCPMSS: Only works on TCP SYN packets [ 1403.427606][ T9892] Bluetooth: hci5: command 0x041b tx timeout [ 1403.568176][ T26] audit: type=1326 audit(2000526762.837:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22045 comm="syz.0.21745" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f636f095e59 code=0x0 [ 1403.644874][T21941] BTRFS info (device loop2): enabling ssd optimizations [ 1403.767026][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1403.802390][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1403.835534][ T5727] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1403.855126][ T5727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1403.886278][T21488] device veth0_vlan entered promiscuous mode [ 1403.897993][ C0] vkms_vblank_simulate: vblank timer overrun [ 1403.922929][ T5727] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1403.941961][ T5727] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1403.981706][T21488] device veth1_vlan entered promiscuous mode [ 1404.065472][ T5727] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1404.098118][ T5727] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1404.163381][ T5727] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1404.225980][ T5727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1404.268931][T21488] device veth0_macvtap entered promiscuous mode [ 1404.311960][T21488] device veth1_macvtap entered promiscuous mode [ 1404.386564][T21488] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1404.432673][ T4217] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1404.440971][ T4217] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1404.479582][ T4217] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1404.499069][ T4217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1404.559253][T21488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1404.593352][ C0] vkms_vblank_simulate: vblank timer overrun [ 1404.611028][T21488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1404.645916][T21488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1404.664637][T21488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1404.705410][T21488] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1404.725193][T21488] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1404.749879][T21488] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1404.765526][T21488] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1404.779563][T21488] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1404.794892][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1404.837820][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1405.148376][T22138] netlink: 28 bytes leftover after parsing attributes in process `syz.0.21774'. [ 1405.157475][T22138] netlink: 28 bytes leftover after parsing attributes in process `syz.0.21774'. [ 1405.245875][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1405.270204][ T4239] usb 6-1: new high-speed USB device number 57 using dummy_hcd [ 1405.287451][T22113] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 1405.298344][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1405.339399][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1405.360472][ T5727] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1405.373105][ T5727] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1405.395516][ T5727] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1405.483094][T22170] netlink: 'syz.6.21789': attribute type 2 has an invalid length. [ 1405.544030][ T4239] usb 6-1: Using ep0 maxpacket: 8 [ 1405.569097][T22179] loop7: detected capacity change from 0 to 512 [ 1405.615990][T22179] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 1405.637972][T22179] EXT4-fs (loop7): 1 truncate cleaned up [ 1405.644698][T22179] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1405.656192][T22116] Bluetooth: hci5: command 0x040f tx timeout [ 1405.670947][T22179] EXT4-fs error (device loop7): ext4_find_dest_de:2115: inode #2: block 13: comm syz.7.21782: bad entry in directory: '.' directory cannot be the last in data block - offset=0, inode=2, rec_len=1024, size=1024 fake=1 [ 1405.736597][ T4239] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1405.779326][T22113] usb 3-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1 [ 1405.792983][T22113] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1405.811368][T22113] usb 3-1: Manufacturer: syz [ 1405.826754][T22113] usb 3-1: config 0 descriptor?? [ 1405.841824][ T4239] usb 6-1: config 6 has an invalid interface number: 4 but max is 1 [ 1405.858801][ T4239] usb 6-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 1405.877314][ T4239] usb 6-1: config 6 has 1 interface, different from the descriptor's value: 2 [ 1405.912248][ T4239] usb 6-1: config 6 has no interface number 0 [ 1405.982590][T22208] netlink: 180 bytes leftover after parsing attributes in process `syz.6.21791'. [ 1406.089412][ T4239] usb 6-1: New USB device found, idVendor=1235, idProduct=0001, bcdDevice= 6.d0 [ 1406.113868][ T4239] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1406.141182][ T4239] usb 6-1: Product: syz [ 1406.145916][ T4239] usb 6-1: Manufacturer: syz [ 1406.161654][ T4239] usb 6-1: SerialNumber: syz [ 1406.175417][T22113] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 1406.182324][T22113] dvb_usb_af9015: probe of 3-1:0.0 failed with error -22 [ 1406.208391][T22113] usb 3-1: USB disconnect, device number 97 [ 1406.345071][T22238] netlink: 'syz.0.21799': attribute type 1 has an invalid length. [ 1406.553094][ T4239] usb 6-1: USB disconnect, device number 57 [ 1406.720216][T22292] loop6: detected capacity change from 0 to 64 [ 1406.739217][T22297] netlink: 72 bytes leftover after parsing attributes in process `syz.2.21811'. [ 1406.903512][ T4490] udevd[4490]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:6.4/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1406.914034][T22312] netlink: 'syz.2.21816': attribute type 1 has an invalid length. [ 1406.949718][T22312] netlink: 'syz.2.21816': attribute type 9 has an invalid length. [ 1407.008603][T22113] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 1407.201816][T22337] netlink: 'syz.2.21823': attribute type 3 has an invalid length. [ 1407.291856][T22340] netlink: 11 bytes leftover after parsing attributes in process `syz.5.21825'. [ 1407.404323][T22113] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 5 [ 1407.429211][T22113] usb 8-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 1407.477739][T22113] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1407.516215][T22113] usb 8-1: config 0 descriptor?? [ 1407.549615][T22370] netlink: 'syz.2.21837': attribute type 1 has an invalid length. [ 1407.803148][ T5121] usb 8-1: USB disconnect, device number 2 [ 1407.881629][T22113] Bluetooth: hci5: command 0x0419 tx timeout [ 1408.272924][T22430] netlink: 56 bytes leftover after parsing attributes in process `syz.5.21857'. [ 1408.331530][T22433] loop6: detected capacity change from 0 to 256 [ 1408.419752][T22433] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x1d73664b, utbl_chksum : 0xe619d30d) [ 1408.533976][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1408.553167][T22433] exFAT-fs (loop6): Filesystem has been set read-only [ 1408.588600][T22433] exFAT-fs (loop6): error, failed to bmap (inode : ffff8880618248e0 iblock : 0, err : -5) [ 1408.651681][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1408.684900][T22433] exFAT-fs (loop6): error, failed to bmap (inode : ffff8880618248e0 iblock : 0, err : -5) [ 1408.732231][ T1432] ieee802154 phy0 wpan0: encryption failed: -22 [ 1408.738603][ T1432] ieee802154 phy1 wpan1: encryption failed: -22 [ 1408.761937][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1408.768198][T22471] i2c i2c-0: Invalid block write size 33 [ 1408.768869][T22433] exFAT-fs (loop6): error, failed to bmap (inode : ffff8880618248e0 iblock : 1, err : -5) [ 1408.850402][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1408.875250][T22433] exFAT-fs (loop6): error, failed to bmap (inode : ffff8880618248e0 iblock : 2, err : -5) [ 1408.933164][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1408.939282][T22433] exFAT-fs (loop6): error, failed to bmap (inode : ffff8880618248e0 iblock : 3, err : -5) [ 1408.968054][T22477] loop5: detected capacity change from 0 to 512 [ 1409.007332][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1409.016426][T22433] exFAT-fs (loop6): error, failed to bmap (inode : ffff8880618248e0 iblock : 4, err : -5) [ 1409.027366][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1409.041016][T22433] exFAT-fs (loop6): error, failed to bmap (inode : ffff8880618248e0 iblock : 5, err : -5) [ 1409.056959][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1409.078773][T22477] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 1409.088882][T22433] exFAT-fs (loop6): error, failed to bmap (inode : ffff8880618248e0 iblock : 6, err : -5) [ 1409.118835][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1409.129273][T22433] exFAT-fs (loop6): error, failed to bmap (inode : ffff8880618248e0 iblock : 7, err : -5) [ 1409.141350][T22477] EXT4-fs (loop5): 1 truncate cleaned up [ 1409.146695][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1409.151877][T22477] EXT4-fs (loop5): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000004,debug_want_extra_isize=0x0000000000000068,minixdf,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 1409.156820][T22433] exFAT-fs (loop6): error, failed to bmap (inode : ffff8880618248e0 iblock : 0, err : -5) [ 1409.418427][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1409.457388][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1409.463442][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1409.524695][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1409.530785][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1409.594775][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1409.646491][T22433] exFAT-fs (loop6): error, broken FAT chain. [ 1409.681434][ T26] audit: type=1800 audit(2000526768.562:90): pid=22433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.21859" name="file0" dev="loop6" ino=1048741 res=0 errno=0 [ 1409.798144][T22558] lo speed is unknown, defaulting to 1000 [ 1409.845179][T22558] lo speed is unknown, defaulting to 1000 [ 1409.884981][T22558] lo speed is unknown, defaulting to 1000 [ 1409.933944][T22558] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 1410.009606][T22558] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 1410.130240][T22558] lo speed is unknown, defaulting to 1000 [ 1410.161720][T22558] lo speed is unknown, defaulting to 1000 [ 1410.183141][T22558] lo speed is unknown, defaulting to 1000 [ 1410.205697][T22558] lo speed is unknown, defaulting to 1000 [ 1410.215391][T22591] netlink: 'syz.7.21911': attribute type 3 has an invalid length. [ 1410.243002][T22558] lo speed is unknown, defaulting to 1000 [ 1410.270328][T22558] lo speed is unknown, defaulting to 1000 [ 1410.382842][T22605] loop7: detected capacity change from 0 to 64 [ 1410.538277][T22605] Trying to free block not in datazone [ 1410.740519][T22634] sctp: [Deprecated]: syz.6.21925 (pid 22634) Use of int in max_burst socket option. [ 1410.740519][T22634] Use struct sctp_assoc_value instead [ 1410.851180][T22648] sctp: [Deprecated]: syz.7.21929 (pid 22648) Use of int in maxseg socket option. [ 1410.851180][T22648] Use struct sctp_assoc_value instead [ 1411.277088][T22689] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (3) [ 1412.220773][T22680] loop5: detected capacity change from 0 to 32768 [ 1412.421534][T22680] XFS (loop5): Mounting V5 Filesystem [ 1412.521585][T22680] XFS (loop5): Ending clean mount [ 1412.644567][T22796] raw_sendmsg: syz.6.21976 forgot to set AF_INET. Fix it! [ 1412.648306][T20897] XFS (loop5): Unmounting Filesystem [ 1412.987048][T22784] loop7: detected capacity change from 0 to 32768 [ 1413.012170][T22784] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 scanned by syz.7.21973 (22784) [ 1413.066711][T22784] BTRFS info (device loop7): using sha256 (sha256-avx2) checksum algorithm [ 1413.110925][T22784] BTRFS info (device loop7): using free space tree [ 1413.124437][T22784] BTRFS info (device loop7): has skinny extents [ 1413.202113][T22826] xt_recent: Unsupported userspace flags (000000b1) [ 1413.356233][T22784] BTRFS info (device loop7): enabling ssd optimizations [ 1413.414960][T22846] netlink: 'syz.5.21977': attribute type 1 has an invalid length. [ 1413.844945][T22861] netlink: 12 bytes leftover after parsing attributes in process `syz.2.21990'. [ 1413.876047][T22861] netlink: 20 bytes leftover after parsing attributes in process `syz.2.21990'. [ 1413.894263][T22861] netlink: 20 bytes leftover after parsing attributes in process `syz.2.21990'. [ 1414.213283][T22884] netlink: 4 bytes leftover after parsing attributes in process `syz.7.21986'. [ 1414.306854][T22896] netlink: 'syz.6.22000': attribute type 32 has an invalid length. [ 1414.671574][T22927] netlink: 1010 bytes leftover after parsing attributes in process `syz.7.22011'. [ 1414.693454][T22927] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 1414.712279][T22931] netlink: 8 bytes leftover after parsing attributes in process `syz.5.22012'. [ 1414.747320][T22931] netlink: 16 bytes leftover after parsing attributes in process `syz.5.22012'. [ 1414.936884][T22944] program syz.6.22017 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1414.954743][T22946] loop7: detected capacity change from 0 to 16 [ 1415.039443][T22953] net_ratelimit: 335 callbacks suppressed [ 1415.039465][T22953] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 1415.215004][T22965] kAFS: unparsable volume name [ 1415.281648][T22892] loop2: detected capacity change from 0 to 32768 [ 1415.468232][T22992] loop7: detected capacity change from 0 to 128 [ 1415.497990][T22892] XFS (loop2): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 1415.573957][T22992] UDF-fs: error (device loop7): udf_read_tagged: read failed, block=256, location=256 [ 1415.587494][T22992] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1415.813198][T23018] siw: device registration error -23 [ 1415.822572][ T4191] XFS (loop2): Unmounting Filesystem [ 1416.335747][T22980] loop5: detected capacity change from 0 to 32768 [ 1416.365916][T22980] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.22026 (22980) [ 1416.416839][T23049] CIFS: VFS: Malformed UNC in devname [ 1416.503398][T22980] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 1416.544096][T22980] BTRFS info (device loop5): using free space tree [ 1416.575483][T22980] BTRFS info (device loop5): has skinny extents [ 1416.615451][T23059] loop7: detected capacity change from 0 to 1024 [ 1416.759143][T23059] hfsplus: invalid length 32517 has been corrected to 255 [ 1416.985685][T22980] BTRFS info (device loop5): enabling ssd optimizations [ 1417.365098][ T4370] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 9 /dev/loop5 scanned by udevd (4370) [ 1417.392305][T23133] netlink: 8 bytes leftover after parsing attributes in process `syz.6.22071'. [ 1417.568695][T23145] loop6: detected capacity change from 0 to 16 [ 1417.611994][T23149] libceph: resolve '0' (ret=-3): failed [ 1417.626499][T23145] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 1417.730730][ T5130] usb 8-1: new full-speed USB device number 3 using dummy_hcd [ 1417.856827][T23155] netlink: 'syz.2.22078': attribute type 41 has an invalid length. [ 1418.017445][T23184] netlink: 36 bytes leftover after parsing attributes in process `syz.2.22080'. [ 1418.068446][T23184] device bond6 entered promiscuous mode [ 1418.157511][T23228] netlink: 28 bytes leftover after parsing attributes in process `syz.2.22084'. [ 1418.227953][ T5130] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 1418.257766][ T5130] usb 8-1: config 0 has no interface number 0 [ 1418.272641][ T5130] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1418.342087][ T5130] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1418.380272][ T5130] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1418.408571][ T5130] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1418.440818][ T5130] usb 8-1: config 0 descriptor?? [ 1418.502502][ T5130] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1418.749124][T23136] iowarrior 8-1:0.1: Error -90 while submitting URB [ 1418.753414][ T4570] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 1418.767960][ T5123] usb 8-1: USB disconnect, device number 3 [ 1418.827294][T23187] loop6: detected capacity change from 0 to 32768 [ 1419.035529][ T4570] usb 3-1: Using ep0 maxpacket: 8 [ 1419.212563][ T4570] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1419.220676][ T4234] usb 7-1: new high-speed USB device number 62 using dummy_hcd [ 1419.387984][T23326] loop5: detected capacity change from 0 to 16 [ 1419.442826][T23326] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 1419.484742][ T4570] usb 3-1: New USB device found, idVendor=1397, idProduct=00bd, bcdDevice= 0.40 [ 1419.493881][ T4570] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1419.527281][ T4570] usb 3-1: Product: syz [ 1419.538577][ T4570] usb 3-1: Manufacturer: syz [ 1419.543325][ T4570] usb 3-1: SerialNumber: syz [ 1419.741179][ T5123] usb 8-1: new full-speed USB device number 4 using dummy_hcd [ 1419.811785][ T4234] usb 7-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice= d.5b [ 1419.821425][ T4234] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1419.830577][ T4234] usb 7-1: Product: syz [ 1419.841164][T23252] udc-core: couldn't find an available UDC or it's busy [ 1419.848308][ T4234] usb 7-1: Manufacturer: syz [ 1419.853629][ T4234] usb 7-1: SerialNumber: syz [ 1419.859075][T23252] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 1420.019625][ T4570] usb 3-1: invalid MIDI EP [ 1420.046707][ T4570] usb 3-1: snd-bcd2000: error during probing [ 1420.055963][ T4570] snd-bcd2000: probe of 3-1:1.1 failed with error -22 [ 1420.079535][ T4570] usb 3-1: invalid MIDI EP [ 1420.097399][ T4570] usb 3-1: snd-bcd2000: error during probing [ 1420.112422][ T4570] snd-bcd2000: probe of 3-1:1.2 failed with error -22 [ 1420.132674][ T4570] usb 3-1: USB disconnect, device number 98 [ 1420.160154][ T4234] gspca_main: pac207-2.14.0 probing 093a:2476 [ 1420.173180][ T5123] usb 8-1: config 0 has an invalid interface number: 229 but max is 0 [ 1420.191636][ T4234] gspca_pac207: Failed to read a register (index 0x0000, error -71) [ 1420.193554][ T5123] usb 8-1: config 0 has no interface number 0 [ 1420.207045][ T5123] usb 8-1: config 0 interface 229 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1420.226479][ T4234] usb 7-1: USB disconnect, device number 62 [ 1420.290283][T23407] netlink: 'syz.5.22126': attribute type 1 has an invalid length. [ 1420.328507][T23409] binder: 23408:23409 ioctl c0046209 200000000000000 returned -22 [ 1420.414883][ T5123] usb 8-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38 [ 1420.424080][ T5123] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1420.438727][ T5123] usb 8-1: Product: syz [ 1420.444665][ T4370] udevd[4370]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1420.461632][ T5123] usb 8-1: Manufacturer: syz [ 1420.471744][ T5123] usb 8-1: SerialNumber: syz [ 1420.488889][ T5123] usb 8-1: config 0 descriptor?? [ 1420.545195][T23425] __nla_validate_parse: 2 callbacks suppressed [ 1420.545214][T23425] netlink: 8 bytes leftover after parsing attributes in process `syz.0.22132'. [ 1420.621440][T23428] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 1420.809806][ T5123] usb 8-1: USB disconnect, device number 4 [ 1420.854102][T23454] comedi comedi2: 8255: I/O port conflict (0x8,4) [ 1420.860702][T23454] comedi comedi2: 8255: I/O port conflict (0x100001,4) [ 1420.917326][T23454] comedi comedi2: 8255: I/O port conflict (0xd,4) [ 1420.925321][T23454] comedi comedi2: 8255: I/O port conflict (0x5,4) [ 1420.943919][T23454] comedi comedi2: 8255: I/O port conflict (0x1,4) [ 1420.959936][T23454] comedi comedi2: 8255: I/O port conflict (0x10001,4) [ 1420.978756][T23454] comedi comedi2: 8255: I/O port conflict (0x2,4) [ 1420.989607][T23454] comedi comedi2: 8255: I/O port conflict (0x3f,4) [ 1421.004817][T23454] comedi comedi2: 8255: I/O port conflict (0x6,4) [ 1421.022435][T23454] comedi comedi2: 8255: I/O port conflict (0xdf,4) [ 1421.034759][T23454] comedi comedi2: 8255: I/O port conflict (0x2,4) [ 1421.192615][T23487] netlink: 44 bytes leftover after parsing attributes in process `syz.0.22152'. [ 1421.470214][T23506] netlink: 'syz.0.22159': attribute type 5 has an invalid length. [ 1421.678873][ T150] block nbd2: Attempted send on invalid socket [ 1421.685156][ T150] blk_update_request: I/O error, dev nbd2, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1421.697178][T23520] REISERFS warning (device nbd2): sh-2006 read_super_block: bread failed (dev nbd2, block 2, size 4096) [ 1421.738904][ T150] block nbd2: Attempted send on invalid socket [ 1421.745397][ T150] blk_update_request: I/O error, dev nbd2, sector 128 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1421.761590][T23520] REISERFS warning (device nbd2): sh-2006 read_super_block: bread failed (dev nbd2, block 16, size 4096) [ 1421.793777][T23520] REISERFS warning (device nbd2): sh-2021 reiserfs_fill_super: can not find reiserfs on nbd2 [ 1421.816139][T23528] netlink: 'syz.0.22166': attribute type 3 has an invalid length. [ 1421.930627][T23534] netdevsim netdevsim5: Firmware load for './cgroup/../file0' refused, path contains '..' component [ 1422.081864][T23477] loop6: detected capacity change from 0 to 32768 [ 1422.325948][T23558] loop5: detected capacity change from 0 to 2048 [ 1422.345764][T23477] XFS (loop6): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 1422.428033][T21067] XFS (loop6): Unmounting Filesystem [ 1422.526077][ T4570] usb 3-1: new high-speed USB device number 99 using dummy_hcd [ 1422.662400][T23573] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1422.790894][ T4570] usb 3-1: Using ep0 maxpacket: 16 [ 1422.948240][ T4570] usb 3-1: config 0 has no interfaces? [ 1423.119542][ T4570] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1423.129964][ T4234] usb 6-1: new high-speed USB device number 58 using dummy_hcd [ 1423.138263][T23536] kexec: Could not allocate control_code_buffer [ 1423.141072][ T4570] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1423.177201][ T4570] usb 3-1: Product: syz [ 1423.185364][ T4570] usb 3-1: Manufacturer: syz [ 1423.190505][ T4570] usb 3-1: SerialNumber: syz [ 1423.198029][ T4570] r8152-cfgselector 3-1: config 0 descriptor?? [ 1423.216467][T23591] loop7: detected capacity change from 0 to 4096 [ 1423.229621][T23600] x_tables: duplicate entry at hook 3 [ 1423.287434][T23591] ntfs3: loop7: ino=3, Correct links count -> 2. [ 1423.301630][T23591] ntfs3: loop7: Failed to load $Volume. [ 1423.386710][ T4234] usb 6-1: Using ep0 maxpacket: 32 [ 1423.489081][ T4570] usbip-host 3-1: 3-1 is not in match_busid table... skip! [ 1423.496668][T23619] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1423.514945][ T4234] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1423.540230][ T4234] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1423.568139][ T4234] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1423.600160][ T4234] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1423.653928][ T4234] usb 6-1: config 1 interface 1 has no altsetting 0 [ 1423.738460][ T4570] usb 3-1: USB disconnect, device number 99 [ 1423.822775][T23648] netlink: 4 bytes leftover after parsing attributes in process `syz.7.22199'. [ 1423.827348][ T4234] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1423.861932][ T4234] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1423.891733][ T4234] usb 6-1: Product: syz [ 1423.907419][ T4234] usb 6-1: Manufacturer: syz [ 1423.918679][ T4234] usb 6-1: SerialNumber: syz [ 1424.055762][T23669] program syz.6.22206 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1424.236628][T23685] netlink: 'syz.7.22211': attribute type 10 has an invalid length. [ 1424.274071][ T4234] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor [ 1424.285698][ T4234] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor [ 1424.310429][T23685] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1424.376194][T23694] cifs: Unknown parameter 'h}# [ 1424.376194][T23694] [bIT&:"1:ӭ'4,Zz-#F<]%gC [ 1424.376194][T23694] SȘȞZ6' [ 1424.481432][ T4234] usb 6-1: USB disconnect, device number 58 [ 1424.753296][T23747] xt_TCPMSS: Only works on TCP SYN packets [ 1424.822828][ T4333] udevd[4333]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1425.121926][T23780] bridge7: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 1425.151122][ T2426] pvrusb2: request_firmware fatal error with code=-110 [ 1425.158041][ T2426] pvrusb2: Failure uploading firmware1 [ 1425.173814][ T2426] pvrusb2: Device initialization was not successful. [ 1425.209020][ T2426] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 1425.246903][ T2426] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 1425.285801][ T5127] pvrusb2: Device being rendered inoperable [ 1425.387581][T23797] loop7: detected capacity change from 0 to 1024 [ 1425.450957][T23797] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1425.706069][T23839] netlink: 4 bytes leftover after parsing attributes in process `syz.6.22254'. [ 1425.722139][ T5127] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 1425.819163][T23853] netlink: 12 bytes leftover after parsing attributes in process `syz.2.22256'. [ 1426.038123][ T5127] usb 1-1: Using ep0 maxpacket: 8 [ 1426.038989][T23873] loop2: detected capacity change from 0 to 256 [ 1426.108247][T23877] netlink: 'syz.6.22265': attribute type 21 has an invalid length. [ 1426.176974][ T5127] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1426.193452][ T5127] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1426.251720][ T4239] usb 6-1: new full-speed USB device number 59 using dummy_hcd [ 1426.422971][ T5127] usb 1-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 1426.432118][ T5127] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1426.453880][ T5127] usb 1-1: Product: syz [ 1426.458502][ T5127] usb 1-1: Manufacturer: syz [ 1426.463162][ T5127] usb 1-1: SerialNumber: syz [ 1426.504962][ T5127] usb 1-1: config 0 descriptor?? [ 1426.567592][T23914] loop6: detected capacity change from 0 to 2048 [ 1426.593176][ T5127] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 found [ 1426.658097][ T4239] usb 6-1: config 8 has an invalid interface number: 223 but max is 0 [ 1426.685175][ T4239] usb 6-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 1426.698250][T23914] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1426.752374][ T4239] usb 6-1: config 8 has no interface number 0 [ 1426.809646][ T4239] usb 6-1: config 8 interface 223 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1426.819082][ T5127] snd_usb_toneport 1-1:0.0: cannot get proper max packet size [ 1426.839594][ T5127] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 now disconnected [ 1426.859745][ T5127] snd_usb_toneport: probe of 1-1:0.0 failed with error -22 [ 1427.053535][ T4239] usb 6-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 1427.111011][ T4239] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1427.150178][ T4239] usb 6-1: Product: syz [ 1427.154446][ T4239] usb 6-1: Manufacturer: syz [ 1427.171598][T23940] netlink: 'syz.6.22279': attribute type 7 has an invalid length. [ 1427.179470][T23940] netlink: 'syz.6.22279': attribute type 8 has an invalid length. [ 1427.206078][ T4239] usb 6-1: SerialNumber: syz [ 1427.225752][ T4570] usb 1-1: USB disconnect, device number 74 [ 1427.395081][T23959] netlink: 'syz.2.22283': attribute type 1 has an invalid length. [ 1427.442227][T23909] loop7: detected capacity change from 0 to 32768 [ 1427.481196][T23959] netlink: 4 bytes leftover after parsing attributes in process `syz.2.22283'. [ 1427.490281][T23959] netlink: 'syz.2.22283': attribute type 1 has an invalid length. [ 1427.521027][T20078] bond0: (slave syz_tun): Releasing backup interface [ 1427.529316][ T4239] usb 6-1: USB disconnect, device number 59 [ 1427.558285][T23909] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop7 scanned by syz.7.22273 (23909) [ 1427.607764][ T326] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1427.639037][T23909] BTRFS info (device loop7): using sha256 (sha256-avx2) checksum algorithm [ 1427.680637][T23909] BTRFS info (device loop7): enabling disk space caching [ 1427.734355][ T326] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1427.734598][T23909] BTRFS info (device loop7): force zlib compression, level 3 [ 1427.804500][T23909] BTRFS warning (device loop7): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 1427.840403][T23909] BTRFS info (device loop7): setting nodatasum [ 1427.857710][ T326] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1427.874060][T23909] BTRFS info (device loop7): setting nodatacow [ 1427.884871][T23909] BTRFS info (device loop7): enabling ssd optimizations [ 1427.921848][T23909] BTRFS info (device loop7): using spread ssd allocation scheme [ 1427.931023][T23909] BTRFS error (device loop7): cannot disable free space tree [ 1427.970733][T23909] BTRFS error (device loop7): open_ctree failed: -22 [ 1428.024576][ T326] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1428.129739][T24003] openvswitch: netlink: Actions may not be safe on all matching packets [ 1428.314149][T24022] netlink: 'syz.0.22300': attribute type 9 has an invalid length. [ 1428.525637][T24031] netlink: 16 bytes leftover after parsing attributes in process `syz.2.22304'. [ 1428.562081][T24031] netlink: 16 bytes leftover after parsing attributes in process `syz.2.22304'. [ 1428.584993][T24031] netlink: 24 bytes leftover after parsing attributes in process `syz.2.22304'. [ 1428.684718][T24042] loop5: detected capacity change from 0 to 4096 [ 1429.056396][T24045] loop7: detected capacity change from 0 to 8192 [ 1429.100563][T20897] ntfs3: loop5: ntfs_evict_inode r=5 failed, -22. [ 1429.114320][T20897] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 1429.124479][T24078] netlink: 52 bytes leftover after parsing attributes in process `syz.0.22315'. [ 1429.137885][T24045] loop7: p1 p3 p4 [ 1429.143364][T24045] loop7: partition table partially beyond EOD, truncated [ 1429.188216][T24082] netlink: 'syz.6.22316': attribute type 1 has an invalid length. [ 1429.196879][T24045] loop7: p1 start 393225 is beyond EOD, truncated [ 1429.261176][T24082] netlink: 224 bytes leftover after parsing attributes in process `syz.6.22316'. [ 1429.285829][T24045] loop7: p3 start 16777216 is beyond EOD, truncated [ 1429.326608][T24045] loop7: p4 start 4294967295 is beyond EOD, truncated [ 1429.623656][T24110] device geneve2 entered promiscuous mode [ 1429.877886][T24137] netlink: 504 bytes leftover after parsing attributes in process `syz.2.22326'. [ 1430.122539][T24153] netlink: 96 bytes leftover after parsing attributes in process `syz.6.22331'. [ 1430.124471][T24155] autofs4:pid:24155:autofs_fill_super: called with bogus options [ 1430.399725][T24181] netlink: 'syz.2.22339': attribute type 1 has an invalid length. [ 1430.859621][T24216] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(3) [ 1430.866971][T24216] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1430.876477][T24222] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1430.909543][T24208] loop2: detected capacity change from 0 to 4096 [ 1430.952843][T24216] vhci_hcd vhci_hcd.0: Device attached [ 1431.057656][T24208] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1431.094543][T24208] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1431.137405][ T5127] vhci_hcd: vhci_device speed not set [ 1431.166539][T24208] ntfs: (device loop2): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1431.222880][ T5127] usb 47-1: new full-speed USB device number 2 using vhci_hcd [ 1431.227086][T24208] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1431.340455][T24208] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1431.385462][T24208] ntfs: volume version 3.1. [ 1431.413557][T24208] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 1431.457994][T24208] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 1431.500909][T24255] (unnamed net_device) (uninitialized): ARP monitoring cannot be used with MII monitoring [ 1431.516644][T24208] ntfs: (device loop2): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 1431.531634][T24218] vhci_hcd: connection reset by peer [ 1431.543745][T23651] vhci_hcd: stop threads [ 1431.548223][T23651] vhci_hcd: release socket [ 1431.569262][T23651] vhci_hcd: disconnect device [ 1431.611934][T24208] ntfs: (device loop2): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute is corrupt. [ 1431.667749][T24208] ntfs: (device loop2): ntfs_read_locked_index_inode(): Failed with error code -5 while reading index inode (mft_no 0x18, name_len 2. [ 1431.877512][T24287] 9pnet: Could not find request transport: 0xffffffffffffffff [ 1431.886387][ T326] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1431.907688][ T326] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1431.923986][T24292] loop7: detected capacity change from 0 to 256 [ 1431.939587][ T326] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1431.965376][ T326] device veth0_to_bond left promiscuous mode [ 1431.996148][ T326] bridge0: port 1(veth0_to_bond) entered disabled state [ 1432.071494][ T326] device veth0_vlan left promiscuous mode [ 1432.100274][T24300] xt_TCPMSS: Only works on TCP SYN packets [ 1432.520491][ T326] bond11 (unregistering): Released all slaves [ 1432.558165][ T326] bond10 (unregistering): Released all slaves [ 1432.648542][ T326] bond9 (unregistering): Released all slaves [ 1432.682636][ T326] bond8 (unregistering): Released all slaves [ 1432.704830][ T326] bond7 (unregistering): Released all slaves [ 1432.716657][ T326] bond6 (unregistering): Released all slaves [ 1432.728447][ T326] bond5 (unregistering): Released all slaves [ 1432.775886][ T326] bond4 (unregistering): Released all slaves [ 1432.789169][ T326] bond3 (unregistering): Released all slaves [ 1432.799785][ T326] bond2 (unregistering): Released all slaves [ 1432.813389][ T326] bond1 (unregistering): Released all slaves [ 1432.892947][ T326] team0 (unregistering): Port device geneve1 removed [ 1432.979474][T19044] usb 1-1: new full-speed USB device number 75 using dummy_hcd [ 1433.016017][ T326] bond0 (unregistering): (slave hsr_slave_0): Releasing backup interface [ 1433.042376][ T326] device team_slave_1 left promiscuous mode [ 1433.049111][ T326] team0 (unregistering): Port device team_slave_1 removed [ 1433.062046][ T326] device team_slave_0 left promiscuous mode [ 1433.070955][ T326] team0 (unregistering): Port device team_slave_0 removed [ 1433.085122][ T326] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1433.100366][ T326] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1433.171191][ T326] bond0 (unregistering): Released all slaves [ 1433.219236][T24284] netlink: 'syz.5.22363': attribute type 5 has an invalid length. [ 1433.355689][T24371] loop7: detected capacity change from 0 to 16 [ 1433.436279][T19044] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 1433.444354][T19044] usb 1-1: config 0 has no interface number 0 [ 1433.475871][T24371] erofs: (device loop7): mounted with root inode @ nid 36. [ 1433.483600][T19044] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 51720, setting to 64 [ 1433.697163][T19044] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 1433.717222][T19044] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 1433.766244][T19044] usb 1-1: Product: syz [ 1433.792833][T19044] usb 1-1: SerialNumber: syz [ 1433.815824][T19044] usb 1-1: config 0 descriptor?? [ 1433.842273][T24347] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1433.865378][T19044] cm109 1-1:0.8: invalid payload size 64, expected 4 [ 1433.907212][T19044] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input87 [ 1434.205756][ C1] cm109 1-1:0.8: cm109_urb_irq_callback: urb status -71 [ 1434.440852][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1434.462014][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1434.483404][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1434.515414][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1434.520618][T24456] loop7: detected capacity change from 0 to 128 [ 1434.532532][ T5121] usb 1-1: USB disconnect, device number 75 [ 1434.538693][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1434.538723][ C1] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 1434.589227][ T5121] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 1434.682630][T24456] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 1434.737296][T24452] loop5: detected capacity change from 0 to 8192 [ 1434.760305][T24456] hpfs: filesystem error: improperly stopped [ 1434.782403][T24456] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 1434.794237][T24456] hpfs: You really don't want any checks? You are crazy... [ 1434.803396][T24456] hpfs: Code page index out of array [ 1434.822822][T24452] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 1434.842550][T24452] REISERFS (device loop5): using ordered data mode [ 1434.848868][T24456] hpfs: code page support is disabled [ 1434.861728][T24452] reiserfs: using flush barriers [ 1434.884004][T24452] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1434.895326][T24456] hpfs: hpfs_map_4sectors(): unaligned read [ 1434.925361][T24452] REISERFS (device loop5): checking transaction log (loop5) [ 1434.949867][T24456] hpfs: hpfs_map_4sectors(): unaligned read [ 1435.026105][T24456] hpfs: filesystem error: unable to find root dir [ 1435.142371][T24507] i2c i2c-0: Invalid block write size 253 [ 1435.279691][T24452] REISERFS (device loop5): Using tea hash to sort names [ 1435.300937][T24452] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 1435.363755][T24517] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0) [ 1435.494843][T24527] binder: 24524:24527 ioctl c018620b 0 returned -14 [ 1435.623292][T24532] netlink: 'syz.6.22428': attribute type 4 has an invalid length. [ 1435.694073][T24539] netlink: 52 bytes leftover after parsing attributes in process `syz.0.22431'. [ 1435.882256][T24547] loop2: detected capacity change from 0 to 512 [ 1436.001879][T24547] EXT4-fs error (device loop2): ext4_orphan_get:1432: comm syz.2.22434: bad orphan inode 11862016 [ 1436.071226][T24547] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1436.135459][T24547] ext4 filesystem being mounted at /4582/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1436.402859][T24575] device ipip0 entered promiscuous mode [ 1436.697090][ T5127] vhci_hcd: vhci_device speed not set [ 1437.067388][T24613] netlink: 'syz.5.22433': attribute type 32 has an invalid length. [ 1437.101369][T24613] netlink: 28 bytes leftover after parsing attributes in process `syz.5.22433'. [ 1437.617171][T24660] tmpfs: Bad value for 'mpol' [ 1437.913792][T24689] loop2: detected capacity change from 0 to 64 [ 1437.970218][T24693] ubi31: attaching mtd0 [ 1438.008613][T24689] ================================================================== [ 1438.017597][T24689] BUG: KASAN: slab-out-of-bounds in reiserfs_xattr_get+0xde/0x960 [ 1438.025462][T24689] Read of size 8 at addr ffff888143fd5d98 by task syz.2.22473/24689 [ 1438.033475][T24689] [ 1438.035831][T24689] CPU: 0 PID: 24689 Comm: syz.2.22473 Not tainted syzkaller #0 [ 1438.043404][T24689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1438.053488][T24689] Call Trace: [ 1438.056801][T24689] [ 1438.059760][T24689] dump_stack_lvl+0x188/0x250 [ 1438.064491][T24689] ? show_regs_print_info+0x20/0x20 [ 1438.069718][T24689] ? _printk+0xda/0x130 [ 1438.073907][T24689] ? load_image+0x400/0x400 [ 1438.078444][T24689] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 1438.083950][T24689] print_address_description+0x60/0x2d0 [ 1438.089535][T24689] ? reiserfs_xattr_get+0xde/0x960 [ 1438.094681][T24689] kasan_report+0xdf/0x130 [ 1438.099249][T24689] ? reiserfs_xattr_get+0xde/0x960 [ 1438.104391][T24689] ? lock_chain_count+0x20/0x20 [ 1438.109293][T24689] reiserfs_xattr_get+0xde/0x960 [ 1438.114280][T24689] reiserfs_get_acl+0x7a/0x680 [ 1438.119169][T24689] ? rcu_lock_release+0x5/0x20 [ 1438.123988][T24689] get_acl+0x154/0x250 [ 1438.128094][T24689] check_acl+0x3a/0x150 [ 1438.132301][T24689] generic_permission+0x3bf/0x510 [ 1438.137375][T24689] ? open_xa_dir+0x680/0x680 [ 1438.142010][T24689] inode_permission+0x239/0x480 [ 1438.146898][T24689] may_open+0x262/0x400 [ 1438.151099][T24689] path_openat+0x258c/0x2fa0 [ 1438.155837][T24689] ? verify_lock_unused+0x140/0x140 [ 1438.161075][T24689] ? slab_post_alloc_hook+0x4c/0x380 [ 1438.166393][T24689] ? do_filp_open+0x410/0x410 [ 1438.171127][T24689] do_filp_open+0x1e2/0x410 [ 1438.175663][T24689] ? vfs_tmpfile+0x300/0x300 [ 1438.179341][T24706] loop6: detected capacity change from 0 to 1024 [ 1438.180298][T24689] ? _raw_spin_unlock+0x24/0x40 [ 1438.191478][T24689] ? alloc_fd+0x598/0x630 [ 1438.195852][T24689] do_sys_openat2+0x150/0x4b0 [ 1438.200562][T24689] ? __lock_acquire+0x7d10/0x7d10 [ 1438.205628][T24689] ? do_sys_open+0xe0/0xe0 [ 1438.210077][T24689] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1438.216097][T24689] ? lock_chain_count+0x20/0x20 [ 1438.220983][T24689] ? vtime_user_exit+0x2c8/0x3e0 [ 1438.225955][T24689] __x64_sys_openat+0x135/0x160 [ 1438.230980][T24689] do_syscall_64+0x4c/0xa0 [ 1438.235428][T24689] ? clear_bhb_loop+0x30/0x80 [ 1438.240133][T24689] ? clear_bhb_loop+0x30/0x80 [ 1438.244830][T24689] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1438.250733][T24689] RIP: 0033:0x7f27c1b0468e [ 1438.255255][T24689] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1438.275041][T24689] RSP: 002b:00007f27bfd9cda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1438.283467][T24689] RAX: ffffffffffffffda RBX: 00007f27bfd9d6c0 RCX: 00007f27c1b0468e [ 1438.291441][T24689] RDX: 0000000000010000 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 1438.299422][T24689] RBP: 0000200000000280 R08: 0000000000000000 R09: 0000000000000000 [ 1438.307399][T24689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000200 [ 1438.315467][T24689] R13: 00007f27bfd9cea0 R14: 000000000000032e R15: 0000200000004240 [ 1438.323453][T24689] [ 1438.326474][T24689] [ 1438.328791][T24689] Allocated by task 24689: [ 1438.333201][T24689] __kasan_kmalloc+0xb5/0xf0 [ 1438.337798][T24689] hfs_fill_super+0x139/0x1590 [ 1438.342561][T24689] mount_bdev+0x287/0x3c0 [ 1438.346896][T24689] legacy_get_tree+0xe6/0x180 [ 1438.351575][T24689] vfs_get_tree+0x88/0x270 [ 1438.355994][T24689] do_new_mount+0x24a/0xa40 [ 1438.360494][T24689] __se_sys_mount+0x2e3/0x3d0 [ 1438.365170][T24689] do_syscall_64+0x4c/0xa0 [ 1438.369586][T24689] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1438.375487][T24689] [ 1438.377827][T24689] Last potentially related work creation: [ 1438.383549][T24689] kasan_save_stack+0x35/0x60 [ 1438.388246][T24689] kasan_record_aux_stack+0xb8/0x100 [ 1438.393538][T24689] kvfree_call_rcu+0x105/0x7d0 [ 1438.398307][T24689] neigh_periodic_work+0x407/0xc70 [ 1438.403419][T24689] process_one_work+0x85f/0x1010 [ 1438.408363][T24689] worker_thread+0xaa6/0x1290 [ 1438.413051][T24689] kthread+0x436/0x520 [ 1438.417120][T24689] ret_from_fork+0x1f/0x30 [ 1438.421535][T24689] [ 1438.423859][T24689] The buggy address belongs to the object at ffff888143fd5800 [ 1438.423859][T24689] which belongs to the cache kmalloc-1k of size 1024 [ 1438.438000][T24689] The buggy address is located 408 bytes to the right of [ 1438.438000][T24689] 1024-byte region [ffff888143fd5800, ffff888143fd5c00) [ 1438.451983][T24689] The buggy address belongs to the page: [ 1438.457611][T24689] page:ffffea00050ff400 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888143fd0000 pfn:0x143fd0 [ 1438.469154][T24689] head:ffffea00050ff400 order:3 compound_mapcount:0 compound_pincount:0 [ 1438.477653][T24689] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff) [ 1438.485735][T24689] raw: 057ff00000010200 ffffea00007b9000 0000000200000002 ffff888016c41dc0 [ 1438.494320][T24689] raw: ffff888143fd0000 000000008010000f 00000001ffffffff 0000000000000000 [ 1438.502902][T24689] page dumped because: kasan: bad access detected [ 1438.509315][T24689] page_owner tracks the page as allocated [ 1438.515027][T24689] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 2524690904, free_ts 0 [ 1438.533084][T24689] get_page_from_freelist+0x1bbd/0x1ca0 [ 1438.538640][T24689] __alloc_pages+0x1ee/0x480 [ 1438.543335][T24689] alloc_page_interleave+0x24/0x1e0 [ 1438.548554][T24689] new_slab+0xc0/0x4b0 [ 1438.552709][T24689] ___slab_alloc+0x80a/0xdd0 [ 1438.557299][T24689] __kmalloc_track_caller+0x1cb/0x330 [ 1438.562668][T24689] krealloc+0x5a/0xf0 [ 1438.566651][T24689] add_sysfs_param+0xe8/0x930 [ 1438.571418][T24689] kernel_add_sysfs_param+0xaf/0x120 [ 1438.576709][T24689] param_sysfs_builtin+0x183/0x200 [ 1438.581921][T24689] param_sysfs_init+0x66/0x70 [ 1438.586598][T24689] do_one_initcall+0x272/0x730 [ 1438.591420][T24689] do_initcall_level+0x137/0x1f0 [ 1438.596451][T24689] do_initcalls+0x4b/0x90 [ 1438.600785][T24689] kernel_init_freeable+0x3e9/0x570 [ 1438.605983][T24689] kernel_init+0x19/0x1b0 [ 1438.610356][T24689] page_owner free stack trace missing [ 1438.615729][T24689] [ 1438.618054][T24689] Memory state around the buggy address: [ 1438.623682][T24689] ffff888143fd5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1438.631751][T24689] ffff888143fd5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1438.639924][T24689] >ffff888143fd5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1438.648082][T24689] ^ [ 1438.652934][T24689] ffff888143fd5e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1438.660993][T24689] ffff888143fd5e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1438.669052][T24689] ================================================================== [ 1438.677108][T24689] Disabling lock debugging due to kernel taint [ 1438.698683][T24693] ubi31: scanning is finished [ 1438.727674][T24693] ubi31: empty MTD device detected [ 1438.807684][T24693] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1438.825026][T24693] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1438.837514][T24706] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1438.888864][T24693] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1438.983916][T24693] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 1438.993592][T22113] usb 1-1: new full-speed USB device number 76 using dummy_hcd [ 1439.002186][T24706] EXT4-fs warning (device loop6): ext4_rmdir:3243: inode #11: comm syz.6.22477: empty directory 'file1' has too many links (111) [ 1439.020729][T24693] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1439.033513][T24693] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1439.052265][T24693] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 259387192 [ 1439.068261][T24693] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1439.079017][T24715] ubi31: background thread "ubi_bgt31d" started, PID 24715 [ 1439.092915][T24689] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1439.100167][T24689] CPU: 0 PID: 24689 Comm: syz.2.22473 Tainted: G B syzkaller #0 [ 1439.109131][T24689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1439.119217][T24689] Call Trace: [ 1439.122532][T24689] [ 1439.125486][T24689] dump_stack_lvl+0x188/0x250 [ 1439.130201][T24689] ? show_regs_print_info+0x20/0x20 [ 1439.135429][T24689] ? load_image+0x400/0x400 [ 1439.139970][T24689] panic+0x2e5/0x810 [ 1439.143897][T24689] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1439.150277][T24689] ? bpf_jit_dump+0xd0/0xd0 [ 1439.154813][T24689] ? _raw_spin_unlock_irqrestore+0x10d/0x120 [ 1439.160828][T24689] ? _raw_spin_unlock+0x40/0x40 [ 1439.165707][T24689] ? reiserfs_xattr_get+0xde/0x960 [ 1439.170849][T24689] check_panic_on_warn+0x80/0xa0 [ 1439.175823][T24689] ? reiserfs_xattr_get+0xde/0x960 [ 1439.180961][T24689] end_report+0x6d/0xf0 [ 1439.185151][T24689] kasan_report+0x102/0x130 [ 1439.189686][T24689] ? reiserfs_xattr_get+0xde/0x960 [ 1439.194923][T24689] ? lock_chain_count+0x20/0x20 [ 1439.199808][T24689] reiserfs_xattr_get+0xde/0x960 [ 1439.204777][T24689] reiserfs_get_acl+0x7a/0x680 [ 1439.209703][T24689] ? rcu_lock_release+0x5/0x20 [ 1439.214497][T24689] get_acl+0x154/0x250 [ 1439.218595][T24689] check_acl+0x3a/0x150 [ 1439.222788][T24689] generic_permission+0x3bf/0x510 [ 1439.227843][T24689] ? open_xa_dir+0x680/0x680 [ 1439.232568][T24689] inode_permission+0x239/0x480 [ 1439.237564][T24689] may_open+0x262/0x400 [ 1439.241761][T24689] path_openat+0x258c/0x2fa0 [ 1439.246388][T24689] ? verify_lock_unused+0x140/0x140 [ 1439.251709][T24689] ? slab_post_alloc_hook+0x4c/0x380 [ 1439.257022][T24689] ? do_filp_open+0x410/0x410 [ 1439.261730][T24689] do_filp_open+0x1e2/0x410 [ 1439.266258][T24689] ? vfs_tmpfile+0x300/0x300 [ 1439.270886][T24689] ? _raw_spin_unlock+0x24/0x40 [ 1439.275767][T24689] ? alloc_fd+0x598/0x630 [ 1439.280130][T24689] do_sys_openat2+0x150/0x4b0 [ 1439.284932][T24689] ? __lock_acquire+0x7d10/0x7d10 [ 1439.290055][T24689] ? do_sys_open+0xe0/0xe0 [ 1439.294510][T24689] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1439.300528][T24689] ? lock_chain_count+0x20/0x20 [ 1439.305421][T24689] ? vtime_user_exit+0x2c8/0x3e0 [ 1439.310477][T24689] __x64_sys_openat+0x135/0x160 [ 1439.315362][T24689] do_syscall_64+0x4c/0xa0 [ 1439.319803][T24689] ? clear_bhb_loop+0x30/0x80 [ 1439.324517][T24689] ? clear_bhb_loop+0x30/0x80 [ 1439.329275][T24689] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1439.335206][T24689] RIP: 0033:0x7f27c1b0468e [ 1439.339656][T24689] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1439.359296][T24689] RSP: 002b:00007f27bfd9cda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1439.367754][T24689] RAX: ffffffffffffffda RBX: 00007f27bfd9d6c0 RCX: 00007f27c1b0468e [ 1439.375853][T24689] RDX: 0000000000010000 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 1439.383871][T24689] RBP: 0000200000000280 R08: 0000000000000000 R09: 0000000000000000 [ 1439.391876][T24689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000200 [ 1439.400193][T24689] R13: 00007f27bfd9cea0 R14: 000000000000032e R15: 0000200000004240 [ 1439.408203][T24689] [ 1439.411609][T24689] Kernel Offset: disabled [ 1439.417632][T24689] Rebooting in 86400 seconds..