last executing test programs: 5m52.325675437s ago: executing program 2 (id=2968): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000a00)=@newlink={0x44, 0x10, 0x503, 0x70bd27, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x900}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e21}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x1009}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80801}, 0x844) 5m52.177693581s ago: executing program 2 (id=2971): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$VIDIOC_ENUMINPUT(r0, 0xc050561a, &(0x7f0000000440)={0x200, "61c59abaaf256e1a945348079856d414c94da3ecc17fa4e8fef8291e47cee10f", 0x1, 0x7, 0x1, 0x4000, 0x2020000, 0x4}) 5m52.065062423s ago: executing program 2 (id=2974): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) write$cgroup_int(r0, &(0x7f0000000000)=0x921, 0x12) 5m51.750322534s ago: executing program 2 (id=2980): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='./file1\x00', 0x1210080, &(0x7f0000000140)={[{@uid}, {@creator={'creator', 0x3d, "aa80aaf6"}}, {@dir_umask}, {@creator={'creator', 0x3d, "0de07c34"}}, {@codepage={'codepage', 0x3d, 'cp949'}}, {@dir_umask}, {@iocharset={'iocharset', 0x3d, 'iso8859-15'}}, {@dir_umask={'dir_umask', 0x3d, 0x200}}, {}, {@umask={'umask', 0x3d, 0x16}}]}, 0x7, 0x318, &(0x7f00000004c0)="$eJzs3U1rE08cB/Dv7CZp8m/pf20rBY/VgqfS1oPixSLFi2/AgxRrm0LpWkEraEGMnkW8CYJHb55F34JexDegpx7Ek16CB1dmZmcf0tnNQ9tsQr4faJrszsNvdnayMynpgohG1tXVb28vHMgfUQbgArgMOACqQAnAacxWH+zube/59c28glyVQ/4I6JziUJqN3botq8yncoQ8+aqEieQ2OhlBEATf26b61ZdYqDhCj/1DHGAsHJ1qf7XvkZ2Mhm7XaEn0sGiiiYeYLDIcIiIqXnj9d8KrxEQ4f3ccYD6chw/79T81v2kWF8dAiK7/jn4dCHl8/le74vWeWsLJ3nfMKtFWlvWcCOLDXYE+s1IdINqtKlUsTm1r268vNFQBz3AllEg2ox43YRqiZEVb0b/mLGvTHHltzzeu2lCWbVjOiH+66xo//sAre3VrnzuISXwSX8Sa8PAam9H8rxQIeXDU8fFaekrHv5hdomqlp1OlWhmv30+pSs6YHvjwLm5lLeu4VuHKWGxkKaJ1/u6ZOF9WsnNhCumPFXTrlrJbp3JNW3MtR6//WHPNtOaqbZX9+sLGXT/3o5RjY13RiRfihpjDT7zHamL+78jU88gemalRLlTK8MzIbU9JpczoxxQ1gO90NTJJuWbt6HzPcRuXMHn/0f7Ouu/X7xX/xAyVAYlHn4jh6Si3yN+JNKjKJ2UAx1bp3yAIrLtK6EeTy6qpF9/ETd7fWRcN/fJoVaARFWh2rWQnBrACINxi3hF6qf1JlGssLrCj7L9lb6st9hPSRNWHE9JUldrlYqyjkVLrodLrj3fW/Z7eiWjIxJ2O2ZtFB0NFkPMuodd/ifXKonrXkQ9ezmokaFd4osSljBXQlHr8r7MVXFRs5jxx3Dxps+Y6ex4411KjA1Pj09ZivTBODOJfJbv/U4ZYxVfc4uf/RERERERERERERERERERERERERETDpttvI/TydYJ0jQcj+I83iIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiOJnH/X8BVd4ypFH7/X7eD+/+a+1IQUc/+BQAA//8KX2Ch") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) 5m51.366747381s ago: executing program 2 (id=2984): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)="13000000010203", 0x7}], 0x1) 5m50.671644s ago: executing program 2 (id=2994): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x8040}, 0x4004010) 5m50.547118933s ago: executing program 32 (id=2994): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x8040}, 0x4004010) 4m33.644408753s ago: executing program 3 (id=4463): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f00000000c0)={0x0, 0x5, 0x1}) 4m33.514063227s ago: executing program 3 (id=4466): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1}) 4m33.390968189s ago: executing program 3 (id=4469): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000008c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x269d}, [@IFLA_IFNAME={0x14, 0x3, 'macvtap0\x00'}, @IFLA_PROTO_DOWN={0x5, 0x27, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x8044) 4m33.212108837s ago: executing program 3 (id=4474): syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file1\x00', 0x414, &(0x7f00000000c0)=ANY=[@ANYRES16=0x0, @ANYRES32=0x0, @ANYBLOB="4b57e847ca97fe4b6468d5e3b1c8af6e644d82834f7f6415192ea618955c73aa164df482345e086f4d3eeab8150027a48e918d4fd9625eb5bbbda3abcbfb81f62a9f0bae4cdf14f1c7e660836a0ff1efeefa49a8eb3e395e0b9b42eaccbae5f0ee105aad7dee86f62c9ac34d9c489aeccbdcc43e382876a434a4a8099a697b7c86c89ef92d75b2882a9a01bf753884e7da7774a4d679a40f14baa67f2d7a6a2d0b44ae0c7a0fa9c53168755777b5237011e10adc830aedcc6714b8af1c083a8f77221e0488737fc02a13fa91c152", @ANYRES16], 0x1, 0x2ab, &(0x7f0000000440)="$eJzs3M9qE1EUx/FjU5s0pU0EKSioB93oZmjjA2iQFsSAWpuiLoSpnWjImJSZUImIzUbc+hzFpTtBfYFuxI17d0UQXdiFOGIm0ybttE3/JI3p9wPlnpl7f8xtS4czhczK3ddPCjnXyJll6Yup9IlUZVUk+a+qO1Yf+2r1gDSqyqWhn1/O3Ll3/0Y6k5mYUp1MT19OqerIufdPn785/7E8NPN25F1UlpMPVr6nvi6PLp9a+TP9OO9q3tViqaymzpZKZXPWtnQu7xYM1Vu2ZbqW5ouu5TTN5+zS/HxFzeLccHzesVxXzWJFC1ZFyyUtOxU1H5n5ohqGocNxOdr6W1iTXZqaMtNbTnuRA90R2m4w7KTjpKvhk9mlDuwJAAB0me37f7/X37r/z8z44wH3/yL0/21SbTraof9HT3CctBmv//02o/8HAAAAAAAAAAAAAAAAAAAAAOB/sOp5Cc/zEsEYfEVFJCYiwfFh7xPtsdPv/0d47Eqn94n2aPjgXkzEfrWQXcj6oz+fzklebLFkTBLyu3Y/qPPryeuZiTGt+eV53mI9v7iQjUg0yAeSYfmzJ8b9vMoHuyF/XOKN109JQk6GXz8Vmh+4ffFCQ96QhHx6KCWxZa52X1vPvxhXvXYzsyE/WFsHAAAAAEAvMHRNsvn513/3o1FbEJPN835+F/8f2PB83S+nW3lFJQAAAAAA2De38qxg2rbl7KGIisg+4r1aRKQrtrGhuCoiXbCNThUxEfHP6B7io9/W4i2lvBbW9IvIof9YdlEc9p0JAAAAwEFbb/p3Efr8so07AgAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6Gn1fWDB+k1TwcQ28YbLRTr+DQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd5G8AAAD//8NxHaE=") mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x1101088, 0x0) 4m32.929645484s ago: executing program 3 (id=4483): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f00000000c0)) 4m32.223660584s ago: executing program 3 (id=4496): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000021c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000bc0)={{0x0, 0x1}, {0xe}, 0x2, 0x0, 0x94}) 4m31.928970263s ago: executing program 33 (id=4496): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000021c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000bc0)={{0x0, 0x1}, {0xe}, 0x2, 0x0, 0x94}) 2.937065661s ago: executing program 1 (id=9616): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) 2.828471771s ago: executing program 1 (id=9619): setitimer(0x2, &(0x7f0000000000)={{}, {0x77359400}}, 0x0) getitimer(0x2, &(0x7f0000000100)) 2.694359604s ago: executing program 1 (id=9624): syz_usb_connect(0x3, 0x2d, &(0x7f0000000640)=ANY=[@ANYBLOB="12010002ee3b25205a06090065600102030109021b0001040840000904080101b9d7420209058a02"], 0x0) syz_open_dev$video(0x0, 0x7fffffff, 0x8280) 2.595691824s ago: executing program 4 (id=9627): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_PIM(r0, 0x0, 0xd0, &(0x7f0000000000)=0x1, 0x4) 2.527032881s ago: executing program 4 (id=9631): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000080)="010000000d80ffff", 0x8) 2.377384116s ago: executing program 4 (id=9637): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x2}) 2.207605823s ago: executing program 4 (id=9641): r0 = socket(0x2b, 0x80801, 0x1) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000440)={'security\x00', 0x4, [{}, {}, {}, {}]}, 0x68) 2.13465434s ago: executing program 4 (id=9643): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000e00)={0x24, 0x3, 0x1, 0x101, 0x0, 0x0, {0x2, 0x0, 0x7}, [@CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x9}, @CTA_MARK_MASK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c004}, 0x4044814) 2.098224983s ago: executing program 5 (id=9644): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x10, 0x1414, 0x211, 0x0, 0x25dfdbff}, 0x10}}, 0x0) 1.804825053s ago: executing program 0 (id=9645): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000040), 0x4) 1.803232383s ago: executing program 5 (id=9646): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x3a8, 0x190, 0x111, 0x4b4, 0x190, 0x700, 0x2d8, 0x278, 0x278, 0x2d8, 0x278, 0x3, 0x0, {[{{@ipv6={@mcast2, @empty, [], [], 'vlan0\x00', 'vlan1\x00', {}, {}, 0x88}, 0x0, 0x128, 0x190, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e23]}}, @common=@unspec=@connmark={{0x30}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0xffffffff, 0x0, 'syz0\x00', 'syz1\x00'}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private1, [0x0, 0x0, 0xff000000], [], 'geneve1\x00', 'erspan0\x00'}, 0x0, 0xe0, 0x148, 0x0, {}, [@common=@unspec=@statistic={{0x38}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x408) 1.751707547s ago: executing program 6 (id=9647): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000000)={'pcl711\x00', [0x2, 0xfffffff9, 0xf, 0x8, 0x1000, 0x100, 0x6623, 0x6, 0x8b, 0x4, 0x4, 0x3, 0x2, 0x4, 0x70, 0x0, 0x1, 0x7, 0x4, 0x7, 0x10, 0x5, 0x10000, 0x6, 0xfffffffd, 0x1, 0xffffffff, 0x3, 0x57, 0x8, 0x4]}) 1.751473647s ago: executing program 4 (id=9648): r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000980)=ANY=[]) 1.682487965s ago: executing program 0 (id=9649): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014) 1.62721136s ago: executing program 6 (id=9650): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xc5) 1.598810283s ago: executing program 5 (id=9651): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./bus\x00', 0x1000840, &(0x7f0000001f80)=ANY=[@ANYBLOB='shortname=winnt,sys_immutable,rodir,shortname=winnt,utf8=0,uni_xlate=0,nocase,codepage=936,uni_xlate=0,shortname=lower,shortname=win95,utf8=0,discard,iocharset=macromanian,rodir,\x00?'], 0x3, 0x350, &(0x7f0000000580)="$eJzs3U9oW3UcAPBv9tKkHcz2IAwF4elN0LJWPOipZXQwzEUl+OcgBtepNHXQYLA7NKsX8Sh41JM3D3rwsLMIinjz4NUJMhUPutvA4ZMkL81Lk3adkM3i53MI331/329+v7c8mtfX5tdXV2LjwkxcvHHjeszOlqK8cnYlbpZiIZIYuBLjKhNyAMDxcDPL4s+s74gtpSkvCQCYst77/+unCpl3vz6sPvPuDwDHXv79/9xhNbMHDVyaypIAgCkbu///yMhwZfRH/eXCbwUAAMfV8y+9/MxqLeK5NJ2N2HyvXW/X4+nh+OrFeDOasR5nYj5uRfQvFLoPpd7jufO1tTNpmnbil4Wodzva9YjNTrvev1JYTXr91ViK+VjI+/OrjSzLknNf1NaW0p6IuNLpzR+bpXZ9Jk7m8/94MtZjOdK4f6w/4nxtbTnNn6C+OejvROwO71t0178Y8/H9a3EpmnEhur2Dy5ra2s5Smp7NaiP97Xq1V9d34B0QAAAAAAAAAAAAAAAAAAAAAAD4VxbTPQt7+99kw/17FhcnjPf2x+n35/sD7fb3B8qqWWTZH+88Xn8/iZH9gfbvz9Oul+PEvT10AAAAAAAAAAAAAAAAAAAA+M9obVei0Wyub7W2L28Ug85Wa/tERHQzb3372VdzMV5zm6Ccz1EYSvPU5Y1GlgyKs2SkJg+S7uSDzKdX91ZcrKnuHcXEZVQPHmo2Tz3880fDzEPJ4Jn/HtYkMfkAk33LKAab9/WXdCf/UXvB8m1qrmVZdlD7zivjXVGKKN/5C3d4kHWDb66/8cATrdNP9jJfZn2PPjb/wrUPP/lto9Hszhy9V7Cy1bqVbTTyf08+2Q4OksL5U4p+UCqeCeXD2ndHM43kh99ffPCD7442e1bMvD2hJukfzuf7hyr9oLvMfUNzk+aamXDyTyE4/fFK4+rOT78etavwRcJGHQAAAAAAAAAAAAAAAAAAcFcUPiueyz/sO3NY11PPTn9lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD3DP/+fyHYHcscJfirE+ND1fWtVkTlXh8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/c/8EAAD//9HQbnk=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000006c0)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) 1.462945066s ago: executing program 6 (id=9652): syz_mount_image$hfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x12, &(0x7f0000000480)=ANY=[@ANYBLOB="636f6465706167653d63703733372c756d61736b3d30303030303030303030303030303030303030373737372c696f636861727365743d6d6163726f6d616e2c00c132f7d36481fcf97dccf78cfa7daf6825ef665eb163db201d6c13cd72fa3afa91aafaf54e6ba6969d3658c9240c7ec3318af10acda672b66e41b1831dfe26a89b1b2820620e55fbf859a609e57f2aab8ea8a7915d75fb4dc53bc4ac3dd3102fbf2571578726077b2b7577f55dfaa53a5bab2258b97b01aff1526a0ab78dcbb8d7485f3f185aaaa507641d3db038d754c159bb71dafcfa23b22342ed24e54f97b9092408b1de3725bb0cd05b4980d46bd9c0556fecbeeb"], 0x4, 0x339, &(0x7f0000000140)="$eJzs3U9P1EwcB/DvtLtL94EHK2BIPBmUxBMBPGi8QAzxNXgwRIQlIayYKCZKTETPxngzMfHIzbPRt6AX4xvQEwfjSS/EgzUzne5Ol5m2C7iF7PeTuHbb+fObttPO7GYpiKhvXVv4unNpV/4TVQA+gKuAByAAKgDOYDx4sLGZW5DfWhKIc4p9aZY3GrasAXQOLZTvKhgy19G/EUVR9C031c+exELlEWYPNnjAgO6danvQ88gObc62cjtuV38xjrDYwx4eYrjMcIiIqHz6/u/pu8SQHr97HjCpx+En9f6fSI1v9sqL41ho3f+9+H0k5P45pTbJ+d7aZrOxEk/h5NH3klmirSzrORG1d3cN8ZnlDxpDLqMWOxWLV19dazamtlUBzzCnGcnG1OsKkoYormhrwAyACcvcNENW27MNqjZUZRtmHfGPZtVonQB/+I5X9uoWPxWISXwUn8WiCPEaK63xXyUScueoIxV2dJU4/ml3iaqVYZwq1cp2+KdVJWd1DXj/tt3Kumu/BvBlLDayFNE5fg+TOF/W3LkwgvTHCnHrZtytU7lGgYpQswYz12wr0W9rrrHOuuqr1WZjavlu03XSHy3rjE68EDfEBH7gHRaM8b8nU0/C3TNTvVyolPrMyGxPRaV0HMcU1YHvdNUzSbmeuvgV8xy3cQXD9x9trS81m4175S8kXeWA2c8dcTzxiahPR7lG/m+kQSAXqgCc5VTdm6wLf6Iosm6qoBeHoKqaevlNu8lb60tCX/MOV4W8cnZsmncnBjAPQK9JrggHqf1JK9dAu8BC2X/Jo63W2E/IJKoedJCkqtQmHwOFekp935qdnFyP/z/YVYhOoPbRx/jNsoOhMsixg4jnf8Z8ZVpddeRLmDH/ifIKN0qcccyARtTrf8VmcK1inePEwWQhZ851/iJwoaNGD0mNTzuLDXWcOI7fSnb/VYZYwBfc4uf/REREREREREREREREREREREREREQnTbe/Rtj/c4L8hXSNu334hzeIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiA7HeP4v4KsnxtRsz//NelKT4sdPiAmO4vm/foHn/4rtLlpJRDZ/AwAA//9eD1xQ") mount$nfs(&(0x7f00000001c0)='\xb2\x83\x87J9I\xc3i\xe4\x81\xc5:\xccLD\x9d\xd8\xc7\x90v\x8b\x82\x90\xa4\x8f\x98\xb9\x89Q\xa4Pxy0\x01\x8cC\x1f|\xad\xcb\x8f\xe5WJ\x00>\xf2\xd6\t\xf4IE\xcb\x15\xea\xc4\x03\xf2\xf5\xf4\xa1\x98', &(0x7f0000000240)='./file1\x00', 0x0, 0x1a39143, 0x0) 1.165530795s ago: executing program 6 (id=9653): r0 = socket$nl_generic(0x10, 0x3, 0x10) fadvise64(r0, 0x0, 0xfffffffffffffffd, 0x2) 967.692805ms ago: executing program 6 (id=9654): syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000c80)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[], 0x1, 0xc4d, &(0x7f0000001b40)="$eJzs3V1sXGdaB/DnnWMndsqyU9qmXbpIsxSxaZoE56OtUVrkbIy1K0VtVMcLNyCP40kY1R67trNKK1gFCbgBQVCRVsAFuUHigovcIKEVQhE3iwRIEajSIpAItI1WQoBXsLBiJYzOzDv22BvXbr6cNL/fbvKfc+Y9M++Z9jlzpprnTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEV/46RNDh9NOzwIAuJ9eG39j6Kj3fwB4pJzx+R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK2lKOKtSPHe2HKabC93DJxqti5cnBgdu/VmgylSVKJojy//DBw+cvTYiy+9PNzNj97+bvtMvD5+5kTt5Nzs/EJjcbExXZtoNc/OTTe2/Qh3uv1G+9svQG32zQvT584t1o4cOrru7ovVm7sf21s9Pvzsgee7YydGx8bGe8b09d/2s3+fdPceik+QXVHEFyPFNw5+K9UjohJ3XgtbHDvutcHoK+uvvRMTo2PtHZlp1ltL5Z2pkkf1RVR7Nhrp1sh9qMU7MhJxqfznVE54f7l74/P1hfrUTKN2ur6w1FxqzrVSpTPbcn+qUYnhFDEfEcvFTk+eB01/FPFqpLj5veU0FRFFtw5eeG38jaGjm2/Ydx8nucnTV4uI6/EQ1Cw8oHZHEb8dKd6dHIqzua7aZfNBxOfLfCXirTKvpbicl1N5gBiO+Lb3E3io9UURfxMp5tJymu7Wfvu88tSXa19qnZvrGds9r3zoPx/cT85NeIANRBFT7TP+5XT7/7ELAAAAAAAAAAAAALg/ivh6pLg6uy/NR29PabN1vnamPjXT+VZw97v/tbzVysrKSjV1spZzKOdIztM5J3PO57yU83LOKzmv5ryW83rOGzmXc0YlP3/OWs6hnCM5T+eczDmf81LOyzmvdLLb0bhyLa+/nvNGzuWcoe8JAAAAAAAAAAAAAAAAAACAu2wwiviNSPHvv/+V9u9KR/t36T99fPjkqU/1/mb8M1s8Tjn2UER8Pbb3m7y78m+Np0r5v7u/X8DWBqKIr+bf//vlnZ4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQKhEEb8SKb72neUUKSJGIiajkzeKnZ4dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDanYp4NVL87O+OrK7ri4jU/n/HvvKvYzFS5HyizFdi5HA7KyMnyhyIOLQD8wdu3+Lb77xZn5lpLLjhhhturN7Y6SMTAAAAAAAAAAAAAAAAADzCUhF/Hyl+8veWUzUiLlZv7n5sb/X48LMHni+iaF8EIPWOf338zInaybnZ+YXG4mJjujbRap6dm25s9+kGTjVbFy5OjI7dk53Z0uA9nv/gwMm5+bcXmud/YemW9+8ZODG1uLRQP3vru2Mw+iKGetfsb094YnSsPemZZr3V3jRVNplgX0RtuzvDI29PKuJ/I8V7B78Zj+d1+fof/Z2lter/w19cW/rhvvW5+q9j+/jx6ePDJ/c8t53babsT3d8uvLIQxsZ7VvflWf5Qz7pqnte2HxseUWX9vxApfv6PitStoVz/P9BZKlbH/s9X12rq+IZctUP1/0TPuuP5qNXfFzGwNDvf/3TEwOLb7xxsztbPN843WseOvPzS8LGXXzz2Uv+uiIFzzZnG0Nqtbb92AAAAAAAAAAAAAAAAAHCv9KcivhApfunv/nK1bzz3/32qs7TW/9fb/7tvw+P0Xjdgs9u37PXboq+vV/mcKRXxVKR49s+eac83xR4973Cb9qQivlvW0/QX0+fyulz/ubP/1vV/aUOu2qH+38d71l3Kx4n/iBSP/8Ez8bme48TG7t5y3F9Eiqkf+WweF7vKcd3H6/REdxqDy7FfiRTvn14/tts3/cTa2MPb3S3YSWX9z0aKf/itv40fzevWX//j1vW/Z0Ou2qH6f7J3nyJi8e133qzPzDQWFrf9UsAjp6z/X48Uf/0n34zn8rqPuv5P9zo/+55bn4PdQTtU/0/1rKvmef3Yx3wtAAAAAAAAAAAA4GGxJxXxT5Hiz//0QDqY123n+7/TG3LVDn3/7+meddPrvv97725s+0UGAIAHRH8q4icixR9Pf5C6vbGb9v++stb/M7rxxL19Tv+D7T7/j3Wu/zH6/8vnTKmI/8t9vUNb9PX+eKT4tZ86kMelveW4ke50238PvDbXOnhiZmbubH2pPjXTqI3P1882ym33R4p//bfP5m0r7T7fbn90pzd4rSf4dyLFz33YHdvpCe72Uj65NvZwOfZgpPju++vHdvuunlobe6Qc+5uRYuy/bz1279rYo+XYf4wU//lurTt2Tzm2+3nu6bWxh87OzXzfRzYAAAAAAAAAAAAAAAAAAAB2Xn8qIkWKaz9zZbU3fv31v7rXAVh//a+N7tXv/1fvzm4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEMhRRH/FSneG1tON4pyuWPgVLN14eLE6NitNxtMkaISRXt8+Wfg8JGjx1586eXhbn709nfbZ+L18TMnaifnZucXGouLjenaRKt5dm66se1HuL3ti03v2d9+AWqzb16YPndusXbk0NF1d1+s3tz92N7q8eFnDzzfHTsxOjY23jOmr3/bs99SunsPxSfIrijiryLFNw5+K/1zEVGJ266FVVscO+61wegr66+9ExOjY+0dmWnWW0vlnamSR/VFVHs2GunWyH2oxTsyEnEpIirlhPeXuzc+X1+oT800aqfrC0vNpeZcK1U6sy33pxqVGE4R8xGxvPnRikdUfxRxLVLc/N5y+pei84bWroMXXht/Y+jo5hv23cdJbvL01SLiejwENQsPqN1RxJOR4t3JoXi/6NRVu2w+iPh8ma9EvFXmtRSX83IqDxDDEd/2fgIPtb4o4nSkmEvL6YMi1377vPLUl2tfap2b6xnbPa986D8f3E/OTXiADUQRH7bP+JfTh97PAQAAAAAAAAAAAOABV8SrkeLq7L7U7g9d7Sltts7XztSnZjpf6+9+97+Wt1pZWVmppk7Wcg7lHMl5Oudkzvmcl3Jeznkl59Wc13Jez3mjnbvbjYnlclTy8+es5RzKOZLzdM7JnPM5L+W8nPNKzqs5r+W8nvNGzuWcH9H1DwAAAAAAAAAAAAAAAAAAd6QSRfxqpPjad5bTStH5fdnJ6OSN9X2uu3ZqjsC98f8BAAD//3zgG/w=") chown(&(0x7f0000000080)='./file1\x00', 0xffffffffffffffff, 0x0) 938.775518ms ago: executing program 0 (id=9655): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x10, &(0x7f0000000280)={[{@rodir}, {@numtail}, {@utf8no}, {@fat=@usefree}, {@shortname_mixed}, {@uni_xlateno}, {@numtail}, {@utf8no}, {@fat=@check_normal}, {@fat=@codepage={'codepage', 0x3d, '864'}}, {@fat=@check_strict}, {@shortname_winnt}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@utf8no}, {@rodir}]}, 0x3, 0x27b, &(0x7f0000000640)="$eJzs3cFqK1UYAOB/mqRJdJEsXInQAV24Kq1P0CIVxIKgZKEutNgUpAmFFgJVMXblE/gEPo8b8QV8AC93d7u43LmkM0nTyyQlvWlT7v2+TQ//+f85/5kZ2tWc/vBB//jw5Ozo4tf/otFIYm0nduIyiXasxdjvUerfJ+VxAOCRu8yyeJrl6nno/GZGbUZlde3emwMA7sX03/9V9wIAPIyvv/n2i939/b2v0rQR0f9j0Eki/5nP7x7FT9GLbmxFK55HZBP5+LPP9/eimo6046P+cNAZVfa//7u4/u7/EVf129GKdnn9dpqbqh8OOrV4p1h/pxfdL/+KVrxXXv9JSX101uPjD6f634xW/PNjnEQvDovexvW/bafpp9mfz375bhQd1SfDQac+ySuyKw/6YAAAAAAAAAAAAAAAAAAAAAAAeKNtphPtm+fvjA/+nzM/53yg4dT5PFtpmmZJnn9dX433q1Fd5d4BAAAAAAAAAAAAAAAAAADgsTg7//n4oNfrni51MP6sv2QqXtyM1CPi7mttLFoVlaK1XhKx2Fq1qF9V3p5cWXAXzVE/3dOkGst7BMkk0pye2oh8rVGkmQ+mIq+9eiOuBuO36/ggue3hNspekiUMspLXrzKzav3VSLPYQUlyc87q6+/eqeesNWMqiYja5GbOv05tuffw4X4HAQAAAAAAAAAAAAAAAAAAueuPfksmL1bQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACswPX//19gMCyKZ+VkldGgGkVkxVsEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgLfAyAAD//0MUZ+o=") syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x20f0410, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) 577.248083ms ago: executing program 5 (id=9656): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_LABEL={0x8, 0xb, 0x1, 0x0, 0xae2f}, @IFLA_GENEVE_REMOTE6={0x14, 0x7, @private2}]}}}]}, 0x50}}, 0x0) 528.020539ms ago: executing program 0 (id=9657): syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000100)='./file1\x00', 0x4002, &(0x7f00000003c0)=ANY=[@ANYBLOB='longad,uid=', @ANYRESDEC=0x0, @ANYBLOB=',uid=forget,volume=00000000000000000003,shortad,gid=', @ANYRESDEC=0x0, @ANYBLOB=',session=18446744073709551489,gid=ignore,lastblock=0000001002,partition=18446744073709551612,undelete,\x00'], 0x2, 0xc30, &(0x7f0000002740)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcZy9S+mYhXOqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgpYzOxbcUWRNi2KEmV9Pjb13Z15b/a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+/cvHU6fSwWwEAPEiXx7526oz7PwA8Vq74/38AAAAAAAAAAAAAADjoUhTxZKSYv7yeJqr3HfVL7b6bt8aHR7avdiRVNQ9V5cuf+ukzZ8996YWh89281J79gPr322fjtbErFxsvz92YX5heXJyeaozPtifnpqZ3fYS91t9qsDoBjRuv35y6dm2xceb5s3fsvjXwfv8TxwcuDD178plu2fHhkZGxzSL13vK1e25Ix04zPA5HEScjxXPf/1lqRUQRez8X9Qc79lsdqToxWHVifHik6shMuzW7VO4c7Z6IIqLRU6nZPUfbj0XU+h5oH3bWjFgum182eLDs3th8a6F1dWa6MdpaWGovtedmR1OntWV/GlHE+RSxEhFr/Xcfri+KqEWK7x5bT1cj4lD3PHyxmhi8czuKfezjLpTtbPRFrBSPwJgdYP1RxKuR4ufvnIjJfJ2prjVfiHi1zB9GvFXmSxGp/GKci3hvm+8Rj6ZaFPEX5fhfWE9T1fWge1259PXGV2evzfWU7V5XPuL94a4rxUO6PxzZkg/GAb821aOIVnXFX0/3/psdAAAAAAAAAAAAAAAAAO63I1HEZyLFK//+x9W84qjmpR+7MPQHA7/aO2f86Q85Tln2+YhYLnY3J/dwnhg4mkZTeshziR9n9SjiT/L8v28/7MYAAAAAAAAAAAAAAAAAAAA81or4aaR48d0TaSV61xRvz15vXGldnemsCttd+7e7ZvrGxsZGI3WymXMi53LOlZyrOddyRpHr52zmnMi5nHMl52rOtZxxKNfP2cw5kXM550rO1ZxrOaOW6+ds5pzIuZxzJedqzrWccUDW7gUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DgpoohfRorvfHM9RYqIZsREdHK1/2G3DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo9acifhApGn/YvL2tFhGp+rfjRPnLuWgeLvOT0Rwq86VoXszZqrLW/PZDaD9705eK+Emk6K+/fXvA8/j3dd7d/hrEW9/afPfZWicPdXcOvN//xPFjF4ZGfuPpnV6n7RoweKk9e/NWY3x4ZGSsZ3Mtf/one7YN5M8t7k/XiYjFN958vTUzM71w7y/Kr8Aeqj9CL1LtcempF9WLqB2IZjycvvMYKO//70WK3333P7o3/M79vx6/0nl3+w4fv/jTzfv/i1sPtMv7f21rvXz/L+/p293/n+zZ9mL+3UhfLaK+dGO+73hEffGNN0+2b7SuT1+fnj136tSXh4a+fPZU3+GI+rX2zHTPq/tyugAAAAAAAAAAAAAAAAAenFTEVyJF6yfrqRERt6r5WgMXhp49+cyhOFTNt7pj3vZrY1cuNl6euzG/ML24OD3VGJ9tT85NTe/24+rVdK/x4ZF96cyHOrLP7T9Sf3lu/o2F9vU/Wtp2/9H6xauLSwutye13x5EoIpq9WwarBo8Pj1SNnmm3Zquqo9tOpv/o+lIR/xkpJs810ufztjz/f+sM/zvm/y9vPdA+zf//RM+28jNTKuIXkeJ3/vLp+HzVzqNx1znL5f42Ugye/1wuF4fLct02dJ4r0JkZWJb930jxj7+8s2x3PuSTm2VP7/rEPiLK8T8WKX7w59+L38zb7nz+w/bjf3TrgfZp/J/q2Xb0jucV7Lnr5PE/GSleevLt+K287YOe/9F99saJXPj28zn2afw/1bNtIH/ub9+frgMAAAAAAAAAADzS+lIRfxcpfjRSSy/kbbv5+39TWw+0T3//69M926buz3pFH/pizycVAAAAAA6IvlTETyPF9aW3b8+hvnP+d8/8z9/bnP85nLbsrf6c79eq5wbczz//6zWQP3di790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66lPVPP5p3ZcT301Urzy38/lcul4Wa67DvxA9Wv98tzsyYszM3OTraXW1Znpxth8a3K6rPtUpFj/m8/lukW1vnp3vfnOGu+ba7EvRIqRv++W7azF3l2b/KnNsqfLsp+IFP/1D3eW7a5j/anNsmfKsn8dKb7xz9uXPb5Z9mxZ9nuR4sffaHTLHi3Ldp+P+unNss9PzhX7MCoAAAAAAAAAAAAAAAAAAAA8bvpSEX8WKf7nxsrtufx5/f++nreVt77Vs97/Freqdf4HqvX/d3p9L+v/V88VWN7pUwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4OMpRRFvRor5y+tptb9831G/1J69eWt8eGT7akdSVfNQVb78qZ8+c/bcl14YOt/ND65/v30mXhu7crHx8tyN+YXpxcXpqcb4bHtybmp610fYa/2tBqsT0Ljx+s2pa9cWG2eeP1ttPpx33xp4v/+J4wMXhp49+Uy37PjwyMhYzyFqfff86XdJO2w/HEX8VaR47vs/Sz/qjyhi7+fiQ747++1I1YnBqhPjwyNVR2bardmlcudo90QUEY2eSs3uOXoAY7EnzYjlsvllgwfL7o3NtxZaV2emG6OthaX2UntudjR1Wlv2pxFFnE8RKxGx1n/34fqiiNcjxXePrad/6Y841D0PX7w89rVTZ3ZuR7GPfdyFsp2NvoiV4hEYswOsP4r4p0jx83dOxL/2R9Si8xNfiHi1zB9GvBWd8U7lF+NcxHvbfI94NNWiiP8rx//Cenqnv7wedK8rl77e+Orstbmest3ryiN/f3iQdr42feWBtmMH9Sjix9UVfz39m/+uAQAAAAAAAAAAAAAAAA6QIn49Urz47olUzQ/Oc4qfynuvznSm9XXn/nXnTG9sbGw0UiebOSdyLudcybmacy1nFLl+zmaZ9Y2Nifx+OedKztWcaznjUK6fs5lzIudyzpWcqznXckYt18/ZzDmRcznnSs7VnGs5w7xiAAAAAAAAAAAAAAAAAABgHxTVPym+8831tNHfWV96Ijq5aj3Qj73/DwAA//8H5/Ye") lchown(&(0x7f00000000c0)='./file0/../file0/file0\x00', 0x0, 0x0) 417.786359ms ago: executing program 1 (id=9658): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_WANTLQI(r0, 0x0, 0x3, 0x0, 0xfffffffffffffffe) 328.564468ms ago: executing program 6 (id=9659): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="b40000001000030426bd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa88801200500180012800e0001007769726567756172640000000400028074001a"], 0xb4}}, 0x440088c4) 327.740939ms ago: executing program 5 (id=9660): r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000280)=@multiplanar_fd={0x9, 0x4, 0x4, 0x4000, 0x0, {}, {0x3, 0x2, 0xc6, 0x4, 0xd9, 0xd7, "7a0aec3a"}, 0x0, 0x4, {0x0}, 0x7}) 227.782848ms ago: executing program 1 (id=9661): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1f, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x24}]}, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 170.623104ms ago: executing program 0 (id=9662): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0xb, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300001e880000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x18) 121.662639ms ago: executing program 5 (id=9663): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="a0000000000101040000000000000000020000002400018014000180080001000000000008000200ac1414000c0002800500010000000000240002800c00028005000100000000001400018008000100e0000002080002000000000008000740000000003c00188008000340000000000800024000000000080001"], 0xa0}}, 0x0) 65.809224ms ago: executing program 1 (id=9664): madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) syz_clone(0x8289280, 0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=9665): r0 = syz_open_dev$sndpcmc(&(0x7f0000000d00), 0x0, 0x0) mmap$snddsp_control(&(0x7f0000000000/0x3000)=nil, 0x1000, 0x1, 0x13, r0, 0x81000000) kernel console output (not intermixed with test programs): ournal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 472.772769][T25282] REISERFS (device loop5): checking transaction log (loop5) [ 472.820109][T25282] REISERFS (device loop5): Using r5 hash to sort names [ 472.838614][T25282] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 473.172867][T25317] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7551'. [ 473.502471][T25333] device batadv0 entered promiscuous mode [ 473.530295][T25341] loop6: detected capacity change from 0 to 512 [ 473.533908][T25333] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 473.571802][T25341] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 473.646166][T25346] loop5: detected capacity change from 0 to 64 [ 473.673638][T25341] EXT4-fs (loop6): 1 truncate cleaned up [ 473.679573][T25341] EXT4-fs (loop6): mounted filesystem without journal. Opts: quota,resuid=0x000000000000ee01,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: writeback. [ 474.000035][T24441] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 474.260944][T24441] usb 1-1: Using ep0 maxpacket: 8 [ 474.381023][T24441] usb 1-1: too many endpoints for config 0 interface 0 altsetting 3: 64, using maximum allowed: 30 [ 474.405672][T24441] usb 1-1: config 0 interface 0 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 64 [ 474.419952][ T5863] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 474.439584][T24441] usb 1-1: config 0 interface 0 has no altsetting 0 [ 474.620080][T24441] usb 1-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=1b.62 [ 474.649848][T24441] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 474.687937][T24441] usb 1-1: Product: syz [ 474.699955][ T5863] usb 6-1: Using ep0 maxpacket: 32 [ 474.702749][T24441] usb 1-1: Manufacturer: syz [ 474.722265][T24441] usb 1-1: SerialNumber: syz [ 474.729200][T24441] usb 1-1: config 0 descriptor?? [ 475.040354][ T5863] usb 6-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 475.066922][ T5863] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 475.073586][T24441] comedi comedi5: could not set alternate setting 3 in high speed [ 475.109512][T24441] usbdux 1-1:0.0: driver 'usbdux' failed to auto-configure device. [ 475.125002][ T5863] usb 6-1: Product: syz [ 475.129676][ T5863] usb 6-1: Manufacturer: syz [ 475.135683][ T5863] usb 6-1: SerialNumber: syz [ 475.155389][T24441] usbdux: probe of 1-1:0.0 failed with error -71 [ 475.177106][ T5863] usb 6-1: config 0 descriptor?? [ 475.199986][T24441] usb 1-1: USB disconnect, device number 32 [ 475.466750][ T5863] RobotFuzz Open Source InterFace, OSIF 6-1:0.0: version d4.15 found at bus 006 address 019 [ 475.674182][ T5863] usb 6-1: USB disconnect, device number 19 [ 475.903771][T25510] loop0: detected capacity change from 0 to 512 [ 475.960862][T25510] EXT4-fs (loop0): Journaled quota options ignored when QUOTA feature is enabled [ 476.023293][T25510] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,noinit_itable,errors=remount-ro,grpjquota=.,stripe=0x0000000000000000,init_itable,. Quota mode: writeback. [ 476.083246][T25510] ext4 filesystem being mounted at /1545/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 476.237676][T25485] loop1: detected capacity change from 0 to 32768 [ 476.417032][T25485] (syz.1.7599,25485,0):ocfs2_journal_addressable:1995 ERROR: The journal cannot address the entire volume. Enable the 'block64' journal option with tunefs.ocfs2 [ 476.417072][T25485] (syz.1.7599,25485,0):ocfs2_check_volume:2493 ERROR: status = -27 [ 476.451848][T25485] (syz.1.7599,25485,1):ocfs2_mount_volume:1824 ERROR: status = -27 [ 476.485673][T25535] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7609'. [ 476.510403][T25485] (syz.1.7599,25485,1):ocfs2_fill_super:1177 ERROR: status = -27 [ 476.562279][T25541] loop5: detected capacity change from 0 to 256 [ 476.598012][T25543] tc_dump_action: action bad kind [ 476.772118][T25558] loop6: detected capacity change from 0 to 64 [ 476.828585][T25561] netlink: 830 bytes leftover after parsing attributes in process `syz.0.7620'. [ 477.060013][T25579] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7627'. [ 477.284863][T25603] loop6: detected capacity change from 0 to 512 [ 477.302860][T25606] loop5: detected capacity change from 0 to 128 [ 477.378572][T25614] loop0: detected capacity change from 0 to 256 [ 477.419025][T25603] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 477.455878][T25603] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 477.464471][T25603] System zones: 0-1, 15-15, 18-18, 34-34 [ 477.471776][T25603] EXT4-fs (loop6): orphan cleanup on readonly fs [ 477.478384][T25603] Quota error (device loop6): v2_read_header: Failed header read: expected=8 got=0 [ 477.488496][T25603] EXT4-fs warning (device loop6): ext4_enable_quotas:6461: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 477.506455][T25603] EXT4-fs (loop6): Cannot turn on quotas: error -22 [ 477.521067][T25603] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.7630: bg 0: block 40: padding at end of block bitmap is not set [ 477.545065][T25603] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 477.565498][T25603] EXT4-fs (loop6): 1 truncate cleaned up [ 477.575361][T25614] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 477.602273][T25603] EXT4-fs (loop6): mounted filesystem without journal. Opts: resgid=0x0000000000000000,,errors=continue. Quota mode: writeback. [ 477.735638][T25614] exFAT-fs (loop0): error, invalid access to FAT free cluster (entry 0x00000008) [ 477.748620][T25603] fscrypt (loop6, inode 16): Error -61 getting encryption context [ 477.801036][T25614] exFAT-fs (loop0): Filesystem has been set read-only [ 478.437091][T25677] loop0: detected capacity change from 0 to 256 [ 478.581950][T25677] FAT-fs (loop0): Directory bread(block 64) failed [ 478.614616][T25677] FAT-fs (loop0): Directory bread(block 65) failed [ 478.655702][T25677] FAT-fs (loop0): Directory bread(block 66) failed [ 478.696180][T25677] FAT-fs (loop0): Directory bread(block 67) failed [ 478.726909][T25677] FAT-fs (loop0): Directory bread(block 68) failed [ 478.746838][T25677] FAT-fs (loop0): Directory bread(block 69) failed [ 478.767184][T25677] FAT-fs (loop0): Directory bread(block 70) failed [ 478.817059][T25677] FAT-fs (loop0): Directory bread(block 71) failed [ 478.824140][T25706] netlink: 'syz.4.7661': attribute type 2 has an invalid length. [ 478.854407][T25677] FAT-fs (loop0): Directory bread(block 72) failed [ 478.861473][T25677] FAT-fs (loop0): Directory bread(block 73) failed [ 479.052556][T25643] loop5: detected capacity change from 0 to 32768 [ 479.125926][T25720] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7666'. [ 479.156607][T25722] sctp: [Deprecated]: syz.6.7665 (pid 25722) Use of int in maxseg socket option. [ 479.156607][T25722] Use struct sctp_assoc_value instead [ 479.286316][T25735] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7668'. [ 479.326818][T25737] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7670'. [ 479.337761][T25643] XFS (loop5): Mounting V5 Filesystem [ 479.630614][T25643] XFS (loop5): Ending clean mount [ 479.648454][T25643] XFS (loop5): Quotacheck needed: Please wait. [ 479.774388][T25681] loop1: detected capacity change from 0 to 40427 [ 479.788212][T25643] XFS (loop5): Quotacheck: Done. [ 479.886271][T25681] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x1ffff [ 479.933687][T25681] F2FS-fs (loop1): invalid crc value [ 479.964842][T25681] F2FS-fs (loop1): Found nat_bits in checkpoint [ 480.021916][T25783] overlayfs: conflicting options: userxattr,redirect_dir=off [ 480.021972][T11023] XFS (loop5): Unmounting Filesystem [ 480.172705][T25792] loop0: detected capacity change from 0 to 512 [ 480.199803][T25681] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 480.326466][T25792] EXT4-fs (loop0): mounted filesystem without journal. Opts: sb=0x0000000000000001,nodioread_nolock,,errors=continue. Quota mode: writeback. [ 480.361858][T25792] ext4 filesystem being mounted at /1565/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 481.149877][T25859] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7684'. [ 481.331529][T25874] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7707'. [ 481.355549][T25874] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 481.794383][T25905] xt_CT: You must specify a L4 protocol and not use inversions on it [ 481.924969][T25919] netlink: 32 bytes leftover after parsing attributes in process `syz.5.7722'. [ 482.041883][T25927] netlink: 'syz.1.7725': attribute type 30 has an invalid length. [ 482.168611][T25934] loop5: detected capacity change from 0 to 64 [ 482.264847][T25942] netlink: 4176 bytes leftover after parsing attributes in process `syz.1.7730'. [ 482.310126][T25940] libceph: resolve '4..' (ret=-3): failed [ 482.322076][T25946] No such timeout policy "syz1" [ 482.407973][T25865] loop0: detected capacity change from 0 to 40427 [ 482.479001][T25955] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 482.486462][T25955] IPv6: NLM_F_CREATE should be set when creating new route [ 482.507256][T25865] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x1ffff [ 482.558575][T25865] F2FS-fs (loop0): invalid crc value [ 482.600625][T25865] F2FS-fs (loop0): Found nat_bits in checkpoint [ 482.806326][T25865] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 482.853962][ T26] audit: type=1326 audit(1760739016.089:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25977 comm="syz.5.7740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d3afbbfc9 code=0x7ffc0000 [ 482.919811][ T26] audit: type=1326 audit(1760739016.129:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25977 comm="syz.5.7740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f7d3afbbfc9 code=0x7ffc0000 [ 483.022604][ T26] audit: type=1326 audit(1760739016.129:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25977 comm="syz.5.7740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d3afbbfc9 code=0x7ffc0000 [ 483.144805][T25996]  (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 483.258112][T26001] netlink: 'syz.5.7748': attribute type 2 has an invalid length. [ 483.306367][T26001] netlink: 'syz.5.7748': attribute type 1 has an invalid length. [ 483.459031][T26009] loop6: detected capacity change from 0 to 1024 [ 483.465544][T26012] overlayfs: workdir and upperdir must be separate subtrees [ 483.589034][T26009] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 483.626067][T26009] ext4 filesystem being mounted at /602/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 484.524317][T26099] usb usb8: usbfs: process 26099 (syz.4.7778) did not claim interface 5 before use [ 484.598513][T26090] xt_CT: No such helper "pptp" [ 485.090909][T24441] usb 6-1: new full-speed USB device number 20 using dummy_hcd [ 485.174995][T26143] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7793'. [ 485.216276][T26146] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.7795'. [ 485.241836][T26149] loop6: detected capacity change from 0 to 16 [ 485.265151][T26146] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 485.277510][T26093] loop1: detected capacity change from 0 to 32768 [ 485.286677][T26146] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 485.295648][T26149] erofs: (device loop6): mounted with root inode @ nid 36. [ 485.448250][T26093] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 485.470135][T24441] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 485.610140][T26093] OCFS2: ERROR (device loop1): int ocfs2_validate_dx_root(struct super_block *, struct buffer_head *): Dir Index Root # 28549323745621536 has bad signature  [ 485.650183][T24441] usb 6-1: New USB device found, idVendor=1ac7, idProduct=0001, bcdDevice=cc.19 [ 485.659331][T24441] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.708845][T24441] usb 6-1: Product: syz [ 485.739781][T24441] usb 6-1: Manufacturer: syz [ 485.744445][T24441] usb 6-1: SerialNumber: syz [ 485.778380][T24441] usb 6-1: config 0 descriptor?? [ 485.790349][T26093] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 485.813631][T26093] OCFS2: File system is now read-only. [ 485.834522][T26093] (syz.1.7777,26093,1):ocfs2_find_entry_dx:1029 ERROR: status = -30 [ 485.869978][T24441] usbtouchscreen: probe of 6-1:0.0 failed with error -32 [ 485.928288][ T4184] ocfs2: Unmounting device (7,1) on (node local) [ 485.939914][T26189] loop0: detected capacity change from 0 to 128 [ 485.976605][ T1092] block nbd6: Attempted send on invalid socket [ 485.983443][ T1092] blk_update_request: I/O error, dev nbd6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 486.025481][T26192] qnx6: unable to read the first superblock [ 486.033236][ T150] block nbd6: Attempted send on invalid socket [ 486.039583][ T150] blk_update_request: I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 486.077971][T26192] qnx6: unable to read the first superblock [ 486.097422][T26192] qnx6: unable to read the first superblock [ 486.175014][T24441] usb 6-1: USB disconnect, device number 20 [ 486.476697][T26224] loop1: detected capacity change from 0 to 2048 [ 486.527614][T26224] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 486.544624][ T5864] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 486.790363][ T5864] usb 7-1: Using ep0 maxpacket: 16 [ 486.910212][ T5864] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 487.126119][ T5864] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 487.152958][ T5864] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 487.180262][ T5864] usb 7-1: Product: syz [ 487.194755][ T5864] usb 7-1: Manufacturer: syz [ 487.204907][ T5864] usb 7-1: SerialNumber: syz [ 487.230810][ T5864] usb 7-1: config 0 descriptor?? [ 487.400036][ T5863] usb 2-1: new full-speed USB device number 41 using dummy_hcd [ 487.510149][ T5864] usb 7-1: USB disconnect, device number 12 [ 487.583074][T26306] loop5: detected capacity change from 0 to 8 [ 487.821650][ T5863] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 487.861133][ T5863] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 487.882883][T26326] netlink: 'syz.0.7845': attribute type 1 has an invalid length. [ 488.049009][T26333] loop5: detected capacity change from 0 to 2048 [ 488.080310][ T5863] usb 2-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 488.089495][ T5863] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.129417][ T5863] usb 2-1: Product: syz [ 488.150875][T26333] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 488.167097][ T5863] usb 2-1: Manufacturer: syz [ 488.184078][ T5863] usb 2-1: SerialNumber: syz [ 488.223523][ T5863] usb 2-1: config 0 descriptor?? [ 488.314132][T26353] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 488.534571][ T5863] usb 2-1: USB disconnect, device number 41 [ 488.786362][T26397] netlink: 28 bytes leftover after parsing attributes in process `syz.6.7866'. [ 488.936549][T26407] loop5: detected capacity change from 0 to 1024 [ 489.455638][T26465] netlink: 160 bytes leftover after parsing attributes in process `syz.4.7889'. [ 489.534797][T26474] loop0: detected capacity change from 0 to 64 [ 489.966821][T26517] netlink: 68 bytes leftover after parsing attributes in process `syz.6.7905'. [ 490.219985][T24436] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 490.522814][T26551] loop5: detected capacity change from 0 to 1024 [ 490.574864][T26551] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option [ 490.580437][T24436] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 490.608862][T24436] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 490.611320][T26551] EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled [ 490.644070][T24436] usb 1-1: config 0 descriptor?? [ 490.663876][T26551] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option [ 490.675105][T26551] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 490.702320][T24436] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 490.728132][T26551] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,sysvgroups,nomblk_io_submit,bsddf,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 490.786253][T26571] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7923'. [ 491.146646][T24436] gspca_cpia1: usb_control_msg 03, error -71 [ 491.180083][T24436] gspca_cpia1: usb_control_msg 01, error -71 [ 491.189782][T24436] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0) [ 491.230039][T24436] usb 1-1: USB disconnect, device number 33 [ 491.260086][ T5863] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 491.503348][T26622] loop5: detected capacity change from 0 to 1764 [ 491.544419][ T5863] usb 5-1: Using ep0 maxpacket: 16 [ 491.550786][T26622] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 491.605628][T26622] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 491.684756][ T5863] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11 [ 491.715370][ T5863] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 491.715414][T26634] netlink: 'syz.1.7940': attribute type 1 has an invalid length. [ 491.733821][ T5863] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 491.874630][ T5863] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 491.894280][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 491.928233][ T5863] usb 5-1: SerialNumber: syz [ 492.010306][T26579] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 492.064825][T26661] netlink: 'syz.5.7947': attribute type 2 has an invalid length. [ 492.083258][T26661] netlink: 'syz.5.7947': attribute type 3 has an invalid length. [ 492.162082][T26668] xt_CT: You must specify a L4 protocol and not use inversions on it [ 492.280956][T26653] loop6: detected capacity change from 0 to 4096 [ 492.284864][ T5863] cdc_ether: probe of 5-1:1.0 failed with error -71 [ 492.338703][ T5863] usb 5-1: USB disconnect, device number 26 [ 492.421090][T26653] ntfs3: loop6: Mark volume as dirty due to NTFS errors [ 492.490995][T26653] ntfs3: loop6: Failed to load $Extend. [ 492.849088][T26723] netlink: 'syz.0.7964': attribute type 4 has an invalid length. [ 492.906571][T26729] loop1: detected capacity change from 0 to 256 [ 492.947359][T26728] loop5: detected capacity change from 0 to 2048 [ 492.985960][T26729] autofs4:pid:26729:autofs_fill_super: called with bogus options [ 493.049617][T26728] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 493.202545][T26748] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 493.247034][T26753] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7974'. [ 493.432479][T26756] loop0: detected capacity change from 0 to 4096 [ 493.575947][T26756] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 493.656843][T26756] ntfs3: loop0: ntfs_sync_fs r=9 failed, -22. [ 493.696486][T26756] ntfs3: loop0: ntfs_evict_inode r=9 failed, -22. [ 494.207185][T26832] loop5: detected capacity change from 0 to 512 [ 494.290390][T26832] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 494.324648][T26832] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 494.389790][T26832] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 494.418531][T26850] netlink: 'syz.1.8005': attribute type 4 has an invalid length. [ 494.431060][T26832] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 494.469303][T26832] EXT4-fs (loop5): failed to initialize system zone (-117) [ 494.482645][T26832] EXT4-fs (loop5): mount failed [ 494.598365][T26860] loop6: detected capacity change from 0 to 2048 [ 494.631529][T26860] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=26504, location=26504 [ 494.698683][T26860] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 494.857314][T26883] loop1: detected capacity change from 0 to 1024 [ 494.986411][T26883] EXT4-fs (loop1): Ignoring removed oldalloc option [ 494.989946][T24432] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 495.020316][T26883] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 495.072282][T26883] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,auto_da_alloc=0x0000000000000002,barrier=0x0000000000000002,usrquota,data_err=ignore,mb_optimize_scan=0x0000000000000001,oldalloc,barrier=0x0000000000000000,noload,user_xattr,abort,dioread_nolock,,errors=continue. Quota mode: writeback. [ 495.109279][T26883] EXT4-fs error (device loop1): ext4_remount:6035: comm syz.1.8014: Abort forced by user [ 495.122612][T26883] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [ 495.152746][T26903] loop6: detected capacity change from 0 to 512 [ 495.217295][T26903] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 495.281427][T26903] EXT4-fs (loop6): orphan cleanup on readonly fs [ 495.334896][T26903] EXT4-fs warning (device loop6): ext4_enable_quotas:6461: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 495.399920][T24432] usb 6-1: config 0 has an invalid interface number: 111 but max is 0 [ 495.404927][T26903] EXT4-fs (loop6): Cannot turn on quotas: error -22 [ 495.408167][T24432] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 495.486457][T24432] usb 6-1: config 0 has no interface number 0 [ 495.501242][T26903] EXT4-fs error (device loop6): ext4_orphan_get:1401: inode #16: comm syz.6.8019: iget: immutable or append flags not allowed on symlinks [ 495.514197][T24432] usb 6-1: too many endpoints for config 0 interface 111 altsetting 99: 44, using maximum allowed: 30 [ 495.572644][T24432] usb 6-1: config 0 interface 111 altsetting 99 has 0 endpoint descriptors, different from the interface descriptor's value: 44 [ 495.589610][T26903] EXT4-fs error (device loop6): ext4_orphan_get:1406: comm syz.6.8019: couldn't read orphan inode 16 (err -117) [ 495.649564][T26903] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 495.649596][T24432] usb 6-1: config 0 interface 111 has no altsetting 0 [ 495.708209][T26903] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 495.714376][T24432] usb 6-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 495.731677][T26932] netlink: 'syz.4.8030': attribute type 1 has an invalid length. [ 495.739471][T26932] netlink: 'syz.4.8030': attribute type 2 has an invalid length. [ 495.765673][T26932] netlink: 132 bytes leftover after parsing attributes in process `syz.4.8030'. [ 495.772930][T24432] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.785605][T26929] loop0: detected capacity change from 0 to 2048 [ 495.828120][T26929] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 495.844406][T24432] usb 6-1: config 0 descriptor?? [ 495.895019][T24432] usb 6-1: selecting invalid altsetting 0 [ 495.913712][T26939] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 496.303156][T24432] usb 6-1: USB disconnect, device number 21 [ 496.718995][T26996] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8045'. [ 496.858891][T27001] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8047'. [ 496.909430][T26950] loop1: detected capacity change from 0 to 32768 [ 496.987432][T26950] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz.1.8033 (26950) [ 497.185500][ T4841] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by udevd (4841) [ 497.277465][T27026] loop5: detected capacity change from 0 to 2048 [ 497.379924][T27026] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 497.530000][T24441] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 497.590275][T24432] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 497.603796][T27053] netlink: 'syz.1.8061': attribute type 5 has an invalid length. [ 497.789823][T24441] usb 1-1: Using ep0 maxpacket: 16 [ 498.080054][T24441] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 498.095299][T24441] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.117589][T27086] loop5: detected capacity change from 0 to 256 [ 498.124501][T24441] usb 1-1: Product: syz [ 498.128712][T24441] usb 1-1: Manufacturer: syz [ 498.133897][T24441] usb 1-1: SerialNumber: syz [ 498.159993][T24432] usb 7-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50 [ 498.185000][T24441] r8152-cfgselector 1-1: config 0 descriptor?? [ 498.196623][T27086] FAT-fs (loop5): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 498.209833][T24432] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.227514][T24432] usb 7-1: Product: syz [ 498.252513][T24432] usb 7-1: Manufacturer: syz [ 498.257177][T24432] usb 7-1: SerialNumber: syz [ 498.293970][T24432] usb 7-1: config 0 descriptor?? [ 498.312706][ T4300] FAT-fs (loop5): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 498.352383][T24432] usb 7-1: Waiting for MOTU Microbook II to boot up... [ 498.361315][T24432] usb 7-1: failed setting the sample rate for Motu MicroBook II: -22 [ 498.369668][T24432] snd-usb-audio: probe of 7-1:0.0 failed with error -22 [ 498.590092][T24432] usb 7-1: USB disconnect, device number 13 [ 498.699872][T24441] r8152-cfgselector 1-1: Unknown version 0x0000 [ 498.716545][T24441] r8152-cfgselector 1-1: bad CDC descriptors [ 498.749922][T24441] r8152-cfgselector 1-1: Unknown version 0x0000 [ 498.786881][T24441] r8152-cfgselector 1-1: USB disconnect, device number 34 [ 498.989524][T27092] loop1: detected capacity change from 0 to 40427 [ 499.038683][T27092] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff [ 499.063740][T27092] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x4 [ 499.084826][T27092] F2FS-fs (loop1): invalid crc value [ 499.130147][T27092] F2FS-fs (loop1): Found nat_bits in checkpoint [ 499.321946][T27092] F2FS-fs (loop1): Start checkpoint disabled! [ 499.370455][T27092] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 499.434588][T27142] loop0: detected capacity change from 0 to 64 [ 499.492969][T27119] loop5: detected capacity change from 0 to 32768 [ 499.657436][T11400] attempt to access beyond end of device [ 499.657436][T11400] loop1: rw=2049, want=40976, limit=40427 [ 499.900297][T27172] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8091'. [ 499.955790][T27172] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8091'. [ 500.156852][T27193] netlink: 'syz.5.8100': attribute type 10 has an invalid length. [ 500.358684][T27193] team0: Device veth1_macvtap failed to register rx_handler [ 500.996476][T27223] loop1: detected capacity change from 0 to 4096 [ 501.090761][T27223] ntfs: (device loop1): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 501.172543][T27223] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing. [ 501.206965][T27223] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 501.245142][T27256] rtc_cmos 00:00: Alarms can be up to one day in the future [ 501.259835][T27223] ntfs: (device loop1): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 501.345916][T27223] ntfs: volume version 3.1. [ 501.388604][T27223] ntfs: (device loop1): load_and_init_quota(): Failed to find inode number for $Quota. [ 501.426716][T27223] ntfs: (device loop1): load_system_files(): Failed to load $Quota. Will not be able to remount read-write. Run chkdsk. [ 501.592005][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.598394][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.037188][T27313] A link change request failed with some changes committed already. Interface veth1_to_team may have been left with an inconsistent configuration, please check. [ 502.253838][T27328] loop0: detected capacity change from 0 to 16 [ 502.291186][T27328] erofs: (device loop0): mounted with root inode @ nid 36. [ 502.343820][T27328] erofs: (device loop0): init_inode_xattrs: xattr_isize 12 of nid 46 is not supported yet [ 502.609622][T27353] loop1: detected capacity change from 0 to 256 [ 502.776542][T27353] FAT-fs (loop1): Directory bread(block 64) failed [ 502.809833][T27353] FAT-fs (loop1): Directory bread(block 65) failed [ 502.816508][T27353] FAT-fs (loop1): Directory bread(block 66) failed [ 502.859929][T27353] FAT-fs (loop1): Directory bread(block 67) failed [ 502.866606][T27353] FAT-fs (loop1): Directory bread(block 68) failed [ 502.907692][T27368] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8158'. [ 502.919992][T27353] FAT-fs (loop1): Directory bread(block 69) failed [ 502.926672][T27353] FAT-fs (loop1): Directory bread(block 70) failed [ 502.954059][T27353] FAT-fs (loop1): Directory bread(block 71) failed [ 502.983191][T27353] FAT-fs (loop1): Directory bread(block 72) failed [ 503.029780][T27353] FAT-fs (loop1): Directory bread(block 73) failed [ 503.994174][T27434] netlink: 'syz.1.8170': attribute type 10 has an invalid length. [ 504.094387][T27434] team0: Device veth1_macvtap failed to register rx_handler [ 504.231981][T27437] netlink: 'syz.4.8180': attribute type 8 has an invalid length. [ 504.324571][T27447] loop6: detected capacity change from 0 to 512 [ 504.421609][T27411] loop0: detected capacity change from 0 to 32768 [ 504.455508][T27460] netlink: 'syz.1.8186': attribute type 10 has an invalid length. [ 504.487359][T27411] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz.0.8173 (27411) [ 504.515604][T27447] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpquota,abort,errors=remount-ro,. Quota mode: writeback. [ 504.538995][T27447] ext4 filesystem being mounted at /685/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 504.569940][T27460] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.8186'. [ 504.579459][T27460] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 504.625841][T27411] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 504.724173][T27411] BTRFS info (device loop0): force zlib compression, level 3 [ 504.768558][T27411] BTRFS info (device loop0): force clearing of disk cache [ 504.786520][T27411] BTRFS info (device loop0): setting nodatasum [ 504.806966][T27411] BTRFS info (device loop0): allowing degraded mounts [ 504.867916][T27411] BTRFS info (device loop0): enabling disk space caching [ 504.883628][T27411] BTRFS info (device loop0): disk space caching is enabled [ 504.931430][T27411] BTRFS info (device loop0): has skinny extents [ 504.967177][T27491] [U] ^C [ 505.009233][T27494] netlink: 'syz.6.8197': attribute type 2 has an invalid length. [ 505.034495][T27494] netlink: 12 bytes leftover after parsing attributes in process `syz.6.8197'. [ 505.296900][T27411] BTRFS info (device loop0): clearing free space tree [ 505.318073][T27530] loop5: detected capacity change from 0 to 1024 [ 505.397754][T27411] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 505.422106][T27530] hfsplus: inconsistency in B*Tree (0,1,255,1,0) [ 505.433790][T27530] hfsplus: inconsistency in B*Tree (0,1,255,1,0) [ 505.464418][T27411] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 505.802326][T27562] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8222'. [ 505.982002][T27571] netlink: 'syz.1.8216': attribute type 3 has an invalid length. [ 506.045607][T27577] bridge0: port 1(bridge_slave_0) entered disabled state [ 506.198122][T27585] netlink: 8 bytes leftover after parsing attributes in process `syz.6.8220'. [ 506.558654][T27604] netlink: 68 bytes leftover after parsing attributes in process `syz.4.8228'. [ 506.588878][T27604] netlink: 48 bytes leftover after parsing attributes in process `syz.4.8228'. [ 506.699992][ T5862] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 506.763426][T27573] loop5: detected capacity change from 0 to 32768 [ 506.825157][T27573] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz.5.8217 (27573) [ 506.873352][T27573] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 506.913291][T27573] BTRFS info (device loop5): force zlib compression, level 3 [ 506.950058][ T5862] usb 7-1: Using ep0 maxpacket: 16 [ 506.960013][T27573] BTRFS info (device loop5): force clearing of disk cache [ 506.997856][T27573] BTRFS info (device loop5): setting nodatasum [ 507.018150][T27573] BTRFS info (device loop5): allowing degraded mounts [ 507.048694][T27573] BTRFS info (device loop5): enabling disk space caching [ 507.066244][T27573] BTRFS info (device loop5): disk space caching is enabled [ 507.084178][T27573] BTRFS info (device loop5): has skinny extents [ 507.097667][ T5862] usb 7-1: config 0 has an invalid interface number: 105 but max is 0 [ 507.120771][ T5862] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 507.150754][ T5862] usb 7-1: config 0 has no interface number 0 [ 507.154389][T27640] netlink: 56 bytes leftover after parsing attributes in process `syz.4.8236'. [ 507.204075][T27640] netlink: 56 bytes leftover after parsing attributes in process `syz.4.8236'. [ 507.274077][T24444] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 507.358714][T27573] BTRFS info (device loop5): clearing free space tree [ 507.370504][ T5862] usb 7-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 507.379598][ T5862] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.387562][T27573] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 507.395244][ T5862] usb 7-1: Product: syz [ 507.404376][T27573] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 507.443385][ T5862] usb 7-1: Manufacturer: syz [ 507.448049][ T5862] usb 7-1: SerialNumber: syz [ 507.491693][ T5862] usb 7-1: config 0 descriptor?? [ 507.529958][T24444] usb 2-1: Using ep0 maxpacket: 16 [ 507.545671][T27573] BTRFS error (device loop5): balance: invalid convert system profile single [ 507.556857][ T5862] usb 7-1: Found UVC 0.00 device syz (046d:08f3) [ 507.579822][ T5862] usb 7-1: No valid video chain found. [ 507.810020][T24444] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 507.826918][T24444] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.856165][T24444] usb 2-1: Product: syz [ 507.868846][T24444] usb 2-1: Manufacturer: syz [ 507.888619][T24444] usb 2-1: SerialNumber: syz [ 507.917355][T24444] r8152-cfgselector 2-1: config 0 descriptor?? [ 508.055930][T27701] QAT: failed to copy from user cfg_data. [ 508.409913][T24444] r8152-cfgselector 2-1: Unknown version 0x0000 [ 508.416437][T24444] r8152-cfgselector 2-1: bad CDC descriptors [ 508.480038][T24444] r8152-cfgselector 2-1: Unknown version 0x0000 [ 508.506519][T24444] r8152-cfgselector 2-1: USB disconnect, device number 42 [ 508.520425][ T2304] usb 7-1: USB disconnect, device number 14 [ 508.530887][T27725] overlayfs: unrecognized mount option "\{\" or missing value [ 508.706520][T27747] netlink: 88 bytes leftover after parsing attributes in process `syz.0.8262'. [ 508.899862][ T23] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 509.312343][ T23] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 509.349764][ T23] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 509.386623][ T23] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 509.420027][ T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.430676][T27739] loop6: detected capacity change from 0 to 32768 [ 509.477839][T27795] netlink: 64985 bytes leftover after parsing attributes in process `syz.0.8278'. [ 509.490232][T27741] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 509.506219][T27739] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop6 scanned by syz.6.8260 (27739) [ 509.555859][T27807] loop1: detected capacity change from 0 to 128 [ 509.622236][T27739] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm [ 509.638633][T27739] BTRFS info (device loop6): force zlib compression, level 3 [ 509.733621][T27739] BTRFS info (device loop6): force clearing of disk cache [ 509.770119][T27739] BTRFS info (device loop6): setting nodatasum [ 509.776349][T27739] BTRFS info (device loop6): allowing degraded mounts [ 509.785321][ T23] usb 5-1: USB disconnect, device number 27 [ 509.856840][T27739] BTRFS info (device loop6): enabling disk space caching [ 509.875284][T27739] BTRFS info (device loop6): disk space caching is enabled [ 509.926569][T27739] BTRFS info (device loop6): has skinny extents [ 510.066444][T27859] xt_connbytes: Forcing CT accounting to be enabled [ 510.073206][T27859] xt_bpf: check failed: parse error [ 510.177256][T27739] BTRFS info (device loop6): clearing free space tree [ 510.191185][T27739] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 510.230119][T27739] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 510.299088][T27886] loop0: detected capacity change from 0 to 1024 [ 511.478422][T27964] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8315'. [ 511.519501][T27964] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8315'. [ 511.530468][T27964] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8315'. [ 511.540097][T27964] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8315'. [ 511.549425][T27964] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8315'. [ 511.560087][T27964] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8315'. [ 511.570674][T27964] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8315'. [ 511.591609][T27964] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8315'. [ 511.907141][T27994] ieee802154 phy0 wpan0: encryption failed: -90 [ 513.195601][T28002] loop6: detected capacity change from 0 to 32768 [ 513.287562][T28002] XFS (loop6): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 513.311011][T28017] loop0: detected capacity change from 0 to 32768 [ 513.355359][T28083] netlink: 'syz.5.8352': attribute type 2 has an invalid length. [ 513.531539][T28091] netlink: 'syz.0.8354': attribute type 1 has an invalid length. [ 513.575960][T28093] cgroup: name respecified [ 513.675612][T14544] XFS (loop6): Unmounting Filesystem [ 513.742392][T28102] x_tables: unsorted entry at hook 1 [ 513.818074][T28106] netlink: 'syz.4.8360': attribute type 1 has an invalid length. [ 514.019936][T24441] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 514.254279][ T23] usb 6-1: new full-speed USB device number 22 using dummy_hcd [ 514.390182][T24441] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 514.420166][T24441] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 514.600155][T24441] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 514.609325][T24441] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.636303][T24441] usb 1-1: Product: syz [ 514.640950][T24441] usb 1-1: Manufacturer: syz [ 514.645591][T24441] usb 1-1: SerialNumber: syz [ 514.662462][T24441] usb 1-1: config 0 descriptor?? [ 514.704944][ T23] usb 6-1: config 0 has an invalid descriptor of length 91, skipping remainder of the config [ 514.722903][ T23] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 514.754520][ T23] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 514.783032][ T23] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 514.822815][ T23] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 514.856699][ T23] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 514.875929][ T23] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.907255][ T23] usb 6-1: config 0 descriptor?? [ 514.940865][T24441] usb 1-1: USB disconnect, device number 35 [ 515.107034][T28140] loop1: detected capacity change from 0 to 32768 [ 515.149986][ T23] rc_core: IR keymap rc-hauppauge not found [ 515.155985][ T23] Registered IR keymap rc-empty [ 515.234912][ T23] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 515.242398][ T4381] udevd[4381]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 515.320064][ T23] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 515.361557][ T23] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 515.406469][ T23] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input40 [ 515.450037][ T23] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 515.479942][T27944] usb 5-1: new full-speed USB device number 28 using dummy_hcd [ 515.509883][ T23] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 515.571693][ T23] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 515.640224][ T23] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 515.699865][ T23] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 515.760003][ T23] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 515.825354][ T23] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 515.850168][T27944] usb 5-1: config 8 has an invalid interface number: 177 but max is 0 [ 515.858483][T27944] usb 5-1: config 8 has no interface number 0 [ 515.893328][ T23] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 515.899803][T27944] usb 5-1: config 8 interface 177 altsetting 9 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 515.950225][T27944] usb 5-1: config 8 interface 177 has no altsetting 0 [ 515.970011][ T23] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 515.975038][T27944] usb 5-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1 [ 516.020259][ T23] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 516.025250][T27944] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.061187][ T23] mceusb 6-1:0.0: Registered with mce emulator interface version 1 [ 516.090140][ T23] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 516.104602][T28202] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 516.147053][ T23] usb 6-1: USB disconnect, device number 22 [ 516.229504][T28284] netlink: 'syz.0.8406': attribute type 1 has an invalid length. [ 516.264577][T28284] __nla_validate_parse: 16 callbacks suppressed [ 516.264593][T28284] netlink: 216 bytes leftover after parsing attributes in process `syz.0.8406'. [ 516.292185][T28292] IPv6: sit1: Disabled Multicast RS [ 516.313853][T28284] NCSI netlink: No device for ifindex 0 [ 516.335121][T28300] loop5: detected capacity change from 0 to 128 [ 516.360014][T27944] usb 5-1: string descriptor 0 read error: -71 [ 516.399858][ C0] ir_toy 5-1:8.177: out urb status: -71 [ 516.474755][T28300] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 516.502183][T28300] ext4 filesystem being mounted at /1013/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 516.528969][T28300] EXT4-fs warning (device loop5): verify_group_input:147: Cannot add at group 5 (only 1 groups) [ 516.551339][T28320] device netdevsim0 entered promiscuous mode [ 516.596185][T28320] netlink: 64 bytes leftover after parsing attributes in process `syz.6.8415'. [ 516.607031][T28320] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 516.753793][T28340] xt_TCPMSS: Only works on TCP SYN packets [ 516.892627][T27944] ir_toy 5-1:8.177: could not write reset command: -110 [ 516.899933][ C0] ir_toy 5-1:8.177: failed to resubmit urb: -1 [ 516.935265][T28358] loop1: detected capacity change from 0 to 512 [ 516.943940][T27944] ir_toy: probe of 5-1:8.177 failed with error -110 [ 516.979460][T27944] usb 5-1: USB disconnect, device number 28 [ 517.001489][T28366] loop6: detected capacity change from 0 to 1024 [ 517.069927][T28358] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 517.082583][T28360] loop5: detected capacity change from 0 to 4096 [ 517.117250][T28358] EXT4-fs (loop1): orphan cleanup on readonly fs [ 517.148884][T28358] EXT4-fs error (device loop1): mb_free_blocks:1860: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 517.210225][ T4223] hfsplus: b-tree write err: -5, ino 4 [ 517.218803][T28385] IPv6: sit1: Disabled Multicast RS [ 517.237726][T28360] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512) [ 517.253416][T28358] EXT4-fs error (device loop1): ext4_do_update_inode:5204: inode #11: comm syz.1.8426: corrupted inode contents [ 517.363104][T28358] EXT4-fs error (device loop1): ext4_dirty_inode:6040: inode #11: comm syz.1.8426: mark_inode_dirty error [ 517.374688][T28399] netlink: 'syz.0.8435': attribute type 13 has an invalid length. [ 517.442348][T28358] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.8426: invalid indirect mapped block 327680 (level 0) [ 517.500469][T28358] EXT4-fs error (device loop1): ext4_do_update_inode:5204: inode #11: comm syz.1.8426: corrupted inode contents [ 517.560069][T28358] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 517.583740][T28358] EXT4-fs error (device loop1): ext4_do_update_inode:5204: inode #11: comm syz.1.8426: corrupted inode contents [ 517.639770][T28358] EXT4-fs error (device loop1): ext4_truncate:4273: inode #11: comm syz.1.8426: mark_inode_dirty error [ 517.670440][T28358] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 517.699521][T28358] EXT4-fs (loop1): 1 truncate cleaned up [ 517.707379][T28358] EXT4-fs (loop1): mounted filesystem without journal. Opts: init_itable,grpjquota=,,errors=continue. Quota mode: none. [ 517.803070][T28444] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 517.899828][T24441] usb 1-1: new full-speed USB device number 36 using dummy_hcd [ 518.260514][T24441] usb 1-1: config 8 has an invalid interface number: 177 but max is 0 [ 518.294480][T24441] usb 1-1: config 8 has no interface number 0 [ 518.331362][T24441] usb 1-1: config 8 interface 177 altsetting 9 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 518.368708][T24441] usb 1-1: config 8 interface 177 has no altsetting 0 [ 518.436306][T24441] usb 1-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1 [ 518.493815][T24441] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 518.563495][T28427] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 518.696930][T28483] netlink: 32 bytes leftover after parsing attributes in process `syz.6.8456'. [ 518.775592][T28483] netlink: 40 bytes leftover after parsing attributes in process `syz.6.8456'. [ 518.813873][T28483] netlink: 40 bytes leftover after parsing attributes in process `syz.6.8456'. [ 518.820062][T24441] usb 1-1: string descriptor 0 read error: -71 [ 518.869912][ C0] ir_toy 1-1:8.177: out urb status: -71 [ 519.193242][T28526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8469'. [ 519.230367][T28526] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8469'. [ 519.360884][T24441] ir_toy 1-1:8.177: could not write reset command: -110 [ 519.389808][ C0] ir_toy 1-1:8.177: failed to resubmit urb: -1 [ 519.396471][T24441] ir_toy: probe of 1-1:8.177 failed with error -110 [ 519.433826][T24441] usb 1-1: USB disconnect, device number 36 [ 519.513476][T28550] netlink: 'syz.5.8476': attribute type 1 has an invalid length. [ 519.570051][T28550] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8476'. [ 519.927913][T28581] netlink: 4844 bytes leftover after parsing attributes in process `syz.4.8486'. [ 519.986974][T28586] netlink: 232 bytes leftover after parsing attributes in process `syz.0.8488'. [ 520.379883][T24441] usb 7-1: new full-speed USB device number 15 using dummy_hcd [ 520.400901][T28612] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 520.746817][T28635] loop1: detected capacity change from 0 to 64 [ 520.750083][T24441] usb 7-1: config 8 has an invalid interface number: 177 but max is 0 [ 520.799812][T24441] usb 7-1: config 8 has no interface number 0 [ 520.826332][T24441] usb 7-1: config 8 interface 177 altsetting 9 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 520.832846][T28635] Trying to free block not in datazone [ 520.863997][T28635] Trying to free block not in datazone [ 520.878668][T24441] usb 7-1: config 8 interface 177 has no altsetting 0 [ 520.912302][T24441] usb 7-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1 [ 520.932078][T24441] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.972154][T28602] loop5: detected capacity change from 0 to 32768 [ 520.980245][T28595] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 521.225437][T28602] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 521.235166][T24441] usb 7-1: string descriptor 0 read error: -71 [ 521.259818][ C0] ir_toy 7-1:8.177: out urb status: -71 [ 521.421994][T11023] (syz-executor,11023,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72 [ 521.440870][T11023] ocfs2: Unmounting device (7,5) on (node local) [ 521.634710][T28691] NILFS (nullb0): couldn't find nilfs on the device [ 521.755850][T24441] ir_toy 7-1:8.177: could not write reset command: -110 [ 521.779915][ C0] ir_toy 7-1:8.177: failed to resubmit urb: -1 [ 521.789913][T24441] ir_toy: probe of 7-1:8.177 failed with error -110 [ 521.829969][T24441] usb 7-1: USB disconnect, device number 15 [ 521.840920][T28703] __nla_validate_parse: 3 callbacks suppressed [ 521.840940][T28703] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8524'. [ 522.070117][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 522.415636][T28744] netlink: 'syz.5.8535': attribute type 40 has an invalid length. [ 522.559965][T24445] usb 7-1: new full-speed USB device number 16 using dummy_hcd [ 522.616846][T28752] loop0: detected capacity change from 0 to 4096 [ 522.688976][T28764] kAFS: unable to lookup cell '(/' [ 522.730274][T28752] EXT4-fs (loop0): Test dummy encryption mode enabled [ 522.766818][T28752] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 522.818827][T28752] System zones: 0-5 [ 522.870131][T28752] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,data_err=ignore,acl,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 522.929905][T24445] usb 7-1: config 0 has an invalid interface number: 189 but max is 0 [ 522.959159][T24445] usb 7-1: config 0 has no interface number 0 [ 522.975604][T24445] usb 7-1: config 0 interface 189 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 523.007138][T24445] usb 7-1: config 0 interface 189 altsetting 0 has an invalid endpoint with address 0xE3, skipping [ 523.037426][T28775] loop5: detected capacity change from 0 to 1764 [ 523.074426][T24445] usb 7-1: config 0 interface 189 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 523.105023][T28785] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8547'. [ 523.121932][T24445] usb 7-1: config 0 interface 189 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 523.303429][T28797] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8551'. [ 523.312858][T24445] usb 7-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02 [ 523.342515][T24445] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 523.382481][T28797] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8551'. [ 523.391783][T24445] usb 7-1: Product: syz [ 523.396078][T24445] usb 7-1: Manufacturer: syz [ 523.421497][T24445] usb 7-1: SerialNumber: syz [ 523.457465][T24445] usb 7-1: config 0 descriptor?? [ 523.500333][T28735] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 523.521152][T24445] ums-alauda 7-1:0.189: USB Mass Storage device detected [ 523.604513][T28826] loop0: detected capacity change from 0 to 8 [ 523.637226][T28807] loop5: detected capacity change from 0 to 4096 [ 523.722184][T28807] ntfs: (device loop5): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 523.751224][T28807] ntfs: (device loop5): ntfs_read_locked_inode(): $DATA attribute is missing. [ 523.763038][ T4252] usb 7-1: USB disconnect, device number 16 [ 523.769123][T28826] SQUASHFS error: Failed to read block 0x1ec: -5 [ 523.780965][T28826] SQUASHFS error: Unable to read metadata cache entry [1ea] [ 523.804722][T28807] ntfs: (device loop5): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 523.816070][T28833] loop1: detected capacity change from 0 to 2048 [ 523.856494][T28807] ntfs: (device loop5): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 523.951541][T28833] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,lazytime,stripe=0x0000000000001200,quota,,errors=continue. Quota mode: writeback. [ 523.980342][T28833] EXT4-fs error (device loop1): ext4_find_extent:929: inode #2: comm syz.1.8559: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 524.028657][T28807] ntfs: volume version 3.1. [ 524.389053][T28872] netlink: 'syz.6.8570': attribute type 1 has an invalid length. [ 524.417616][T28872] netlink: 232 bytes leftover after parsing attributes in process `syz.6.8570'. [ 524.547393][T28881] (unnamed net_device) (uninitialized): ARP monitoring cannot be used with MII monitoring [ 525.188524][T28927] netlink: 209852 bytes leftover after parsing attributes in process `syz.6.8587'. [ 525.247721][T28927] openvswitch: netlink: Key 29 has unexpected len 3064 expected 0 [ 525.729299][T28860] loop1: detected capacity change from 0 to 40427 [ 525.797345][T28965] loop6: detected capacity change from 0 to 2048 [ 525.829898][T28860] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 525.839977][T28860] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 525.895647][T28979] nft_compat: unsupported protocol 5 [ 525.916297][T28981] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 525.983126][T28860] F2FS-fs (loop1): Found nat_bits in checkpoint [ 526.219045][T28998] netlink: 'syz.5.8609': attribute type 1 has an invalid length. [ 526.264692][T28998] netlink: 168864 bytes leftover after parsing attributes in process `syz.5.8609'. [ 526.281792][T28860] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 526.288920][T28860] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 526.444893][T29018] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8615'. [ 527.104432][T29068] xt_TCPMSS: Only works on TCP SYN packets [ 527.688798][T29105] loop5: detected capacity change from 0 to 512 [ 527.695310][T24441] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 527.720008][T27944] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 527.772952][T29105] EXT4-fs error (device loop5): ext4_orphan_get:1427: comm syz.5.8640: bad orphan inode 15 [ 527.815012][T29105] ext4_test_bit(bit=14, block=5) = 0 [ 527.837292][T29105] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,stripe=0x0000000000000001,journal_dev=0x0000000000000003,grpid,journal_ioprio=0x0000000000000002,journal_ioprio=0x0000000000000003,nolazytime,noload,,errors=continue. Quota mode: none. [ 528.013074][T29059] loop0: detected capacity change from 0 to 32768 [ 528.077705][T29059] ERROR: (device loop0): dbAlloc: the hint is outside the map [ 528.077705][T29059] [ 528.094011][T24441] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 528.114106][T27944] usb 7-1: config index 0 descriptor too short (expected 29, got 18) [ 528.127009][T27944] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 528.144675][T24441] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 528.168376][T27944] usb 7-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.7f [ 528.189303][T29059] ialloc: diAlloc returned -5! [ 528.196780][T24441] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 528.224929][T27944] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.250774][T24441] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 528.270979][T27944] usb 7-1: config 0 descriptor?? [ 528.277810][T24441] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.322229][T24441] usb 2-1: config 0 descriptor?? [ 528.374553][T29141] IPVS: set_ctl: invalid protocol: 135 100.1.1.1:20004 [ 528.385432][T24441] hub 2-1:0.0: USB hub found [ 528.417508][T29134] loop5: detected capacity change from 0 to 8192 [ 528.559990][T27944] usb 7-1: string descriptor 0 read error: -71 [ 528.566364][T27944] ldusb 7-1:0.0: Interrupt in endpoint not found [ 528.590029][T24441] hub 2-1:0.0: 14 ports detected [ 528.610017][T24441] hub 2-1:0.0: insufficient power available to use all downstream ports [ 528.619206][T27944] usb 7-1: USB disconnect, device number 17 [ 528.815169][T24441] hub 2-1:0.0: hub_hub_status failed (err = -71) [ 528.831917][T29174] xt_hashlimit: max too large, truncated to 1048576 [ 528.843827][T24441] hub 2-1:0.0: config failed, can't get hub status (err -71) [ 528.910567][T24441] usb 2-1: USB disconnect, device number 43 [ 528.933008][T29177] netlink: 'syz.4.8660': attribute type 3 has an invalid length. [ 529.428816][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.461610][T29221] loop5: detected capacity change from 0 to 512 [ 529.484995][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.496560][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.518570][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.521390][T29221] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 529.556718][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.574941][T29221] EXT4-fs error (device loop5): ext4_orphan_get:1401: inode #15: comm syz.5.8676: iget: bogus i_mode (5) [ 529.596591][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.609673][T29221] EXT4-fs error (device loop5): ext4_orphan_get:1406: comm syz.5.8676: couldn't read orphan inode 15 (err -117) [ 529.627783][T29221] EXT4-fs (loop5): mounted filesystem without journal. Opts: jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 529.628973][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.644980][T29221] ext2 filesystem being mounted at /1073/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 529.690879][T29235] AppArmor: change_hat: Invalid input, NULL hat and NULL magic [ 529.695045][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.724676][T29221] EXT4-fs error (device loop5): ext4_add_entry:2486: inode #2: comm syz.5.8676: Directory hole found for htree leaf block 0 [ 529.746148][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.759928][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.767674][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.780970][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.789095][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.801822][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.809466][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.819952][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.827670][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.839033][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.848138][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.860503][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.868048][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.881367][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.889011][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.900596][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.908132][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.921428][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.929185][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.937186][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.945142][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.952936][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.965993][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.974202][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.982107][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.990595][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 529.998071][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.005729][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.013214][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.021295][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.028829][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.036391][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.043850][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.051629][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.059134][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.066687][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.074245][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.081838][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.089342][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.096911][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.104390][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.111981][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.119415][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.126978][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.134484][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.141959][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.149480][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.157113][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.164605][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.172064][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.179505][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.187003][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.194471][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.201959][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.209376][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.216879][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.224340][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.231924][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.239360][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.246849][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.254315][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.261836][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.269261][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.276723][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.284228][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.291827][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.299254][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.306746][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.314251][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.321927][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.329342][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.337039][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.344504][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.351981][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.359496][ T5863] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 530.383955][ T5863] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.03 Device [syz1] on syz1 [ 530.558563][T29264] loop6: detected capacity change from 0 to 128 [ 530.571893][T29257] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8686'. [ 530.749407][T29253] fido_id[29253]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 530.832350][T29286] loop1: detected capacity change from 0 to 128 [ 532.112486][T29410] xt_nfacct: accounting object `syz1' does not exist [ 532.243203][T29418] dlm: non-version read from control device 8192 [ 532.296251][T29425] ieee802154 phy0 wpan0: encryption failed: -22 [ 532.992654][T29488] infiniband syz1: set active [ 533.021982][T29490] loop6: detected capacity change from 0 to 256 [ 533.093827][T29490] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 533.209987][T29490] exFAT-fs (loop6): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 533.808682][T29535] loop0: detected capacity change from 0 to 1024 [ 533.829892][T24441] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 534.029771][T29544] loop6: detected capacity change from 0 to 512 [ 534.040574][ T4223] hfsplus: b-tree write err: -5, ino 4 [ 534.097598][T29544] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 534.115064][T24441] usb 2-1: Using ep0 maxpacket: 32 [ 534.213555][T29544] EXT4-fs (loop6): 1 truncate cleaned up [ 534.240615][T24441] usb 2-1: config 0 has an invalid interface number: 186 but max is 0 [ 534.248854][T24441] usb 2-1: config 0 has no interface number 0 [ 534.262981][T29544] EXT4-fs (loop6): mounted filesystem without journal. Opts: noload,discard,journal_ioprio=0x0000000000000003,nobarrier,lazytime,minixdf,noquota,usrquota,,errors=continue. Quota mode: writeback. [ 534.420040][T24441] usb 2-1: New USB device found, idVendor=0856, idProduct=ac29, bcdDevice=a8.3c [ 534.436763][T29544] EXT4-fs error (device loop6): ext4_get_verity_descriptor_location:299: inode #15: comm syz.6.8784: verity file has no extents [ 534.465812][T24441] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.494735][T24441] usb 2-1: Product: syz [ 534.499088][T24441] usb 2-1: Manufacturer: syz [ 534.514598][T29544] fs-verity (loop6, inode 15): Error -117 getting verity descriptor size [ 534.531376][T29557] loop5: detected capacity change from 0 to 4096 [ 534.540568][T24441] usb 2-1: SerialNumber: syz [ 534.563449][T24441] usb 2-1: config 0 descriptor?? [ 534.591548][T29578] loop0: detected capacity change from 0 to 512 [ 534.699131][T29557] ntfs3: loop5: ino=3, Correct links count -> 2. [ 534.726489][T29578] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 534.836625][T29578] EXT4-fs error (device loop0): ext4_orphan_get:1401: inode #15: comm syz.0.8795: iget: bogus i_mode (5) [ 534.860008][T24441] mos7840 2-1:0.186: required endpoints missing [ 534.876627][T29578] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.8795: couldn't read orphan inode 15 (err -117) [ 534.901347][T29578] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 534.923859][T29578] ext2 filesystem being mounted at /1800/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 534.955753][T29578] EXT4-fs error (device loop0): ext4_add_entry:2486: inode #2: comm syz.0.8795: Directory hole found for htree leaf block 0 [ 534.956923][T29557] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 535.089428][T29600] loop6: detected capacity change from 0 to 512 [ 535.100610][ T23] usb 2-1: USB disconnect, device number 44 [ 535.237855][T29600] EXT4-fs (loop6): Ignoring removed mblk_io_submit option [ 535.315804][T29600] EXT4-fs (loop6): mounted filesystem without journal. Opts: noauto_da_alloc,noload,acl,mblk_io_submit,sysvgroups,,errors=continue. Quota mode: writeback. [ 535.365498][T29600] ext4 filesystem being mounted at /779/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 535.449894][T24445] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 535.666103][T29639] loop6: detected capacity change from 0 to 64 [ 535.690125][T24445] usb 5-1: Using ep0 maxpacket: 8 [ 535.745818][T29649] netlink: 'syz.5.8811': attribute type 1 has an invalid length. [ 535.777255][T29649] netlink: 212908 bytes leftover after parsing attributes in process `syz.5.8811'. [ 535.849996][T24445] usb 5-1: unable to get BOS descriptor or descriptor too short [ 535.929967][T24445] usb 5-1: config 4 has an invalid interface number: 147 but max is 0 [ 535.960051][T24445] usb 5-1: config 4 contains an unexpected descriptor of type 0x2, skipping [ 535.989453][T24445] usb 5-1: config 4 has no interface number 0 [ 536.170210][T24445] usb 5-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 536.189786][T24445] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 536.221423][T24445] usb 5-1: Product: syz [ 536.225658][T24445] usb 5-1: Manufacturer: syz [ 536.242003][T29679] loop1: detected capacity change from 0 to 2048 [ 536.248856][T24445] usb 5-1: SerialNumber: syz [ 536.292903][T29679] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 536.483546][T29642] loop0: detected capacity change from 0 to 32768 [ 536.557067][T29740] loop6: detected capacity change from 0 to 128 [ 536.582069][T29642] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.8810 (29642) [ 536.632711][T29741] netlink: 210620 bytes leftover after parsing attributes in process `syz.5.8829'. [ 536.659935][T24445] usb 5-1: Found UVC 0.02 device syz (04f2:b746) [ 536.670843][T29642] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 536.681922][T24445] usb 5-1: No valid video chain found. [ 536.692096][T29642] BTRFS info (device loop0): enabling disk space caching [ 536.699189][T29642] BTRFS info (device loop0): turning on flush-on-commit [ 536.727285][T24445] usb 5-1: USB disconnect, device number 29 [ 536.742558][T29642] BTRFS info (device loop0): disabling tree log [ 536.751133][T29642] BTRFS info (device loop0): use no compression [ 536.757731][T29642] BTRFS info (device loop0): force clearing of disk cache [ 536.799102][T29642] BTRFS info (device loop0): doing ref verification [ 536.836879][T29642] BTRFS info (device loop0): disk space caching is enabled [ 536.869281][T29642] BTRFS info (device loop0): has skinny extents [ 536.975601][T29773] i2c i2c-0: Invalid block write size 33 [ 537.050396][T29778] netlink: 'syz.1.8836': attribute type 1 has an invalid length. [ 537.130036][T29778] netlink: 220 bytes leftover after parsing attributes in process `syz.1.8836'. [ 537.437333][T29642] BTRFS info (device loop0): enabling ssd optimizations [ 537.469946][T29642] BTRFS info (device loop0): clearing free space tree [ 537.497363][T29642] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 537.537562][T29642] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 537.696844][T29830] loop1: detected capacity change from 0 to 64 [ 538.288159][T29800] loop6: detected capacity change from 0 to 32768 [ 538.446683][T29800] ERROR: (device loop6): diNewExt: no free extents [ 538.446683][T29800] [ 538.515694][T29800] ialloc: diAlloc returned -5! [ 538.619357][T29869] netlink: 'syz.0.8861': attribute type 3 has an invalid length. [ 538.933593][ T5608] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 539.061737][T29901] loop5: detected capacity change from 0 to 1024 [ 539.189890][ T5608] usb 7-1: Using ep0 maxpacket: 16 [ 539.219878][ T23] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 539.280613][ T4297] hfsplus: b-tree write err: -5, ino 4 [ 539.313297][ T5608] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 539.489942][ T23] usb 5-1: Using ep0 maxpacket: 16 [ 539.502249][ T5608] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 539.515474][ T5608] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 539.543256][ T5608] usb 7-1: Product: syz [ 539.558297][ T5608] usb 7-1: Manufacturer: syz [ 539.565605][ T5608] usb 7-1: SerialNumber: syz [ 539.594096][ T5608] usb 7-1: config 0 descriptor?? [ 539.598869][T29877] loop1: detected capacity change from 0 to 32768 [ 539.632804][ T5608] hub 7-1:0.0: bad descriptor, ignoring hub [ 539.652628][ T5608] hub: probe of 7-1:0.0 failed with error -5 [ 539.674287][ T5608] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input44 [ 539.742340][T29938] netlink: 'syz.0.8881': attribute type 29 has an invalid length. [ 539.764286][T29938] netlink: 'syz.0.8881': attribute type 3 has an invalid length. [ 539.776272][T29938] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8881'. [ 539.810354][ T23] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 539.820087][ T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 539.850003][ T23] usb 5-1: Product: syz [ 539.854217][ T23] usb 5-1: Manufacturer: syz [ 539.888598][ T23] usb 5-1: SerialNumber: syz [ 539.973960][ T23] r8152-cfgselector 5-1: config 0 descriptor?? [ 540.015368][T29957] loop5: detected capacity change from 0 to 1024 [ 540.163913][ T4223] hfsplus: b-tree write err: -5, ino 4 [ 540.187364][T29965] binder: 29964:29965 ioctl c018620b 0 returned -14 [ 540.432895][T29985] loop0: detected capacity change from 0 to 164 [ 540.480124][ T23] r8152-cfgselector 5-1: Unknown version 0x0000 [ 540.507256][ T23] r8152-cfgselector 5-1: USB disconnect, device number 30 [ 540.908833][T30027] ubi0: attaching mtd0 [ 540.971608][T30027] ubi0: scanning is finished [ 540.986901][T30027] ubi0: empty MTD device detected [ 541.201893][T30047] netlink: 'syz.6.8913': attribute type 1 has an invalid length. [ 541.241310][T30047] netlink: 224 bytes leftover after parsing attributes in process `syz.6.8913'. [ 541.352828][T30027] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 541.383825][T30027] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 541.455265][T30027] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 541.513687][T30027] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 541.561512][T30027] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 541.568357][T30027] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 541.621489][T30027] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1759762583 [ 541.660228][T30027] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 541.702783][T30061] ubi0: background thread "ubi_bgt0d" started, PID 30061 [ 541.737049][T30079] netlink: 'syz.4.8923': attribute type 22 has an invalid length. [ 541.784517][T30079] (unnamed net_device) (uninitialized): option ad_select: invalid value (7) [ 541.795935][ T4281] usb 1-1: new full-speed USB device number 37 using dummy_hcd [ 542.172211][ T4281] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 542.198169][ T4281] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 542.301257][ T4281] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 542.318590][ T4281] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 542.344321][ T4281] usb 1-1: SerialNumber: syz [ 542.384384][T30071] loop1: detected capacity change from 0 to 32768 [ 542.402842][ T4281] usb 1-1: 0:2 : does not exist [ 542.457330][T30071] (syz.1.8920,30071,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 542.497680][T30071] (syz.1.8920,30071,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 542.590802][T30129] netlink: 'syz.4.8939': attribute type 3 has an invalid length. [ 542.591051][T30071] (syz.1.8920,30071,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC. [ 542.653877][T30071] JBD2: Ignoring recovery information on journal [ 542.881537][T30071] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 542.888926][ T4281] usb 1-1: USB disconnect, device number 37 [ 543.010223][T30163] netlink: 40 bytes leftover after parsing attributes in process `syz.6.8946'. [ 543.046593][T30163] netlink: 40 bytes leftover after parsing attributes in process `syz.6.8946'. [ 543.260420][T30171] loop6: detected capacity change from 0 to 4096 [ 543.307315][T30171] ntfs3: loop6: Different NTFS' sector size (4096) and media sector size (512) [ 543.324666][ T4184] ocfs2: Unmounting device (7,1) on (node local) [ 543.530237][T30171] ntfs3: loop6: failed to convert "c46c" to cp855 [ 543.556127][T30190] netlink: 'syz.0.8955': attribute type 3 has an invalid length. [ 543.599924][T30190] netlink: 'syz.0.8955': attribute type 1 has an invalid length. [ 544.082231][T30213] loop0: detected capacity change from 0 to 4096 [ 544.205618][T30213] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 544.223461][T30232] IPv6: sit1: Disabled Multicast RS [ 544.395207][T30213] ntfs3: loop0: failed to convert "c46c" to cp857 [ 544.608781][T30260] loop6: detected capacity change from 0 to 512 [ 544.695843][T30260] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 544.749997][T30274] netlink: 156 bytes leftover after parsing attributes in process `syz.1.8982'. [ 544.843213][ T5863] usb 7-1: USB disconnect, device number 18 [ 544.853639][T30279] loop5: detected capacity change from 0 to 512 [ 544.957933][T30279] EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled [ 545.194109][T30279] EXT4-fs error (device loop5): ext4_orphan_get:1406: comm syz.5.8984: couldn't read orphan inode 26 (err -116) [ 545.225138][T30318] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8993'. [ 545.268727][T30321] netlink: 'syz.0.8995': attribute type 3 has an invalid length. [ 545.276826][T30321] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8995'. [ 545.314916][T30279] EXT4-fs (loop5): Remounting filesystem read-only [ 545.349837][T30279] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,jqfmt=vfsv0,nolazytime,journal_ioprio=0x0000000000000003,dax=never,barrier,. Quota mode: writeback. [ 545.453162][T30279] ext4 filesystem being mounted at /1150/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 545.530515][T30340] IPv6: sit3: Disabled Multicast RS [ 545.592421][T30344] loop0: detected capacity change from 0 to 2048 [ 545.704383][T30344] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 545.901528][T30369] loop6: detected capacity change from 0 to 16 [ 545.967526][T30369] erofs: (device loop6): mounted with root inode @ nid 36. [ 546.789911][ T2304] usb 7-1: new full-speed USB device number 19 using dummy_hcd [ 546.819816][ T5608] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 546.949348][T30450] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 547.028181][T30455] netlink: 'syz.5.9036': attribute type 5 has an invalid length. [ 547.059924][ T5608] usb 2-1: Using ep0 maxpacket: 16 [ 547.135467][ T1092] block nbd4: Attempted send on invalid socket [ 547.141947][ T1092] blk_update_request: I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 547.190214][ T5608] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 547.210236][ T2304] usb 7-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=b3.76 [ 547.230935][ T2304] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.275140][T30431] loop0: detected capacity change from 0 to 40427 [ 547.298316][T30431] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(32768) [ 547.314509][ T2304] gspca_main: pac7311-2.14.0 probing 093a:2601 [ 547.317228][T30431] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 547.355066][T30431] F2FS-fs (loop0): invalid crc value [ 547.370056][ T5608] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 547.381711][ T5608] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.391405][T30431] F2FS-fs (loop0): Found nat_bits in checkpoint [ 547.407476][ T5608] usb 2-1: Product: syz [ 547.411806][ T5608] usb 2-1: Manufacturer: syz [ 547.426828][ T5608] usb 2-1: SerialNumber: syz [ 547.443465][ T5608] usb 2-1: config 0 descriptor?? [ 547.490713][ T5608] hub 2-1:0.0: bad descriptor, ignoring hub [ 547.498015][ T5608] hub: probe of 2-1:0.0 failed with error -5 [ 547.504169][T30431] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 547.539787][T30431] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 547.557396][ T5608] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input45 [ 547.634813][T30431] attempt to access beyond end of device [ 547.634813][T30431] loop0: rw=2049, want=45104, limit=40427 [ 547.744314][ T2304] gspca_pac7311: reg_w() failed index 0x78, value 0x40, error -71 [ 547.756063][ T2304] pac7311: probe of 7-1:2.0 failed with error -71 [ 547.794780][ T4189] attempt to access beyond end of device [ 547.794780][ T4189] loop0: rw=2049, want=45112, limit=40427 [ 547.796617][ T2304] usb 7-1: USB disconnect, device number 19 [ 548.374677][T30530] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9044'. [ 548.459808][ T5608] usb 5-1: new full-speed USB device number 31 using dummy_hcd [ 548.653716][T30554] netlink: 'syz.5.9061': attribute type 10 has an invalid length. [ 548.811746][T30554] team0: Device veth0_vlan failed to register rx_handler [ 548.840213][ T5608] usb 5-1: config 0 has an invalid interface number: 110 but max is 0 [ 548.853126][ T5608] usb 5-1: config 0 has no interface number 0 [ 548.865058][ T5608] usb 5-1: config 0 interface 110 altsetting 2 endpoint 0x2 has invalid wMaxPacketSize 0 [ 548.887936][ T5608] usb 5-1: config 0 interface 110 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 548.912301][ T5608] usb 5-1: config 0 interface 110 has no altsetting 0 [ 548.969895][T30563] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9065'. [ 549.047850][T30574] loop6: detected capacity change from 0 to 8 [ 549.084303][ T5608] usb 5-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=af.55 [ 549.116001][ T5608] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 549.142379][ T5608] usb 5-1: Product: syz [ 549.150017][ T5608] usb 5-1: Manufacturer: syz [ 549.174170][ T5608] usb 5-1: SerialNumber: syz [ 549.206575][ T5608] usb 5-1: config 0 descriptor?? [ 549.349238][T30597] device bridge3 entered promiscuous mode [ 549.507829][T30617] xt_CT: You must specify a L4 protocol and not use inversions on it [ 549.720660][T24445] usb 5-1: USB disconnect, device number 31 [ 549.745264][T30642] loop0: detected capacity change from 0 to 128 [ 549.980862][T30670] loop6: detected capacity change from 0 to 256 [ 549.984185][T30672] loop0: detected capacity change from 0 to 8 [ 550.040451][T30670] exfat: Deprecated parameter 'namecase' [ 550.060209][T30670] exfat: Deprecated parameter 'namecase' [ 550.085418][T30672] SQUASHFS error: zstd decompression error: 2 [ 550.115647][T30670] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 550.126141][T30672] SQUASHFS error: zstd decompression failed, data probably corrupt [ 550.156223][T30672] SQUASHFS error: Failed to read block 0x62b: -5 [ 550.176509][T30672] SQUASHFS error: Unable to read metadata cache entry [629] [ 550.201701][T30672] SQUASHFS error: Unable to read directory block [629:ff26] [ 550.284402][T30691] loop1: detected capacity change from 0 to 4096 [ 550.343276][T30691] ntfs: (device loop1): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 550.379909][T30691] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing. [ 550.421189][T30691] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 550.488440][T30719] netlink: 40 bytes leftover after parsing attributes in process `syz.6.9108'. [ 550.505030][T30691] ntfs: (device loop1): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 550.522473][T30719] netlink: 40 bytes leftover after parsing attributes in process `syz.6.9108'. [ 550.565843][T30691] ntfs: volume version 3.1. [ 550.679294][T30691] ntfs: (device loop1): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 550.697819][T30691] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x40 as bad. Run chkdsk. [ 550.775839][ T26] audit: type=1400 audit(1760739084.009:26): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name=3AF4F9904E7FDB3635A70D23C73EEAF23A2F503280080CA26230668AD9DCF8B061228F8599D34E45087D21AA56759E1651B3DD467BDEF390C76D pid=30739 comm="syz.0.9117" [ 550.821504][T30745] netlink: 'syz.5.9118': attribute type 32 has an invalid length. [ 550.878262][T30748] netlink: 209820 bytes leftover after parsing attributes in process `syz.4.9119'. [ 551.182527][T30783] netlink: 'syz.4.9129': attribute type 12 has an invalid length. [ 551.217451][T30789] loop1: detected capacity change from 0 to 256 [ 551.220055][T30783] netlink: 132 bytes leftover after parsing attributes in process `syz.4.9129'. [ 551.339423][T30789] FAT-fs (loop1): Directory bread(block 64) failed [ 551.346669][ T5608] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 551.388855][T30789] FAT-fs (loop1): Directory bread(block 65) failed [ 551.397315][T30796] loop5: detected capacity change from 0 to 4096 [ 551.424470][T30789] FAT-fs (loop1): Directory bread(block 66) failed [ 551.457595][T30807] netlink: 'syz.6.9136': attribute type 21 has an invalid length. [ 551.465828][T30789] FAT-fs (loop1): Directory bread(block 67) failed [ 551.474987][T30789] FAT-fs (loop1): Directory bread(block 68) failed [ 551.481928][T30796] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512) [ 551.491728][T30807] netlink: 100 bytes leftover after parsing attributes in process `syz.6.9136'. [ 551.508145][T30789] FAT-fs (loop1): Directory bread(block 69) failed [ 551.515488][T30809] netlink: 'syz.4.9138': attribute type 7 has an invalid length. [ 551.515645][T30789] FAT-fs (loop1): Directory bread(block 70) failed [ 551.543495][T30809] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9138'. [ 551.550262][T30789] FAT-fs (loop1): Directory bread(block 71) failed [ 551.563612][T30789] FAT-fs (loop1): Directory bread(block 72) failed [ 551.578152][T30789] FAT-fs (loop1): Directory bread(block 73) failed [ 551.589979][ T5608] usb 1-1: Using ep0 maxpacket: 16 [ 551.606641][T30796] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 551.644912][T30796] ntfs3: loop5: Failed to load $Extend. [ 551.710115][ T5608] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 551.738866][ T5608] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 551.826710][ T5608] usb 1-1: config 0 has no interface number 0 [ 552.010059][ T5608] usb 1-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28 [ 552.052359][ T5608] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.099539][ T5608] usb 1-1: Product: syz [ 552.135388][ T5608] usb 1-1: Manufacturer: syz [ 552.155484][T30835] loop1: detected capacity change from 0 to 1024 [ 552.165876][ T5608] usb 1-1: SerialNumber: syz [ 552.196843][ T5608] usb 1-1: config 0 descriptor?? [ 552.272462][ T5608] usb 1-1: Found UVC 0.00 device syz (046c:14e8) [ 552.291588][ T5608] usb 1-1: No valid video chain found. [ 552.324381][T30851] netlink: 28 bytes leftover after parsing attributes in process `syz.6.9150'. [ 552.404044][T30851] netlink: 28 bytes leftover after parsing attributes in process `syz.6.9150'. [ 552.444554][ T5864] usb 2-1: USB disconnect, device number 45 [ 552.482191][T24445] usb 1-1: USB disconnect, device number 38 [ 552.979933][ T2304] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 553.250118][ T2304] usb 6-1: Using ep0 maxpacket: 8 [ 553.307159][T30921] program syz.4.9172 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 553.317810][T30925] netlink: 'syz.1.9174': attribute type 21 has an invalid length. [ 553.366842][T30925] netlink: 'syz.1.9174': attribute type 6 has an invalid length. [ 553.380803][ T2304] usb 6-1: config 0 has an invalid interface number: 93 but max is 0 [ 553.388936][ T2304] usb 6-1: config 0 has no interface number 0 [ 553.415853][T30925] __nla_validate_parse: 2 callbacks suppressed [ 553.415871][T30925] netlink: 3 bytes leftover after parsing attributes in process `syz.1.9174'. [ 553.429825][ T2304] usb 6-1: config 0 interface 93 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 553.491603][ T2304] usb 6-1: New USB device found, idVendor=2040, idProduct=4902, bcdDevice=17.d8 [ 553.534051][ T2304] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.571961][ T2304] usb 6-1: config 0 descriptor?? [ 553.880447][T30966] netlink: 'syz.1.9186': attribute type 1 has an invalid length. [ 553.900088][ T2304] usb 6-1: string descriptor 0 read error: -71 [ 553.908591][ T2304] hdpvr 6-1:0.93: Could not find bulk-in endpoint [ 553.926971][T30966] netlink: 'syz.1.9186': attribute type 2 has an invalid length. [ 553.936983][ T2304] hdpvr: probe of 6-1:0.93 failed with error -12 [ 553.991336][T30966] netlink: 'syz.1.9186': attribute type 1 has an invalid length. [ 553.999420][ T2304] usb 6-1: USB disconnect, device number 23 [ 554.340953][T30998] loop0: detected capacity change from 0 to 64 [ 554.432635][T31009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 554.481508][T31009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 554.525944][T31009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 554.547373][T31009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 554.563362][T31009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 554.582220][T31009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 554.734691][T31024] netlink: 'syz.0.9202': attribute type 1 has an invalid length. [ 554.887884][T31033] tmpfs: Bad value for 'mpol' [ 554.955008][T31037] loop0: detected capacity change from 0 to 512 [ 554.987120][T31037] EXT4-fs (loop0): Ignoring removed orlov option [ 555.046461][T31037] EXT4-fs (loop0): orphan cleanup on readonly fs [ 555.086007][T31037] EXT4-fs error (device loop0): ext4_find_extent:929: inode #4: comm syz.0.9208: pblk 2 bad header/extent: invalid magic - magic 3fff, entries 12, max 508(0), depth 0(0) [ 555.123450][T31053] ieee802154 phy0 wpan0: encryption failed: -90 [ 555.140121][T31037] EXT4-fs (loop0): Remounting filesystem read-only [ 555.176995][T31037] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=-117 [ 555.190403][T31037] EXT4-fs warning (device loop0): ext4_enable_quotas:6461: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 555.215609][T31037] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 555.222414][T31037] EXT4-fs (loop0): mounted filesystem without journal. Opts: orlov,errors=remount-ro,. Quota mode: writeback. [ 555.319386][T31063] loop6: detected capacity change from 0 to 1024 [ 555.485391][T31070] loop1: detected capacity change from 0 to 256 [ 555.591822][T31014] loop5: detected capacity change from 0 to 40427 [ 556.157580][T31014] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 556.173044][T31014] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 556.280627][ T4300] hfsplus: b-tree write err: -5, ino 4 [ 556.286047][T31014] F2FS-fs (loop5): Found nat_bits in checkpoint [ 556.457694][T31101] bridge0: port 1(bridge_slave_0) entered blocking state [ 556.464935][T31101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 556.546719][T31095] loop0: detected capacity change from 0 to 2048 [ 556.643433][T31014] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 556.678155][T31014] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 556.761706][T31014] fscrypt (loop5, inode 3): Error -61 getting encryption context [ 556.839765][ T5608] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 557.209963][ T5608] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 557.247708][ T5608] usb 1-1: config 1 has an invalid descriptor of length 166, skipping remainder of the config [ 557.289414][ T5608] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 557.325297][T31147] xt_limit: Overflow, try lower: 33554432/384 [ 557.330405][ T5608] usb 1-1: config 1 has no interface number 0 [ 557.337552][ T5608] usb 1-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 557.372710][ T5608] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 557.503388][T31160] netlink: 20 bytes leftover after parsing attributes in process `syz.1.9246'. [ 557.614751][ T5608] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 557.660166][ T5608] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 557.668346][ T5608] usb 1-1: Product: syz [ 557.682146][ T5608] usb 1-1: Manufacturer: syz [ 557.686802][ T5608] usb 1-1: SerialNumber: syz [ 557.780236][ T5608] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 557.800369][ T5608] cdc_ncm 1-1:1.1: bind() failure [ 557.982987][T31232] netlink: 16 bytes leftover after parsing attributes in process `syz.6.9257'. [ 557.994581][ T5608] usb 1-1: USB disconnect, device number 39 [ 558.040513][T31232] IPv6: sit2: Disabled Multicast RS [ 558.261342][T31256] loop5: detected capacity change from 0 to 16 [ 558.298083][T31256] erofs: (device loop5): mounted with root inode @ nid 36. [ 558.553772][T31280] loop1: detected capacity change from 0 to 64 [ 558.610349][T31280] hfs: unable to locate alternate MDB [ 558.610415][T31280] hfs: continuing without an alternate MDB [ 558.855574][T31297] loop0: detected capacity change from 0 to 1024 [ 558.997470][T31306] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 559.209857][T31330] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9285'. [ 559.257271][T31330] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9285'. [ 559.268380][T31334] loop6: detected capacity change from 0 to 1024 [ 559.320964][T31330] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9285'. [ 559.363965][T31334] EXT4-fs error (device loop6): ext4_map_blocks:739: inode #3: block 1: comm syz.6.9287: lblock 1 mapped to illegal pblock 1 (length 1) [ 559.487389][T31334] Quota error (device loop6): write_blk: dquota write failed [ 559.535708][T31334] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota [ 559.659126][T31334] EXT4-fs error (device loop6): ext4_acquire_dquot:6209: comm syz.6.9287: Failed to acquire dquot type 0 [ 559.729290][T31334] EXT4-fs error (device loop6): ext4_free_blocks:6218: comm syz.6.9287: Freeing blocks not in datazone - block = 0, count = 4096 [ 559.844316][T31383] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.9303'. [ 559.875010][T31383] openvswitch: netlink: Flow key attribute not present in set flow. [ 559.880279][T31334] EXT4-fs error (device loop6): ext4_read_inode_bitmap:140: comm syz.6.9287: Invalid inode bitmap blk 0 in block_group 0 [ 559.900482][ T4297] EXT4-fs error (device loop6): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 559.944574][ T4297] Quota error (device loop6): remove_tree: Can't read quota data block 1 [ 559.970125][T31334] EXT4-fs error (device loop6) in ext4_free_inode:362: Corrupt filesystem [ 559.985508][ T4297] EXT4-fs error (device loop6): ext4_release_dquot:6245: comm kworker/u4:6: Failed to release dquot type 0 [ 560.001703][T31334] EXT4-fs (loop6): 1 orphan inode deleted [ 560.007834][T31334] EXT4-fs (loop6): mounted filesystem without journal. Opts: €; ,errors=continue. Quota mode: writeback. [ 560.024253][T31393] loop0: detected capacity change from 0 to 16 [ 560.054822][T31334] EXT4-fs (loop6): re-mounted. Opts: (null). Quota mode: writeback. [ 560.077192][T31393] erofs: (device loop0): mounted with root inode @ nid 36. [ 560.090099][T24445] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 560.450063][T24445] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 560.476149][T31434] device syz_tun entered promiscuous mode [ 560.482883][T24445] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 560.519810][T24445] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 560.533101][ T26] audit: type=1400 audit(1760739093.779:27): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=31433 comm="syz.4.9320" [ 560.573148][T24445] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 560.635569][T24445] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.768103][T31446] loop1: detected capacity change from 0 to 4096 [ 560.799438][T24445] snd-usb-audio: probe of 6-1:27.0 failed with error -2 [ 560.892354][ T4841] udevd[4841]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 560.973675][ T5864] usb 6-1: USB disconnect, device number 24 [ 561.080044][ T5863] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 561.111353][T31481] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9331'. [ 561.354842][ T5863] usb 7-1: Using ep0 maxpacket: 32 [ 561.482671][ T5863] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 561.588290][T31504] netlink: 36 bytes leftover after parsing attributes in process `syz.5.9340'. [ 561.633334][T31504] netlink: 12 bytes leftover after parsing attributes in process `syz.5.9340'. [ 561.679849][T31504] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9340'. [ 561.688758][T31504] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9340'. [ 561.710615][ T5863] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 561.732715][ T5863] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 561.753021][ T5863] usb 7-1: Product: syz [ 561.757240][ T5863] usb 7-1: Manufacturer: syz [ 561.793649][ T5863] usb 7-1: SerialNumber: syz [ 561.834126][ T5863] usb 7-1: config 0 descriptor?? [ 562.013269][T31536] xt_TPROXY: Can be used only with -p tcp or -p udp [ 562.116845][ T5864] usb 7-1: USB disconnect, device number 20 [ 562.217129][T31553] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9353'. [ 562.480041][T31569] usb usb8: usbfs: process 31569 (syz.5.9357) did not claim interface 0 before use [ 562.493670][T31572] loop1: detected capacity change from 0 to 16 [ 562.528755][T31572] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 562.840211][T31592] netlink: 'syz.0.9366': attribute type 1 has an invalid length. [ 563.033553][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.041333][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.115485][T31619] loop0: detected capacity change from 0 to 16 [ 563.134029][ T5864] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 563.191250][T31619] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 563.338927][T31639] netlink: 'syz.4.9382': attribute type 2 has an invalid length. [ 563.515478][T31651] netlink: 'syz.6.9386': attribute type 3 has an invalid length. [ 563.524034][ T5864] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 563.549606][ T5864] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.580249][ T5864] usb 6-1: config 0 descriptor?? [ 563.631265][ T5864] cp210x 6-1:0.0: cp210x converter detected [ 563.828984][T31682] loop6: detected capacity change from 0 to 512 [ 563.839840][T31683] netlink: 'syz.1.9396': attribute type 10 has an invalid length. [ 563.900060][ T5864] usb 6-1: cp210x converter now attached to ttyUSB0 [ 564.013830][T31683] team0: Device veth0_vlan failed to register rx_handler [ 564.016339][T31682] EXT4-fs (loop6): orphan cleanup on readonly fs [ 564.034158][T31682] EXT4-fs error (device loop6): ext4_orphan_get:1401: inode #15: comm syz.6.9394: casefold flag without casefold feature [ 564.053390][T31682] EXT4-fs error (device loop6): ext4_orphan_get:1406: comm syz.6.9394: couldn't read orphan inode 15 (err -117) [ 564.067068][T31682] EXT4-fs (loop6): mounted filesystem without journal. Opts: data_err=abort,delalloc,,errors=continue. Quota mode: none. [ 564.132186][ T5863] usb 6-1: USB disconnect, device number 25 [ 564.185945][ T5863] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 564.236432][ T5863] cp210x 6-1:0.0: device disconnected [ 564.631535][T31742] __nla_validate_parse: 3 callbacks suppressed [ 564.631558][T31742] netlink: 40 bytes leftover after parsing attributes in process `syz.6.9410'. [ 564.729985][ T4281] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 564.989943][ T4281] usb 1-1: Using ep0 maxpacket: 32 [ 565.024613][T31771] loop1: detected capacity change from 0 to 256 [ 565.120031][ T4281] usb 1-1: config 0 has an invalid interface number: 9 but max is 0 [ 565.139964][ T4281] usb 1-1: config 0 has no interface number 0 [ 565.140618][T31771] FAT-fs (loop1): Directory bread(block 64) failed [ 565.179973][T31771] FAT-fs (loop1): Directory bread(block 65) failed [ 565.208187][T31771] FAT-fs (loop1): Directory bread(block 66) failed [ 565.234454][T31771] FAT-fs (loop1): Directory bread(block 67) failed [ 565.250038][T31771] FAT-fs (loop1): Directory bread(block 68) failed [ 565.277747][T31771] FAT-fs (loop1): Directory bread(block 69) failed [ 565.300018][ T4281] usb 1-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 565.308258][T31771] FAT-fs (loop1): Directory bread(block 70) failed [ 565.329491][ T4281] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 565.344896][T31771] FAT-fs (loop1): Directory bread(block 71) failed [ 565.362883][ T4281] usb 1-1: Product: syz [ 565.366349][T31771] FAT-fs (loop1): Directory bread(block 72) failed [ 565.367104][ T4281] usb 1-1: Manufacturer: syz [ 565.399410][T31771] FAT-fs (loop1): Directory bread(block 73) failed [ 565.400409][ T4281] usb 1-1: SerialNumber: syz [ 565.468261][ T4281] usb 1-1: config 0 descriptor?? [ 565.493444][T31802] loop6: detected capacity change from 0 to 512 [ 565.500917][T31795] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9428'. [ 565.546597][ T4281] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 565.579131][T31802] EXT4-fs (loop6): Ignoring removed oldalloc option [ 565.617600][T31802] EXT4-fs (loop6): Ignoring removed bh option [ 565.637462][T31810] loop5: detected capacity change from 0 to 1024 [ 565.648254][T31802] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b80ee02c, mo2=0002] [ 565.671180][T31802] System zones: 1-12 [ 565.736036][T31802] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.9429: invalid indirect mapped block 1 (level 1) [ 565.808491][T31802] EXT4-fs (loop6): Remounting filesystem read-only [ 565.817798][T31802] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.9429: invalid indirect mapped block 7 (level 2) [ 565.836117][T31802] EXT4-fs (loop6): Remounting filesystem read-only [ 565.849979][T31802] EXT4-fs (loop6): 1 truncate cleaned up [ 565.897575][T31802] EXT4-fs (loop6): mounted filesystem without journal. Opts: oldalloc,min_batch_time=0x0000000000000059,min_batch_time=0x0000000000000000,errors=remount-ro,jqfmt=vfsv0,inode_readahead_blks=0x0000000001000000,max_batch_time=0x0000000000000001,usrquota,data_err=abort,bh,journal_ioprio=0. Quota mode: writeback. [ 565.979888][ T4281] gspca_topro: reg_w err -71 [ 566.020757][ T4281] gspca_topro: Sensor soi763a [ 566.066256][ T4281] usb 1-1: USB disconnect, device number 40 [ 566.169924][ T5863] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 566.374725][T31859] device veth0_vlan entered promiscuous mode [ 566.402164][T31859] device vlan1 entered promiscuous mode [ 566.419324][T31859] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 566.510349][T31871] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9447'. [ 566.523944][T31867] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 566.569849][T31867] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 566.746148][ T5863] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 566.795687][ T5863] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 566.826095][ T5863] usb 2-1: Product: syz [ 566.836944][ T5863] usb 2-1: Manufacturer: syz [ 566.853436][ T5863] usb 2-1: SerialNumber: syz [ 566.951374][ T5863] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 567.212999][T31928] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9466'. [ 567.227059][T31928] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9466'. [ 567.253791][T31928] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9466'. [ 567.268566][T31928] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9466'. [ 567.310341][T31928] netlink: 104 bytes leftover after parsing attributes in process `syz.0.9466'. [ 567.428074][T31945] netlink: 'syz.0.9472': attribute type 32 has an invalid length. [ 567.580828][T31956] loop6: detected capacity change from 0 to 256 [ 567.592217][ T5863] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 567.663143][T31963] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 567.683139][T31956] FAT-fs (loop6): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 567.690018][T31963] overlayfs: missing 'lowerdir' [ 567.729883][T31956] FAT-fs (loop6): bogus number of directory entries (1) [ 567.767597][T31956] FAT-fs (loop6): Can't find a valid FAT filesystem [ 567.914337][T31982] loop0: detected capacity change from 0 to 16 [ 567.929899][ T4281] usb 5-1: new full-speed USB device number 32 using dummy_hcd [ 567.944560][T31985] netlink: 14 bytes leftover after parsing attributes in process `syz.5.9486'. [ 567.998705][ T2304] usb 2-1: USB disconnect, device number 46 [ 568.029946][T31994] loop6: detected capacity change from 0 to 256 [ 568.107752][ C0] vkms_vblank_simulate: vblank timer overrun [ 568.137024][T31994] FAT-fs (loop6): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 568.207795][T31994] FAT-fs (loop6): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 568.262652][T31994] FAT-fs (loop6): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 568.334365][ T4281] usb 5-1: unable to get BOS descriptor or descriptor too short [ 568.389957][ T4281] usb 5-1: not running at top speed; connect to a high speed hub [ 568.449787][T27944] usb 6-1: new full-speed USB device number 26 using dummy_hcd [ 568.480347][ T4281] usb 5-1: config 17 has an invalid interface number: 8 but max is 1 [ 568.488864][ T4281] usb 5-1: config 17 has 1 interface, different from the descriptor's value: 2 [ 568.504500][ T4281] usb 5-1: config 17 has no interface number 0 [ 568.511436][ T4281] usb 5-1: config 17 interface 8 altsetting 6 endpoint 0x3 has invalid wMaxPacketSize 0 [ 568.522265][ T4281] usb 5-1: config 17 interface 8 has no altsetting 0 [ 568.620099][T32031] loop6: detected capacity change from 0 to 4096 [ 568.652219][T32031] ntfs: (device loop6): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 568.685470][T32031] ntfs: (device loop6): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 568.700054][ T4281] usb 5-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff [ 568.709193][ T4281] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.725738][T32031] ntfs: (device loop6): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 568.735661][ T4281] usb 5-1: Product: syz [ 568.739165][ T5863] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 568.750716][ T4281] usb 5-1: Manufacturer: syz [ 568.760371][ T4281] usb 5-1: SerialNumber: syz [ 568.777672][ T5863] ath9k_htc: Failed to initialize the device [ 568.810729][ T2304] usb 2-1: ath9k_htc: USB layer deinitialized [ 568.819190][T32031] ntfs: volume version 3.1. [ 568.824037][ T5608] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 568.831905][T27944] usb 6-1: config index 0 descriptor too short (expected 539, got 27) [ 568.850242][T27944] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 569.050721][T27944] usb 6-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 569.068594][T27944] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 569.088127][T27944] usb 6-1: Product: syz [ 569.092892][T27944] usb 6-1: Manufacturer: syz [ 569.097525][T27944] usb 6-1: SerialNumber: syz [ 569.105477][ T4281] usb 5-1: selecting invalid altsetting 0 [ 569.149871][ T4281] usb 5-1: USB disconnect, device number 32 [ 569.156796][T27944] usb 6-1: config 0 descriptor?? [ 569.198464][ T4841] udevd[4841]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.8/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 569.210757][T27944] hub 6-1:0.0: bad descriptor, ignoring hub [ 569.230895][T27944] hub: probe of 6-1:0.0 failed with error -5 [ 569.242588][T27944] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input47 [ 569.259331][T32046] loop1: detected capacity change from 0 to 32768 [ 569.285060][T27944] usbtouchscreen 6-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -8 [ 569.320352][T32046] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop1 scanned by syz.1.9502 (32046) [ 569.343813][T27944] usbtouchscreen: probe of 6-1:0.0 failed with error -8 [ 569.364206][ T5608] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 569.392371][ T5608] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 569.407766][ T5608] usb 1-1: Product: syz [ 569.415942][ T5608] usb 1-1: Manufacturer: syz [ 569.424081][ T5608] usb 1-1: SerialNumber: syz [ 569.444699][ T5608] usb 1-1: config 0 descriptor?? [ 569.473127][T32046] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 569.494553][ T5608] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 041 [ 569.499941][T32046] BTRFS info (device loop1): enabling ssd optimizations [ 569.518689][T32046] BTRFS info (device loop1): not using ssd optimizations [ 569.528950][T32046] BTRFS info (device loop1): turning off barriers [ 569.538334][T32046] BTRFS info (device loop1): using free space tree [ 569.547900][T32046] BTRFS info (device loop1): has skinny extents [ 569.621350][ T5863] usb 6-1: USB disconnect, device number 26 [ 569.810012][T32057] loop6: detected capacity change from 0 to 40427 [ 569.919344][T32057] F2FS-fs (loop6): build fault injection attr: rate: 4, type: 0x1ffff [ 569.929928][ T5608] (null): failure reading functionality [ 569.936313][T32057] F2FS-fs (loop6): build fault injection attr: rate: 0, type: 0x4 [ 569.964967][ T5608] i2c i2c-1: failure reading functionality [ 569.993851][T32057] F2FS-fs (loop6): invalid crc value [ 570.022740][ T5608] i2c i2c-1: connected i2c-tiny-usb device [ 570.035410][T32057] F2FS-fs (loop6) : inject page alloc in f2fs_grab_cache_page of __get_meta_page+0x14e/0x440 [ 570.061704][ T5608] usb 1-1: USB disconnect, device number 41 [ 570.108581][T32057] F2FS-fs (loop6) : inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x3e6/0xa30 [ 570.153238][T32057] F2FS-fs (loop6): Found nat_bits in checkpoint [ 570.290856][T32057] F2FS-fs (loop6) : inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x3e6/0xa30 [ 570.346730][T32057] F2FS-fs (loop6) : inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x3e6/0xa30 [ 570.400997][T32057] F2FS-fs (loop6) : inject page alloc in f2fs_grab_cache_page of __get_meta_page+0x14e/0x440 [ 570.553101][T32057] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 570.622326][T32057] F2FS-fs (loop6) : inject page alloc in f2fs_grab_cache_page of f2fs_get_read_data_page+0xd6/0x560 [ 570.671606][T32150] bridge4: the hash_elasticity option has been deprecated and is always 16 [ 570.842829][T32164] loop0: detected capacity change from 0 to 128 [ 571.073495][ C0] vkms_vblank_simulate: vblank timer overrun [ 571.086863][T32168] loop5: detected capacity change from 0 to 4096 [ 571.216957][T14544] F2FS-fs (loop6) : inject page alloc in f2fs_grab_cache_page of f2fs_grab_meta_page+0x66/0x1b0 [ 571.253209][T32181] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 571.516933][T32198] loop1: detected capacity change from 0 to 1024 [ 571.626309][T32199] loop5: detected capacity change from 0 to 4096 [ 571.639227][T32198] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 571.656350][T32209] netlink: 'syz.4.9527': attribute type 1 has an invalid length. [ 571.776250][T32199] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 572.575939][T32191] loop0: detected capacity change from 0 to 32768 [ 572.610527][T32260] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 572.702746][T32191] add_index: next_index = 0. Resetting! [ 572.731332][T32191] find_entry called with index >= next_index [ 572.737376][T32191] find_entry called with index >= next_index [ 572.785187][T32273] netlink: 5 bytes leftover after parsing attributes in process `syz.4.9547'. [ 572.822426][T32273] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 573.309301][T32317] ip6t_srh: unknown srh invflags 7F00 [ 573.334162][ T5863] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 573.528226][T32327] netlink: 188 bytes leftover after parsing attributes in process `syz.5.9566'. [ 573.740385][ T5863] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 573.748701][ T5863] usb 2-1: config 220 has an invalid descriptor of length 95, skipping remainder of the config [ 573.771001][T32349] netlink: 20 bytes leftover after parsing attributes in process `syz.6.9574'. [ 573.824679][ T5863] usb 2-1: config 220 has no interface number 2 [ 573.860131][ T5863] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 573.940115][ T5863] usb 2-1: config 220 interface 0 has no altsetting 0 [ 573.947737][T32358] loop5: detected capacity change from 0 to 8 [ 573.977569][ T5863] usb 2-1: config 220 interface 76 has no altsetting 0 [ 574.005674][ T5863] usb 2-1: config 220 interface 1 has no altsetting 0 [ 574.043928][T32358] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 574.084812][ T4841] udevd[4841]: incorrect cramfs checksum on /dev/loop5 [ 574.148092][T32358] cramfs: Error -3 while decompressing! [ 574.169495][T32358] cramfs: ffffffff961ec0a8(26)->ffff8880558a0000(4096) [ 574.192397][ T5863] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 574.206966][ T4841] udevd[4841]: incorrect cramfs checksum on /dev/loop5 [ 574.224632][T32358] cramfs: Error -3 while decompressing! [ 574.232341][ T5863] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 574.244258][T32375] xt_hashlimit: invalid interval [ 574.261070][T32358] cramfs: ffffffff961ec0c2(26)->ffff88805b057000(4096) [ 574.279416][ T5863] usb 2-1: Product: syz [ 574.298638][ T5863] usb 2-1: Manufacturer: syz [ 574.313926][T32358] cramfs: Error -3 while decompressing! [ 574.334961][ T5863] usb 2-1: SerialNumber: syz [ 574.340370][T32358] cramfs: ffffffff961ec0a8(26)->ffff8880558a0000(4096) [ 574.380773][ T26] audit: type=1800 audit(1760739107.619:28): pid=32358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.9576" name="file2" dev="loop5" ino=348 res=0 errno=0 [ 574.760383][ T5863] usb 2-1: selecting invalid altsetting 0 [ 574.766864][ T5863] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 574.787030][ T5863] usb 2-1: No valid video chain found. [ 574.824699][T32412] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9592'. [ 574.866668][ T5863] usb 2-1: selecting invalid altsetting 0 [ 574.880392][ T5863] usbtest: probe of 2-1:220.1 failed with error -22 [ 574.929520][ T5863] usb 2-1: USB disconnect, device number 47 [ 574.970367][T32424] sctp: [Deprecated]: syz.6.9597 (pid 32424) Use of int in maxseg socket option. [ 574.970367][T32424] Use struct sctp_assoc_value instead [ 575.117741][T32443] netlink: 72 bytes leftover after parsing attributes in process `syz.5.9601'. [ 575.160037][T32443] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 576.042400][ T5863] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 576.150658][T32554] loop0: detected capacity change from 0 to 256 [ 576.174074][T32559] netlink: 20 bytes leftover after parsing attributes in process `syz.5.9640'. [ 576.226365][T32554] FAT-fs (loop0): Directory bread(block 64) failed [ 576.255418][T32564] loop6: detected capacity change from 0 to 64 [ 576.255952][T32554] FAT-fs (loop0): Directory bread(block 65) failed [ 576.290558][T32554] FAT-fs (loop0): Directory bread(block 66) failed [ 576.297174][T32554] FAT-fs (loop0): Directory bread(block 67) failed [ 576.320496][T32554] FAT-fs (loop0): Directory bread(block 68) failed [ 576.337688][T32554] FAT-fs (loop0): Directory bread(block 69) failed [ 576.358052][T32554] FAT-fs (loop0): Directory bread(block 70) failed [ 576.365129][T32554] FAT-fs (loop0): Directory bread(block 71) failed [ 576.379974][T32554] FAT-fs (loop0): Directory bread(block 72) failed [ 576.400789][T32554] FAT-fs (loop0): Directory bread(block 73) failed [ 576.560361][ T5863] usb 2-1: Using ep0 maxpacket: 32 [ 576.713716][T32576] xt_CT: No such helper "syz0" [ 576.735106][ T5863] usb 2-1: config 4 has an invalid interface number: 8 but max is 0 [ 576.748714][ T5863] usb 2-1: config 4 has no interface number 0 [ 576.768627][ T5863] usb 2-1: config 4 interface 8 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 576.815996][ T5863] usb 2-1: config 4 interface 8 altsetting 1 bulk endpoint 0x8A has invalid maxpacket 0 [ 576.827777][T32596] loop5: detected capacity change from 0 to 256 [ 576.839952][ T5863] usb 2-1: config 4 interface 8 has no altsetting 0 [ 576.958958][T32596] FAT-fs (loop5): Directory bread(block 64) failed [ 576.993125][T32604] loop6: detected capacity change from 0 to 64 [ 576.999986][T32596] FAT-fs (loop5): Directory bread(block 65) failed [ 577.006766][T17938] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 577.015050][ T5863] usb 2-1: New USB device found, idVendor=065a, idProduct=0009, bcdDevice=60.65 [ 577.027415][T32596] FAT-fs (loop5): Directory bread(block 66) failed [ 577.042269][ T5863] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 577.075189][T32596] FAT-fs (loop5): Directory bread(block 67) failed [ 577.084884][ T5863] usb 2-1: Product: syz [ 577.089375][ T5863] usb 2-1: Manufacturer: syz [ 577.107150][ T5863] usb 2-1: SerialNumber: syz [ 577.133986][T32596] FAT-fs (loop5): Directory bread(block 68) failed [ 577.186410][T32596] FAT-fs (loop5): Directory bread(block 69) failed [ 577.212997][T32596] FAT-fs (loop5): Directory bread(block 70) failed [ 577.249929][T32596] FAT-fs (loop5): Directory bread(block 71) failed [ 577.287629][T32596] FAT-fs (loop5): Directory bread(block 72) failed [ 577.300066][T17938] usb 5-1: Using ep0 maxpacket: 8 [ 577.318764][T32596] FAT-fs (loop5): Directory bread(block 73) failed [ 577.440747][T17938] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 577.460114][T17938] usb 5-1: config 179 has no interface number 0 [ 577.481101][ T5863] opticon 2-1:4.8: opticon converter detected [ 577.502122][T17938] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 577.522393][ T5863] usb 2-1: opticon converter now attached to ttyUSB0 [ 577.548774][T32613] loop6: detected capacity change from 0 to 2048 [ 577.562811][T17938] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 577.574354][T32618] loop0: detected capacity change from 0 to 256 [ 577.581385][ T5863] usb 2-1: USB disconnect, device number 48 [ 577.619369][ T5863] opticon ttyUSB0: opticon converter now disconnected from ttyUSB0 [ 577.638105][T17938] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 577.661485][ T5863] opticon 2-1:4.8: device disconnected [ 577.674525][T17938] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 577.729764][T17938] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 577.744407][T32613] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found [ 577.780141][T17938] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 577.794649][T32613] UDF-fs: Scanning with blocksize 512 failed [ 577.820088][T17938] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.863608][T32613] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 577.900258][T32579] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 578.017737][T32639] loop0: detected capacity change from 0 to 2048 [ 578.133992][T32639] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 578.232314][T32654] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9659'. [ 578.424294][T32666] netlink: 32 bytes leftover after parsing attributes in process `syz.5.9663'. [ 578.443369][T24445] usb 5-1: USB disconnect, device number 33 [ 578.449897][ C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 578.458238][ C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 578.468247][ C1] ================================================================== [ 578.477208][ C1] BUG: KASAN: use-after-free in do_raw_spin_lock+0x235/0x280 [ 578.484639][ C1] Read of size 4 at addr ffff88805edb305c by task udevd/4841 [ 578.492043][ C1] [ 578.494388][ C1] CPU: 1 PID: 4841 Comm: udevd Not tainted syzkaller #0 [ 578.501357][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 578.511456][ C1] Call Trace: [ 578.514763][ C1] [ 578.517638][ C1] dump_stack_lvl+0x168/0x230 [ 578.522371][ C1] ? show_regs_print_info+0x20/0x20 [ 578.527645][ C1] ? load_image+0x3b0/0x3b0 [ 578.532202][ C1] ? _raw_spin_lock_irqsave+0xb0/0xf0 [ 578.537626][ C1] ? _dev_info+0x150/0x150 [ 578.542092][ C1] print_address_description+0x60/0x2d0 [ 578.547785][ C1] ? do_raw_spin_lock+0x235/0x280 [ 578.552863][ C1] kasan_report+0xdf/0x130 [ 578.557437][ C1] ? do_raw_spin_lock+0x235/0x280 [ 578.562621][ C1] do_raw_spin_lock+0x235/0x280 [ 578.567522][ C1] ? read_lock_is_recursive+0x10/0x10 [ 578.572950][ C1] ? __rwlock_init+0x140/0x140 [ 578.577768][ C1] _raw_spin_lock_irqsave+0xb0/0xf0 [ 578.583016][ C1] ? _raw_spin_lock+0x40/0x40 [ 578.583696][T32681] loop0: detected capacity change from 0 to 1024 [ 578.587738][ C1] ? kcov_remote_stop+0x3c9/0x4c0 [ 578.599200][ C1] __wake_up+0xed/0x180 [ 578.603441][ C1] ? remove_wait_queue+0x120/0x120 [ 578.608617][ C1] ? _raw_spin_unlock+0x24/0x40 [ 578.613531][ C1] __usb_hcd_giveback_urb+0x396/0x520 [ 578.618964][ C1] dummy_timer+0x827/0x2e10 [ 578.623644][ C1] ? verify_lock_unused+0x140/0x140 [ 578.629091][ C1] ? dummy_free_streams+0x530/0x530 [ 578.634355][ C1] ? dummy_free_streams+0x530/0x530 [ 578.639601][ C1] call_timer_fn+0x16c/0x530 [ 578.644246][ C1] ? dummy_free_streams+0x530/0x530 [ 578.649492][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 578.655548][ C1] ? __run_timers+0x7c0/0x7c0 [ 578.660276][ C1] ? rcu_is_watching+0x11/0xa0 [ 578.665080][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 578.670324][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 578.675574][ C1] ? dummy_free_streams+0x530/0x530 [ 578.680829][ C1] __run_timers+0x525/0x7c0 [ 578.685399][ C1] ? detach_timer+0x2b0/0x2b0 [ 578.690133][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 578.696173][ C1] ? sched_clock_cpu+0x15/0x3c0 [ 578.701069][ C1] ? ktime_get_real_ts64+0x420/0x420 [ 578.706402][ C1] run_timer_softirq+0x63/0xf0 [ 578.711245][ C1] handle_softirqs+0x328/0x820 [ 578.716062][ C1] ? __irq_exit_rcu+0x12f/0x220 [ 578.720965][ C1] ? do_softirq+0x200/0x200 [ 578.725520][ C1] __irq_exit_rcu+0x12f/0x220 [ 578.730251][ C1] ? irq_exit_rcu+0x20/0x20 [ 578.734812][ C1] irq_exit_rcu+0x5/0x20 [ 578.739096][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 578.744807][ C1] [ 578.747775][ C1] [ 578.750754][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 578.756791][ C1] RIP: 0010:do_mprotect_pkey+0x689/0x910 [ 578.762480][ C1] Code: c2 c8 ff 85 ed 0f 85 ee 00 00 00 4c 8b 6c 24 40 49 8d 5d 08 48 89 d8 48 c1 e8 03 49 be 00 00 00 00 00 fc ff df 42 80 3c 30 00 <74> 08 48 89 df e8 dd 26 0d 00 4c 8b 3b 4d 39 fc 4d 0f 47 fc 4c 89 [ 578.782128][ C1] RSP: 0018:ffffc90003ddfe70 EFLAGS: 00000246 [ 578.788238][ C1] RAX: 1ffff1100a523022 RBX: ffff888052918110 RCX: ffff88805e7e8000 [ 578.796256][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 578.804294][ C1] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffffbfff1ad33c4 [ 578.812309][ C1] R10: fffffbfff1ad33c4 R11: 1ffffffff1ad33c3 R12: 00007fa0448e9000 [ 578.820332][ C1] R13: ffff888052918108 R14: dffffc0000000000 R15: 00007fa0448e9000 [ 578.828379][ C1] __x64_sys_mprotect+0x7c/0x90 [ 578.833297][ C1] do_syscall_64+0x4c/0xa0 [ 578.837944][ C1] ? clear_bhb_loop+0x30/0x80 [ 578.842756][ C1] ? clear_bhb_loop+0x30/0x80 [ 578.847490][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 578.853434][ C1] RIP: 0033:0x7fa0453bcfe7 [ 578.857981][ C1] Code: ef e8 3d fa ff ff 84 c0 75 b9 31 db 48 83 c4 08 48 89 d8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 2d 0d 00 f7 d8 64 89 01 48 [ 578.878002][ C1] RSP: 002b:00007ffd443720b8 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 578.886460][ C1] RAX: ffffffffffffffda RBX: 0000000000000200 RCX: 00007fa0453bcfe7 [ 578.894588][ C1] RDX: 0000000000000001 RSI: 0000000000000200 RDI: 00007fa0448e8000 [ 578.902857][ C1] RBP: 00005599ac7ccba0 R08: 0000000000000000 R09: 0000000000000200 [ 578.910875][ C1] R10: 00005599ac7ccc00 R11: 0000000000000246 R12: 0000000000000000 [ 578.918891][ C1] R13: 0000000000080000 R14: 00005599ac7e1d98 R15: 00007fa045a9c39c [ 578.927096][ C1] [ 578.930148][ C1] [ 578.932493][ C1] Allocated by task 17938: [ 578.936933][ C1] __kasan_kmalloc+0xb5/0xf0 [ 578.941573][ C1] xpad_probe+0x3f6/0x1b20 [ 578.946030][ C1] usb_probe_interface+0x5a0/0xaf0 [ 578.951186][ C1] really_probe+0x284/0xc80 [ 578.955733][ C1] __driver_probe_device+0x18c/0x330 [ 578.961082][ C1] driver_probe_device+0x4f/0x420 [ 578.966152][ C1] __device_attach_driver+0x2b0/0x500 [ 578.971563][ C1] bus_for_each_drv+0x175/0x200 [ 578.976470][ C1] __device_attach+0x29b/0x460 [ 578.981281][ C1] bus_probe_device+0xbc/0x1e0 [ 578.986085][ C1] device_add+0xa00/0xfb0 [ 578.990466][ C1] usb_set_configuration+0x1991/0x1fd0 [ 578.995972][ C1] usb_generic_driver_probe+0x89/0x150 [ 579.001474][ C1] usb_probe_device+0x139/0x270 [ 579.006411][ C1] really_probe+0x284/0xc80 [ 579.010966][ C1] __driver_probe_device+0x18c/0x330 [ 579.016328][ C1] driver_probe_device+0x4f/0x420 [ 579.021397][ C1] __device_attach_driver+0x2b0/0x500 [ 579.026813][ C1] bus_for_each_drv+0x175/0x200 [ 579.031706][ C1] __device_attach+0x29b/0x460 [ 579.036511][ C1] bus_probe_device+0xbc/0x1e0 [ 579.041315][ C1] device_add+0xa00/0xfb0 [ 579.045810][ C1] usb_new_device+0xd53/0x1640 [ 579.050632][ C1] hub_event+0x2dd9/0x5560 [ 579.055136][ C1] process_one_work+0x863/0x1000 [ 579.060384][ C1] worker_thread+0xaa8/0x12a0 [ 579.065105][ C1] kthread+0x436/0x520 [ 579.069211][ C1] ret_from_fork+0x1f/0x30 [ 579.073664][ C1] [ 579.076009][ C1] Freed by task 24445: [ 579.080103][ C1] kasan_set_track+0x4b/0x70 [ 579.084733][ C1] kasan_set_free_info+0x1f/0x40 [ 579.089718][ C1] ____kasan_slab_free+0xd5/0x110 [ 579.094864][ C1] slab_free_freelist_hook+0xea/0x170 [ 579.100271][ C1] kfree+0xef/0x2a0 [ 579.104113][ C1] xpad_disconnect+0x34c/0x470 [ 579.108925][ C1] usb_unbind_interface+0x1ee/0x860 [ 579.114250][ C1] device_release_driver_internal+0x4b4/0x750 [ 579.120359][ C1] bus_remove_device+0x2e2/0x400 [ 579.125338][ C1] device_del+0x628/0xa70 [ 579.129706][ C1] usb_disable_device+0x3e2/0x890 [ 579.134880][ C1] usb_disconnect+0x348/0x8a0 [ 579.139611][ C1] hub_event+0x1e9f/0x5560 [ 579.144066][ C1] process_one_work+0x863/0x1000 [ 579.149054][ C1] worker_thread+0xaa8/0x12a0 [ 579.153788][ C1] kthread+0x436/0x520 [ 579.157900][ C1] ret_from_fork+0x1f/0x30 [ 579.162366][ C1] [ 579.163597][T32703] dlm: dev_write: no op 0 0 [ 579.164816][ C1] Last potentially related work creation: [ 579.164830][ C1] kasan_save_stack+0x35/0x60 [ 579.180527][ C1] kasan_record_aux_stack+0xb8/0x100 [ 579.185964][ C1] kvfree_call_rcu+0x10a/0x7c0 [ 579.190852][ C1] neigh_periodic_work+0x407/0xc70 [ 579.196003][ C1] process_one_work+0x863/0x1000 [ 579.201263][ C1] worker_thread+0xaa8/0x12a0 [ 579.205981][ C1] kthread+0x436/0x520 [ 579.210089][ C1] ret_from_fork+0x1f/0x30 [ 579.214547][ C1] [ 579.216893][ C1] The buggy address belongs to the object at ffff88805edb3000 [ 579.216893][ C1] which belongs to the cache kmalloc-1k of size 1024 [ 579.230974][ C1] The buggy address is located 92 bytes inside of [ 579.230974][ C1] 1024-byte region [ffff88805edb3000, ffff88805edb3400) [ 579.244370][ C1] The buggy address belongs to the page: [ 579.250126][ C1] page:ffffea00017b6c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5edb0 [ 579.260392][ C1] head:ffffea00017b6c00 order:3 compound_mapcount:0 compound_pincount:0 [ 579.268830][ C1] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 579.276833][ C1] raw: 00fff00000010200 0000000000000000 0000000500000001 ffff888016841dc0 [ 579.285435][ C1] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 579.294024][ C1] page dumped because: kasan: bad access detected [ 579.300458][ C1] page_owner tracks the page as allocated [ 579.306424][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4172, ts 71547864203, free_ts 22475229593 [ 579.326990][ C1] get_page_from_freelist+0x1b77/0x1c60 [ 579.332563][ C1] __alloc_pages+0x1e1/0x470 [ 579.337174][ C1] new_slab+0xc0/0x4b0 [ 579.341258][ C1] ___slab_alloc+0x81e/0xdf0 [ 579.345877][ C1] __kmalloc_node_track_caller+0x1fc/0x3a0 [ 579.351795][ C1] __alloc_skb+0x22c/0x750 [ 579.356227][ C1] sk_stream_alloc_skb+0x1fa/0xa60 [ 579.361472][ C1] tcp_sendmsg_locked+0xc3e/0x3590 [ 579.366626][ C1] tcp_sendmsg+0x2b/0x40 [ 579.370887][ C1] sock_write_iter+0x29c/0x380 [ 579.375687][ C1] vfs_write+0x712/0xd00 [ 579.379964][ C1] ksys_write+0x14d/0x250 [ 579.384332][ C1] do_syscall_64+0x4c/0xa0 [ 579.388879][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 579.394788][ C1] page last free stack trace: [ 579.399467][ C1] free_unref_page_prepare+0x637/0x6c0 [ 579.404949][ C1] free_unref_page+0x94/0x280 [ 579.409835][ C1] free_contig_range+0x96/0xf0 [ 579.415075][ C1] destroy_args+0x100/0xa20 [ 579.419588][ C1] debug_vm_pgtable+0x318/0x370 [ 579.424541][ C1] do_one_initcall+0x1ee/0x680 [ 579.429420][ C1] do_initcall_level+0x137/0x1f0 [ 579.434375][ C1] do_initcalls+0x4b/0x90 [ 579.438717][ C1] kernel_init_freeable+0x3ce/0x560 [ 579.443923][ C1] kernel_init+0x19/0x1b0 [ 579.448262][ C1] ret_from_fork+0x1f/0x30 [ 579.452687][ C1] [ 579.455015][ C1] Memory state around the buggy address: [ 579.460657][ C1] ffff88805edb2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 579.468862][ C1] ffff88805edb2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 579.476934][ C1] >ffff88805edb3000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 579.484999][ C1] ^ [ 579.491943][ C1] ffff88805edb3080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 579.500021][ C1] ffff88805edb3100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 579.508133][ C1] ================================================================== [ 579.516212][ C1] Disabling lock debugging due to kernel taint [ 579.522407][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 579.529617][ C1] CPU: 1 PID: 4841 Comm: udevd Tainted: G B syzkaller #0 [ 579.537956][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 579.548028][ C1] Call Trace: [ 579.551330][ C1] [ 579.554189][ C1] dump_stack_lvl+0x168/0x230 [ 579.558875][ C1] ? show_regs_print_info+0x20/0x20 [ 579.564081][ C1] ? load_image+0x3b0/0x3b0 [ 579.568598][ C1] panic+0x2c9/0x7f0 [ 579.572499][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 579.577008][ C1] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 579.582912][ C1] ? _raw_spin_unlock+0x40/0x40 [ 579.587769][ C1] ? do_raw_spin_lock+0x235/0x280 [ 579.592799][ C1] check_panic_on_warn+0x80/0xa0 [ 579.597756][ C1] ? do_raw_spin_lock+0x235/0x280 [ 579.602788][ C1] end_report+0x6d/0xf0 [ 579.606951][ C1] kasan_report+0x102/0x130 [ 579.611549][ C1] ? do_raw_spin_lock+0x235/0x280 [ 579.616580][ C1] do_raw_spin_lock+0x235/0x280 [ 579.621545][ C1] ? read_lock_is_recursive+0x10/0x10 [ 579.626973][ C1] ? __rwlock_init+0x140/0x140 [ 579.631760][ C1] _raw_spin_lock_irqsave+0xb0/0xf0 [ 579.637001][ C1] ? _raw_spin_lock+0x40/0x40 [ 579.641686][ C1] ? kcov_remote_stop+0x3c9/0x4c0 [ 579.646725][ C1] __wake_up+0xed/0x180 [ 579.650889][ C1] ? remove_wait_queue+0x120/0x120 [ 579.656027][ C1] ? _raw_spin_unlock+0x24/0x40 [ 579.660901][ C1] __usb_hcd_giveback_urb+0x396/0x520 [ 579.666317][ C1] dummy_timer+0x827/0x2e10 [ 579.670843][ C1] ? verify_lock_unused+0x140/0x140 [ 579.676089][ C1] ? dummy_free_streams+0x530/0x530 [ 579.681340][ C1] ? dummy_free_streams+0x530/0x530 [ 579.686563][ C1] call_timer_fn+0x16c/0x530 [ 579.691165][ C1] ? dummy_free_streams+0x530/0x530 [ 579.696465][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 579.702460][ C1] ? __run_timers+0x7c0/0x7c0 [ 579.707149][ C1] ? rcu_is_watching+0x11/0xa0 [ 579.711918][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 579.717127][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 579.722332][ C1] ? dummy_free_streams+0x530/0x530 [ 579.727547][ C1] __run_timers+0x525/0x7c0 [ 579.732067][ C1] ? detach_timer+0x2b0/0x2b0 [ 579.736747][ C1] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 579.742740][ C1] ? sched_clock_cpu+0x15/0x3c0 [ 579.747595][ C1] ? ktime_get_real_ts64+0x420/0x420 [ 579.752888][ C1] run_timer_softirq+0x63/0xf0 [ 579.757661][ C1] handle_softirqs+0x328/0x820 [ 579.762451][ C1] ? __irq_exit_rcu+0x12f/0x220 [ 579.767334][ C1] ? do_softirq+0x200/0x200 [ 579.771944][ C1] __irq_exit_rcu+0x12f/0x220 [ 579.776621][ C1] ? irq_exit_rcu+0x20/0x20 [ 579.781234][ C1] irq_exit_rcu+0x5/0x20 [ 579.785543][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 579.791191][ C1] [ 579.794128][ C1] [ 579.797059][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 579.803252][ C1] RIP: 0010:do_mprotect_pkey+0x689/0x910 [ 579.808903][ C1] Code: c2 c8 ff 85 ed 0f 85 ee 00 00 00 4c 8b 6c 24 40 49 8d 5d 08 48 89 d8 48 c1 e8 03 49 be 00 00 00 00 00 fc ff df 42 80 3c 30 00 <74> 08 48 89 df e8 dd 26 0d 00 4c 8b 3b 4d 39 fc 4d 0f 47 fc 4c 89 [ 579.828518][ C1] RSP: 0018:ffffc90003ddfe70 EFLAGS: 00000246 [ 579.834683][ C1] RAX: 1ffff1100a523022 RBX: ffff888052918110 RCX: ffff88805e7e8000 [ 579.842684][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 579.850679][ C1] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffffbfff1ad33c4 [ 579.858656][ C1] R10: fffffbfff1ad33c4 R11: 1ffffffff1ad33c3 R12: 00007fa0448e9000 [ 579.866722][ C1] R13: ffff888052918108 R14: dffffc0000000000 R15: 00007fa0448e9000 [ 579.874756][ C1] __x64_sys_mprotect+0x7c/0x90 [ 579.879714][ C1] do_syscall_64+0x4c/0xa0 [ 579.884148][ C1] ? clear_bhb_loop+0x30/0x80 [ 579.888838][ C1] ? clear_bhb_loop+0x30/0x80 [ 579.893520][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 579.899508][ C1] RIP: 0033:0x7fa0453bcfe7 [ 579.903927][ C1] Code: ef e8 3d fa ff ff 84 c0 75 b9 31 db 48 83 c4 08 48 89 d8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 2d 0d 00 f7 d8 64 89 01 48 [ 579.923557][ C1] RSP: 002b:00007ffd443720b8 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 579.932936][ C1] RAX: ffffffffffffffda RBX: 0000000000000200 RCX: 00007fa0453bcfe7 [ 579.940916][ C1] RDX: 0000000000000001 RSI: 0000000000000200 RDI: 00007fa0448e8000 [ 579.948912][ C1] RBP: 00005599ac7ccba0 R08: 0000000000000000 R09: 0000000000000200 [ 579.956893][ C1] R10: 00005599ac7ccc00 R11: 0000000000000246 R12: 0000000000000000 [ 579.964897][ C1] R13: 0000000000080000 R14: 00005599ac7e1d98 R15: 00007fa045a9c39c [ 579.972902][ C1] [ 579.976157][ C1] Kernel Offset: disabled [ 579.980515][ C1] Rebooting in 86400 seconds..